Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks

VMware fixes critical code execution flaw in vCenter Server

VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. […]   Read More 

BleepingComputer 

Hackers Infiltrated 9-days Within UnitedHealth Network Before Ransomware Attack

[[{“value”:”

Andrew Witty, CEO of UnitedHealth Group, detailed a sophisticated ransomware attack on Change Healthcare, a key component of the UnitedHealth network.

The cybercriminals, identifying themselves as ALPHV or BlackCat, infiltrated Change Healthcare’s information technology environments, marking a significant cybersecurity breach within the healthcare sector.

The cyberattack, which unfolded on the morning of February 21, 2024, was the culmination of a 9-day silent infiltration by the hackers within the UnitedHealth network.

This period allowed the attackers to navigate the network’s defenses undetected, laying the groundwork for the ransomware deployment.

The attack encrypted Change Healthcare’s systems, rendering them inaccessible and severely disrupting operations.

Upon discovery, UnitedHealth Group took immediate action to sever connectivity with Change Healthcare’s data centers, a decisive move aimed at halting the spread of the malware.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Try ANY.RUN for FREE

This swift response was crucial in containing the attack and preventing malware from spreading beyond Change Healthcare to the broader health system, including Optum, UnitedHealthcare, or UnitedHealth Group.

Witty emphasized that there has never been any evidence of the malware spreading beyond Change Healthcare, underscoring the effectiveness of their containment efforts.

Impact on UnitedHealth Network

While contained within Change Healthcare, the ransomware attack profoundly impacted UnitedHealth Group’s operations.

Although disruptive, shutting down many Change environments was deemed essential to secure the network’s perimeter and safeguard against further infiltration.

The attackers, operating under the alias ALPHV or BlackCat, utilized sophisticated techniques to execute the ransomware attack.

Their ability to remain undetected within the network for an extended period highlights the advanced nature of their methods and the challenges in preempting such cybersecurity threats.

The specifics of the ransomware, including the encryption methods and cybercriminals’ demands, were not disclosed during the testimony.

In the aftermath of the attack, UnitedHealth Group has been in regular contact with the FBI, collaborating on the investigation to trace the breach’s origins and enhance cybersecurity protocols.

As cybercriminals continue to target the healthcare industry, the need for vigilant, sophisticated cybersecurity measures has never been more apparent.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

The post Hackers Infiltrated 9-days Within UnitedHealth Network Before Ransomware Attack appeared first on Cyber Security News.

“}]]   Read More 

Cyber Security News 

Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack

A pro-Ukraine hacktivist group named ‘Blackjack’ has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. […]   Read More 

BleepingComputer