Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Synnovis ransomware attack updates: Expert Commentary

June 2024 by Dmitry Sotnikov, Chief Product Officer at Cayosoft

Significant updates about the attack on Synnovis came to light this week. The Qilin cybercrime group confirmed it was behind the attack and had reportedly leveraged a zero-day vulnerability to gain a foothold in Synnovis’ network, demanding a $50 million ransom after the attack was executed in full. The continued fallout causing significant disruptions to Synnovis-supplied hospitals in the UK has rolled past the second week.
In his commentary, Dmitry Sotnikov, Chief Product Officer at Cayosoft, offers insight into the most likely cybersecurity scenario taking place behind the scenes and offers proactive actions healthcare providers should consider to avoid finding themselves in a similar, catastrophic position.

"Qilin’s ransomware attack on Synnovis and their demand of $50 million contributes to an ethical downward spiral among cybercrime groups that condone trading lives for profit. Ransomware attacks targeting healthcare providers worldwide nearly doubled last year – 389 in 2023, up from 214 worldwide in 2022.

Synnovis claims that Qilin gained access to its systems via a zero-day vulnerability. Unfortunately, the use of outdated systems, which was likely the case for the affected hospitals run by Guy’s and St Thomas’ NHS Foundation Trust hospitals, likewise increased the chances of the attackers getting into their networks. Outdated cyber defense capabilities are very common in healthcare, where IT budgets are tight.

After initial network entry, Qilin typically uses a company’s Active Directory (the main enterprise identity and access store) to elevate its privileges to spread laterally and find the target’s critical systems. Once identified, data can be stolen, and those systems are encrypted to take them offline. From the outside, this is the most likely scenario suffered by the affected London hospitals.
The good news is healthcare providers can take preemptive steps to avoid a similar fate:
• Reduce the risk of initial entry: Update systems to the latest patch level, implement multi-factor authentication and phishing protection; and give staff basic security training
• Improve attack response: Remove standing privileges in Active Directory and other systems, implement threat detection, monitoring, and response, and deploy resiliency systems and plans for Active Directory
These proactive measures will dramatically improve a healthcare provider’s ability to defend and respond to ransomware attacks.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts