Global Cyber Pulse: 23 December, 2024

December 23, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

A surge in cyber incidents highlights vulnerabilities across sectors. Ascension, a leading U.S. healthcare network, revealed a ransomware breach by Black Basta, impacting 5.6 million individuals and prompting identity protection measures. In Ukraine, Russian hackers launched a significant cyberattack on state registers, disrupting critical infrastructure and data access, with restoration expected in two weeks. Meanwhile, North Korea’s Lazarus Group targeted nuclear engineers with advanced malware, further intensifying cybersecurity concerns.

Globally, OpenAI faced a €15M fine from Italy over data protection failures in ChatGPT, spotlighting AI accountability. Simultaneously, Dragos reported 23 ransomware groups targeting industrial sectors, emphasizing the rising threats to critical operations.

Ascension Data Breach: 5.6 Million Affected in Ransomware Attack

Ascension, one of the largest U.S. private healthcare systems, has notified nearly 5.6 million patients and employees about a data breach resulting from a May cyberattack by the Black Basta ransomware group.

Operating 140 hospitals and 40 senior care facilities, the network reported $28.3 billion in 2023 revenue. Ascension is mailing breach notifications to 5,599,699 individuals, offering 24 months of free IDX identity theft protection services, including CyberScan monitoring and $1M insurance coverage.

The breach, discovered on May 8, prompted an investigation involving cybersecurity experts. Ascension notified law enforcement, including CISA and the FBI, and confirmed attackers accessed files containing sensitive patient and employee data on May 7-8.

Ukraine Registers Hit by Massive Russian Cyberattack

Ukrainian officials have reported a significant cyberattack targeting state registers, suspected to be carried out by Russian hackers. The compromised systems house critical data, including biometric records, property ownership, legal decisions, and tax information.

Following the attack, access to over 60 state databases was suspended for security reasons. Restoration efforts, focused on critical registers, are expected to take two weeks, according to Deputy Prime Minister Olga Stefanishyna.

“This attack aimed to disrupt critical infrastructure and spread panic,” Stefanishyna stated, highlighting Russia’s ongoing attempts to destabilize Ukraine.

Lazarus Group Targets Nuclear Engineers with Advanced Malware

North Korea’s Lazarus Group has been observed deploying a sophisticated malware, CookiePlus, as part of its cyber espionage campaign targeting nuclear engineers. The attacks, tracked as Operation Dream Job and NukeSped, occurred in January 2024.

This campaign, active since at least 2020, entices targets with fake job opportunities, eventually installing malware on their systems. Cybersecurity firm Kaspersky identified methods such as trojanized documents and tailored job descriptions as part of Lazarus’s arsenal, aimed at compromising supply chains in sectors like defense, aerospace, and cryptocurrency.

Italy Fines OpenAI €15M Over ChatGPT Data Breach

The Italian Data Protection Authority has imposed a €15M fine on OpenAI for data protection violations related to its ChatGPT chatbot. OpenAI must also launch a six-month public awareness campaign on its data collection practices.

The breach, reported in March 2023, led to an investigation revealing a lack of legal basis for data processing, inadequate transparency, and missing age verification mechanisms, potentially exposing children under 13 to harmful content.

The fine reflects OpenAI’s cooperative stance during the investigation, said the Italian watchdog.

Dragos Report: 23 Ransomware Groups Target Industrial Sectors

Cybersecurity firm Dragos has identified 23 ransomware groups impacting industrial organizations in Q3 2024, with some groups rebranding or employing novel techniques to avoid detection.

High-profile incidents include CDK’s $25M ransom payment to BlackSuit after dealership disruptions and Halliburton’s $35M loss following a RansomHub attack. These campaigns primarily target sectors like healthcare and financial services, where downtime incurs severe cascading effects.