NDM Technologies Cyber News

Ransomware Attack Exposes Data of Over 1.4 Million Patients

A recent ransomware attack targeting the Texas Tech University Health Sciences Center (HSC) and Texas Tech University Health Sciences Center El Paso has compromised the personal data of over 1.4 million individuals.  The breach underscores the growing cybersecurity risks faced by high-profile organizations in the healthcare sector. 

The attack occurred on September 17, disrupting computer systems and applications across the organization, but went undiscovered until September 29. Subsequent investigations confirmed that the disruption was caused by ransomware, which removed certain files and folders from the network. HSC disclosed the incident to the U.S. Department of Health and Human Services Office for Civil Rights, revealing that sensitive information- including names, birth dates, Social Security numbers, driver’s license details, financial data, health insurance information, and medical records- was stolen. 

The cybercriminal group Interlock, known for its sophisticated ransomware operations, claimed responsibility for the attack. Interlock reportedly added HSCs’ data to its leak site, showcasing 2.1 million files totaling 2.6 terabytes. The group employs encryptors targeting FreeBSD servers and Windows systems, making their operations particularly challenging to mitigate. 

In response, HSC is reviewing their cybersecurity policies and implementing additional safeguards to enhance system protection and monitoring. As a precaution, they are offering complimentary credit monitoring services to affected individuals. Impacted parties are urged to remain vigilant against phishing attempts, monitor their credit and health insurance statements, and promptly report any suspicious activity. 

This incident highlights the critical importance of robust cybersecurity measures, especially for organizations handling sensitive personal and medical data. As ransomware attacks become increasingly sophisticated, proactive threat detection and comprehensive risk management strategies are essential to safeguarding valuable information. 

CISA Mandates Secure Cloud Configuration for Federal Agencies

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced Binding Operational Directive (BOD) 25-01, aimed at fortifying federal civilian agencies’ cloud environments. This directive mandates compliance with Secure Cloud Business Applications (SCuBA) secure configuration baselines to mitigate risks associated with cloud misconfigurations and weak security controls. 

CISA highlighted that recent cybersecurity incidents underscore the vulnerabilities caused by poor cloud configurations. Such weaknesses allow attackers to gain unauthorized access, exfiltrate data, and disrupt essential services. The directive is designed to minimize the federal government’s attack surface and enhance its overall cybersecurity posture. 

BOD 25-01 outlines several key requirements for federal agencies: 

• Cloud Tenant Identification: Agencies must identify all cloud tenants, including tenant names and the owning agencies, by February 21, 2025. 

• Deployment of SCuBA Tools: Agencies must deploy CISA’s automated configuration assessment tools by April 2025 and integrate results into continuous monitoring systems or provide manual quarterly reports. 

• Policy Implementation: Mandatory SCuBA policies must be implemented by June 20, 2025, with updates applied within specified timelines. 

• Baseline Compliance: Agencies must implement mandatory SCuBA Secure Configuration Baselines and begin continuous monitoring before granting Authorization to Operate (ATO) for new cloud tenants. 

As part of BOD 25-01, agencies are also recommended to deploy CISA-developed automated configuration assessment tools to measure against baselines, integrate with the agency’s continuous monitoring infrastructure, and address any deviations from the secure configuration baselines. However, the assessment tools are currently limited to Microsoft 365.  

The SCuBA baseline emphasizes secure configuration standards to facilitate a reduction of risk against threats posed by misconfigured cloud environments.  SCuBA and BOD 25- 01 set a strong precedent for enhancing federal cloud security and enforcing consistent adherence to  cybersecurity measures.

US Looks to Ban TP-Link Routers Amid Cybersecurity Concerns

The United States government is investigating TP-Link amid concerns about national security risks. The Chinese company, which supplies over 65% of routers to American homes and small businesses, is under investigation by the Commerce, Defense, and Justice Departments due to national security concerns. These investigations have uncovered vulnerabilities in TP-Link devices that cybercriminals are reportedly exploiting to compromise sensitive enterprise data. 

Consumer-grade routers, such as those offered by TP-Link, have become critical in supporting hybrid work models, yet they are increasingly seen as weak links in cybersecurity. With over 300 U.S. internet service providers issuing TP-Link devices as the default internet router, the potential impact of these vulnerabilities is immense. Hacked routers can serve as entry points for corporate espionage, Distributed Denial-of-Service (DDoS) attacks on enterprise systems, and the interception of sensitive information over Virtual Private Networks (VPNs). 

The investigation comes after an October Microsoft report revealed that a botnet of hacked small office and home office (SOHO) routers, predominantly TP-Link devices, was being leveraged by multiple Chinese threat actors. These attackers reportedly use credentials obtained through password spray operations to conduct computer network exploitation. Such findings have highlighted the broader concern that flaws in home and small business routers could have far-reaching implications for enterprise security. 

If the allegations are confirmed, a ban on TP-Link products in the U.S. could be implemented as early as next year. This potential action underscores the growing tension between the U.S. and China over vulnerabilities in technology infrastructure. For enterprises relying on secure networks, these developments serve as a stark reminder of the importance of rigorous cybersecurity measures and the need to scrutinize the devices integrated into their ecosystems. 

Upcoming Conferences & CPE Opportunities

The Official Cybersecurity Summit

This 12th annual Atlanta Cybersecurity Summit will connect you with C-Suite and Senior Executives responsible for protecting their companies' critical infrastructure. Learn innovative solutions and access interactive panels and discussions. 

January 31 -- Atlanta, GA

Cybersecurity Training at SANS 

Immerse yourself in a learning environment that features hands-on labs, simulations, and exercises, all geared towards practical application in your professional endeavors. Seize the opportunity to hone your skills during bonus sessions and activities. 

January 13-18 -- Nashville, TN

18th Global Conference on Cybersecurity and Cloud Engineering

The 18th edition of the GCCSCE seeks to bring experts, practitioners, and researchers from around the world together to advance discussions on cybersecurity and cloud engineering. Share the latest trends, address key challenges, and promote best practices.  

January 10-12 -- Honolulu, HI