Rackspace hit by a ransomware attack, healthcare industry (also) hit by ransomware, and Google Chrome faces a critical vulnerability.
Latest Threat Intel News:
Rackspace Rocked by a Ransomware Attack
Cloud services provider, Rackspace Technology, confirmed they suffered a ransomware incident affecting their hosted Microsoft Exchange environment, leading to an ongoing outage lasting multiple days. The company stated this did not affect other Rackspace services, and it is not yet known whether sensitive customer data was accessed as part of the incident. While an investigation into the matter is ongoing, no further details are available on what started the incident or who the threat actor is. In the meantime, Rackspace is assisting hosted Exchange customers in migrating to Microsoft 365.
Why This Matters:
Nothing can ruin your day quite like an email from your vendor telling you they’ve been hacked (except maybe an email from your own IT department informing you that you’ve been hacked). According to current information on the Rackspace incident, only hosted Exchange was affected, so if that applies to your organization it may be worth migrating to 365. Corvus has notified policyholders who are Rackspace customers and also put together a helpful guide on how to respond to vendor breaches.
Several recent attacks have highlighted the healthcare industry’s vulnerability to debilitating ransomware. In one incident, a French hospital had to cancel operations and even transfer patients in its intensive care and neonatal unit. This comes on the heels of a separate high-profile incident against another French hospital in August, in which threat actors demanded $10 million. In a U.S.-based hospital attack in October, ransomware actors also accessed data for 623,774 patients. This included information such as full name, address, date of birth, phone number, and unique IDs used by the organization. The U.S. Department of Health and Human Services (HHS) likewise issued a warning for ongoing attacks from the relatively new Royal ransomware gang which has been behind numerous attacks against U.S. based healthcare organizations. Previous HHS reports have warned about attacks from threat actors deploying Maui and Zeppelin ransomware.
Why This Matters
The threat of double extortion (encryption and data theft) makes healthcare an especially vulnerable victim of ransomware attacks. Encryption has shown that to halt crucial services and the sensitive PHI data stored by healthcare services is an alluring and profitable target for ransomware actors. Because of this, cyber defense and resilience is even more crucial for organizations in this sector. Ensuring a regular patching cadence, deploying an endpoint detection and response solution, and secure backups can go a long way to building resilience against ransomware attacks.
Google acknowledged that another high-severity vulnerability in its popular internet browser, Google Chrome, is being exploited in the wild. CVE-2022-4262 is the ninth zero-day flaw attackers have exploited involving Google Chrome this year. As one of the most popular browsers, Chrome vulnerabilities have a very wide reach with Atlas VPN reporting 3.3 billion users. While Google is being careful not to reveal too many details on the recent vulnerability to avoid even wider exploitation, previous flaws have opened the door for attackers to bypass protection mechanisms and even execute remote code on systems. This can then allow an attacker access to perform further exploitation.
Why This Matters
Chances are good that someone at your organization uses Google Chrome. Even for software as seemingly benign as web browsers, it’s important to stay on top of patching and ensuring users across your organization have applied the latest security updates.
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.