BOSTON (AP) — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.
In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”
The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.
The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit. “We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.
Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.
The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.
The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. U.S. Cyber Command has also reportedly taken action against Trickbot. While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.
The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.
In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.
Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.
Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.
He said the group was demanding ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.
“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.” U.S. officials have repeatedly expressed concern about major ransomware attacks affecting the presidential election, even if the criminals are motivated chiefly by profit.
Mandiant’s Carmakal identified the criminal gang as UNC1878, saying “it is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers” and producing prolonged delays in critical care.
He called the eastern European group “one of most brazen, heartless, and disruptive threat actors I’ve observed over my career.”
While no one has proven suspected ties between the Russian government and gangs that use the Trickbot platform, Holden said he has “no doubt that the Russian government is aware of this operation — of terrorism, really.” He said dozens of different criminal groups use Ryuk, paying its architects a cut.
Dmitri Alperovitch, co-founder and former chief technical officer of the cybersecurity firm Crowdstrike, said there are “certainly lot of connections between Russian cyber criminals and the state,” with Kremlin-employed hackers sometimes moonlighting as cyber criminals.
Neither Holden nor Carmakal would identify the affected hospitals. Four healthcare institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence County Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.
Sky Lakes acknowledged the ransomware attack in an online statement, saying it had no evidence that patient information was compromised. It said emergency and urgent care “remain available” The St. Lawrence system did not immediately return phone calls seeking comment.
Increasingly, ransomware criminals are stealing data from their targets before encrypting networks, using it for extortion. They often sow the malware weeks before activating it, waiting for moments when they believe they can extract the highest payments, said Brett Callow, an analyst at the cybersecurity firm Emsisoft.
A total of 59 U.S. healthcare providers/systems have been impacted by ransomware in 2020, disrupting patient care at up to 510 facilities, Callow said.
Carmakal said Mandiant had provided Microsoft on Wednesday with as much detail as it could about the thr eat so it could distribute details to its customers. A Microsoft spokesman had no immediate comment.
By FRANK BAJAK AP Technology Writer
Associated Press writers Eric Tucker in Washington, D.C., Lisa Baumann in Seattle and Deepti Hajela in New York City contributed to this report.
Twitter CEO defends Trump ban, warns of dangerous precedent
Twitter CEO Jack Dorsey defended his company’s ban of President Donald Trump in a philosophical Twitter thread that is his first public statement on the subject.
When Trump incited his followers to storm the U.S. Capitol last week, then continued to tweet potentially ominous messages, Dorsey said the resulting risk to public safety created an “extraordinary and untenable circumstance” for the company. Having already briefly suspended Trump’s account the day of the Capitol riot, Twitter on Friday banned Trump entirely, then smacked down the president’s attempts to tweet using other accounts.
“I do not celebrate or feel pride in our having to ban @realDonaldTrump from Twitter,“ Dorsey wrote. But he added: ”I believe this was the right decision for Twitter.”
Dorsey acknowledged that shows of strength like the Trump ban could set dangerous precedents, even calling them a sign of “failure.” Although not in so many words, Dorsey suggested that Twitter needs to find ways to avoid having to make such decisions in the first place. Exactly how that would work isn’t clear, although it could range from earlier and more effective moderation to a fundamental restructuring of social networks.
In Dorsey-speak, that means Twitter needs to work harder to “promote healthy conversation.”
Extreme measures such as banning Trump also highlight the extraordinary power that Twitter and other Big Tech companies can wield without accountability or recourse, Dorsey wrote.
While Twitter was grappling with the problem of Trump, for instance, Apple, Google and Amazon were effectively shutting down the right-wing site Parler by denying it access to app stores and cloud-hosting services. The companies charged that Parler wasn’t aggressive enough about removing calls to violence, which Parler has denied.
Dorsey declined to criticize his Big Tech counterparts directly, even noting that “this moment in time might call for this dynamic.” Over the long term, however, he suggested that aggressive and domineering behavior could threaten the “noble purpose and ideals” of the open internet by entrenching the power of a few organizations over a commons that should be accessible to everyone.
The Twitter co-founder, however, had little specific to say about how his platform or other Big Tech companies could avoid such choices in the future. Instead, he touched on an idea that, taken literally, sounds a bit like the end of Twitter itself — a long-term project to develop a technological “standard” that could liberate social networks from centralized control by the likes of Facebook and Twitter.
But for the moment, Dorsey wrote, Twitter’s goal “is to disarm as much as we can, and ensure we are all building towards a greater common understanding, and a more peaceful existence on earth.”
SAN FRANCISCO (AP) — By DAVID HAMILTON
US blacklists Xiaomi, CNOOC, Skyrizon, raising heat on China
The U.S. government has blacklisted Chinese smartphone maker Xiaomi Corp. and China’s third-largest national oil company for alleged military links, heaping pressure on Beijing in President Donald Trump’s last week in office.
The Department of Defense added nine companies to its list of Chinese companies with military links, including Xiaomi and state-owned plane manufacturer Commercial Aircraft Corp. of China (Comac).
U.S. investors will have to divest their stakes in Chinese companies on the military list by November this year, according to an executive order signed by Trump in November.
Xiaomi did not immediately respond to a request for comment.
Xiaomi Corp. overtook Apple Inc. as the world’s No. 3 smartphone maker by sales in the third quarter of 2020, according to data by Gartner. Xiaomi’s market share has grown as Huawei’s sales have suffered after it was blacklisted by the U.S. and its smartphones were cut off from essential services from Google.
Separately, the Commerce Department put China National Offshore Oil Corp. (CNOOC) on the entity list, an economic blacklist that forbids U.S. firms from exporting or transferring technology with the companies named unless permission has been obtained from the U.S. government. The move comes after about 60 Chinese companies were added to the list in December, including drone maker DJI and semiconductor firm SMIC.
CNOOC has been involved in offshore drilling in the disputed waters South China Sea, where Beijing has overlapping territorial claims with other countries including Vietnam, the Philippines, Brunei, Taiwan, and Malaysia.
“China’s reckless and belligerent actions in the South China Sea and its aggressive push to acquire sensitive intellectual property and technology for its militarization efforts are a threat to U.S. national security and the security of the international community,” U.S. Commerce Secretary Wilbur Ross said in a statement.
“CNOOC acts as a bully for the People’s Liberation Army to intimidate China’s neighbors, and the Chinese military continues to benefit from government civil-military fusion policies for malign purposes,” Ross said.
CNOOC did not immediately comment.
Chinese state-owned company Skyrizon was also added to the economic blacklist, for its push to “acquire and indigenize foreign military technologies,” Ross said.
Beijing Skyrizon Aviation, founded by tycoon Wang Jing, drew U.S. criticism for an attempt to take over Ukraine’s military aircraft engine maker Motor Sich in 2017. The concern was that advanced aerospace technology would end up being used for military purposes.
HONG KONG (AP) — By ZEN SOO
Microsoft ousts rivals from CES marquee as show moves online
This week, Microsoft had a big test on its hands — how to help transform the world’s biggest gadget show into an online-only event.
The choice of Microsoft to power this year’s CES and create a virtual showcase for its 1,800 exhibitors gave the tech giant a big promotional boost over its best-known cloud computing rivals, Amazon and Google.
But it also posed reputational risks, as organizers of this week’s event tried to cobble together a trove of web content and mostly prerecorded panel discussions in a way that could at least partially evoke the gaudy, high-energy convention that takes over the Las Vegas strip each January.
At times, it was hard to pretend this year’s virtual CES was a live event.
“Don’t tell people we’re recording in December,” said panel moderator and venture capitalist Rajeev Chand, jokingly admonishing a Twitter executive after his comments revealed that their debate on user privacy, aired Tuesday, was taped nearly a month earlier.
The Consumer Technology Association, the trade group that runs CES, said it made a final decision in July that its premier event would be virtual, then put out a request for bids and evaluated more than 40 digital platforms before announcing its choice of Microsoft in October. The tech company already had some experience hosting its own big events virtually during the pandemic, including last year’s Build and Ignite conferences, each of which had roughly 200,000 participants.
But Microsoft’s marquee involvement in CES is a change from recent years when Google and Amazon dominated the annual Las Vegas convention with ubiquitous marketing and splashy displays — even a theme park-style ride — as they competed against each other to showcase their digital voice assistants.
Microsoft, by contrast, has kept a lower profile as it’s shifted from a consumer-focused business to one focused on selling its software and services to big organizations.
“Microsoft as a partner might have affected a couple of companies who view themselves as competition, I’m not sure,” said Gary Shapiro, president and CEO of the CTA.
Neither Google nor Amazon has said if they had sought to win the contract to run this year’s digital CES, but both companies were mostly sitting out the show this year and showcasing their latest wares elsewhere.
“We talked to all the leading tech companies,” said Jean Foster, CTA’s senior vice president of marketing and communications. “Many of these companies were taking the physical world and putting it online. They had avatars walking around a virtual show floor. That’s just not consistent with what we’re doing.”
The event also needed a cloud computing provider that could handle a huge volume of attendees from around the world. And it needed to be able to create a system to register, bill and authenticate attendees.
“We needed high performance and security, so obviously that’s built into the Microsoft brand,” Foster said.
But the job required Microsoft to accomplish some tasks that went beyond what it did for its own events – namely, to recreate, or replace, the experience of a giant showcase of gadgets and technology.
“How could we bring a large group of exhibitors together and show off what they had to say and their value propositions in a way that’s not an expo,” said Bob Bejan, the Microsoft executive who runs its global events and production studios and is leading the CES project. “Because you can’t translate this stuff. You have to reinvent in this medium.”
Anchored at Microsoft’s production studio in Redmond, Washington, the event is designed to turn a typical directory of exhibitors into an interactive digital experience using a mix of video, audio and chat. It’s a test for Microsoft products such as Teams, the workplace communications app that the company is trying to make a must-have service for workplaces during the pandemic.
Conference attendees could send each other messages — no more than 250 of them — and use Teams for virtual meet-and-greet sessions that Bejan said was supposed to work like a “digital parallel to what you would do at an expo or a hotel lobby bar.”
Even when the pandemic wanes, Bejan said Microsoft is pivoting to a future in which he expects digital experiences will remain an important component of conferences and other live events.
By MATT O’BRIEN
Three Angolan operators cleared for IPO listing with more to come
Virtual Card for online transactions created by Airtel Uganda and Mastercard
Uganda bans social media in run off to presidential election
Twitter CEO defends Trump ban, warns of dangerous precedent
NEOM: A $500 Billion smart-city to be built in Saudi Arabia
5 Reasons Why… Telecoms is Important in Society
Telecom Sales Strategies that will Bring You Success in 2020
Advantages and drawbacks of Voice Recognition Technology
Mohanned Alosta, CEO of Libyana Telecom
Joe Fizor, TBI Lead Solutions Engineer and Tech Guru
Mazen Mroue, Chief Operating Officer at MTN Nigeria
Mazen A. Dohaji, Vice President (iMETA) at LogRhythm
- MedTech4 weeks ago
A brief history of digitalization
- Exclusive Interviews2 weeks ago
Mohanned Alosta, CEO of Libyana Telecom
- Technology1 week ago
- Exclusive Interviews4 weeks ago
Joe Fizor, TBI Lead Solutions Engineer and Tech Guru
- MedTech4 weeks ago
What we know about the new strain of COVID-19 so far
- Telecoms4 weeks ago
Streaming market insights with Capgemini’s Frederic Vander Sande
- Fintech4 weeks ago
Myth busting: Are contactless payments safe?
- Technology5 days ago
WhatsApp begins to lose users, after forcing them to hand over their private data