TLP White: This week, Hacking Healthcare explores the ramifications of the European Union’s decision to sanction malicious cyber actors for the first time ever, including why it may only really benefit the healthcare sector in the long-term. Following that, we brief you on an evolution in disinformation campaigns that makes trusting online sources even harder.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
Welcome back to Hacking Healthcare.
1. European Union (EU) Sets New Precedent by Sanctioning Cyberattack Perpetrators.
On July 30th, 2020, The EU took the unprecedented step of imposing sanctions on six individuals and three entities “responsible for or involved in various cyber-attacks.”[1] The Council of the European Union noted several specific cyber incidents, including WannaCry, NotPetya, Operation Cloud Hopper, and an attack against the Organisation for the Prohibition of Chemical Weapons.[2]
The individuals and organizations named are linked to China, North Korea, or Russia. Both named Chinese individuals are linked to APT 10, while the four named Russian nationals are tied to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU).[3] In addition, the organizations sanctioned are the Main Centre for Special Technologies of the GU/GRU, a China based science and tech company, and a North Korea based organization linked to APT 38 and numerous cyberattacks across the globe.[4]
In a statement accompanying the sanctions, Josep Borrell, High Representative of the EU, stated they took action “to better prevent, discourage, deter and respond to such malicious behaviour in cyberspace,” while also “[calling] upon every country to cooperate in favour of international peace and stability, to exercise due diligence and take appropriate action against actors conducting malicious cyber activities.”[5] Both the United States State Department and the United Kingdom’s Foreign Secretary lauded the move.[6], [7]
The mechanism for the sanctioning appears to come from a relatively newly adopted sanctions regime that is now part of the Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities, referred to as the Cyber Diplomacy Toolbox.[8], [9] The sanctions themselves impose travel bans, asset freezes, and prohibit EU persons or organizations from making funds available to any of the named individuals or entities.
Action & Analysis
** Membership required **
2. News Sites Infiltrated by Hackers to Plant Fake News.
Disinformation campaigns are not new, but as we have seen, the growth of the Internet and the proliferation of social media has greatly expanded the methods used by those with a disinformation agenda. Combatting disinformation is often a tall task due to concepts like free speech, difficulty in determining intent, and ambiguity over whether misleading or false information breaches applicable terms of service. A new FireEye report shows how the already insidious action of disinformation campaigns can be amplified with the help of hackers.
FireEye reports that over the past few years, disinformation operations “aligned with Russian security interests” have sought to hack legitimate news websites and replace their content with false and misleading text and images.[10] These unauthorized changes appear to have been a result of stolen user credentials that allowed access to the victim organization’s content management systems.[11] Furthermore, FireEye believes that the threat actors tended to replace existing legitimate entries with fabricated articles, which could slow discovery of the changes.
While these unauthorized alterations tended to be quickly found, removed, and disavowed, such remediation did not happen before false information was quickly shared on social media.[12] This type of tactic would appear to both discredit reputable organizations while simultaneously lending credibility to misleading content. For the operations that the FireEye report covered, content was primarily focused on anti-NATO messaging and included COVID-19 related material in an attempt to stoke fear and resentment.
Action & Analysis
** Membership required **
Congress –
Tuesday, August 4th:
– Senate – Committee on Armed Services: Hearings to examine the findings and recommendations of the Cyberspace Solarium Commission
Wednesday, August 5th:
– No relevant hearings
Thursday, August 6th:
– No relevant hearings
International Hearings/Meetings –
– No relevant hearings
EU –
Conferences, Webinars, and Summits –
— H-ISAC Monthly Member Threat Briefing – Webinar (8/25/2020)
https://h-isac.org/hisacevents/h-isac-monthly-member-threat-briefing-11/
— STOP HEMORRHAGING DATA: MINIMIZE THIRD-PARTY RISK IN HEALTHCARE BY RISKRECON – Webinar (9/1/2020)
–Healthcare Cybersecurity Forum – Southeast – Nashville, TN (9/9/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426517
— ENISA Trust Services Forum – CA Day 2020 – Schloßplatz Berlin, Germany (9/22/2020)
https://h-isac.org/hisacevents/enisa-trust-services-forum-ca-day-2020/
–Healthcare Cybersecurity Forum – Northeast – Boston, MA (9/22/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/427126
–H-ISAC Cyber Threat Intel Training – Titusville, FL (9/22/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-titusville-fl/
–H-ISAC Security Workshop – Virtual (9/23/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-forchheim-germany/
–Summit on Security & Third Party Risk – National Harbor, MD (9/28/2020-9/30/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428840
–H-ISAC Monthly Member Threat Briefing – Webinar (9/29/2020)
https://h-isac.org/hisacevents/h-isac-monthly-member-threat-briefing-12/
— The MedTech Conference – Virtual (10/5/2020)
https://h-isac.org/hisacevents/the-medtech-conference-toronto/
— Healthcare Cybersecurity Forum – Houston, TX (10/8/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428840
— NCHICA AMC Security & Privacy Conference – Durham, North Carolina (10/21/2020-10/22/2020)
https://h-isac.org/hisacevents/nchica-amc-security-privacy-conference/
— 2020 H-ISAC European Summit – Santpoort-Noord, Netherlands (10/20/2020-10/22/2020)
https://h-isac.org/summits/european-2020-summit/
–CYSEC 2020 – Dubrovnik, Croatia (10/27/2020 – 10/28/2020)
https://h-isac.org/hisacevents/cysec-2020-croatia/
–Healthcare Cybersecurity Forum – Pacific Northwest – Seattle, WA (10/28/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428886
–H-ISAC Security Workshop – Seattle, WA – (10/29/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-seattle-wa-2/
–Healthcare Cybersecurity Forum – California – Los Angeles, CA (11/12/2020)
https://h-isac.org/hisacevents/healthcare-cybersecurity-forum-california-2/
–H-ISAC Security Workshop – Paris, France (11/18/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-paris-france/
–H-ISAC Fall Hybrid Summit – Phoenix, AZ (11/30/2020-12/4/2020)
https://h-isac.org/summits/fall-summit-2020/
— H-ISAC Security Workshop – Prague, Czech Republic (12/8/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-prague/
— 2021 APAC Summit – Singapore (3/23/2021-3/25/2021)
Sundries –
New Study: Phishing campaigns, from first to last victim, take 21h on average
https://www.zdnet.com/article/phishing-campaigns-from-first-to-last-victim-take-21h-on-average/
For North Korea, phishing with fake job-recruitment emails never gets old
https://www.cyberscoop.com/north-korea-aerospace-defense-mcafee-job-offers/
IBM: Health Sector Leads in Annual Data Breach Costs, Topping $7.13M
https://healthitsecurity.com/news/ibm-health-sector-leads-in-annual-data-breach-costs-topping-7.13m
Contact us: follow @HealthISAC, and email at contact@h-isac.org
[1] https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
[2] https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
[3] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020R1125&from=EN
[4] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020R1125&from=EN
[5] https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/declaration-by-the-high-representative-josep-borrell-on-behalf-of-the-eu-european-union-response-to-promote-international-security-and-stability-in-cyberspace/
[6] https://www.gov.uk/government/news/foreign-secretary-welcomes-first-eu-sanctions-against-malicious-cyber-actors
[7] https://www.state.gov/the-united-states-applauds-the-eus-action-on-cyber-sanctions/
[8] https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
[9] https://eeas.europa.eu/headquarters/headquarters-homepage/83572/eu-imposes-first-ever-cyber-sanctions-protect-itself-cyber-attacks_en
[10] https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/Ghostwriter-Influence-Campaign.pdf
[11] https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/Ghostwriter-Influence-Campaign.pdf
[12] https://arstechnica.com/information-technology/2020/07/hackers-broke-into-real-news-sites-to-plant-fake-stories/