June 2024 Newsletter

Posted By: Mark Monday 15th July 2024 Tags: , , , , , , , , , ,

This month: Qilin group in NHS ransomware attacks, CDKGlobal automotive outage, TeamViewer data breach, music labels sue AI startups, AI skeleton key danger, South Korea telco infects customers with malware, plus Nybolt showcases fast EV battery charging capability.

Newsletter Image: Qilin NHS Ransomware Attacks

Qilin NHS Ransomware Attacks

In the last month Russian cybercriminals from the Qilin group targeted NHS hospitals in London with ransomware attacks. The most affected trusts, King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust, had to postpone 1,300 outpatient appointments and 205 elective procedures due to the attack. This brings the total to 3,396 outpatient appointments and 1,255 elective procedures delayed since June 3.

Additionally, patient data managed by pathology services provider Synnovis was stolen during the attack. The situation remains critical, but NHS staff are working diligently to manage the impact on patient care. Patients are advised to attend appointments unless notified otherwise.

What is the Qilin Group?

The Qilin group is a Russian-speaking cybercriminal organisation known for its involvement in sophisticated cyberattacks and has been active for around two years. They run their operations via websites on the dark web.

Previously known in the UK for targeting the publishing and social enterprise group, the Big Issue Group. During that attack, the hackers breached the company’s IT systems and stole confidential data, including staff information such as addresses, passport scans, and payroll details. Their actions have had serious consequences, disrupting critical services and compromising sensitive data.

While they have targeted various sector, globally, they’re making the biggest headlines with their attacks on hospitals and healthcare systems.  Authorities are actively investigating and responding to these incidents to mitigate the impact on healthcare services and patient safety.

Reasons For The Qilin Group Cyberattacks?

The motivations behind the Qilin group’s cyberattacks, like with many ransomware groups, are multifaceted:

  1. Financial Gain: Ransomware attacks, like the one on NHS hospitals in London, are often driven by financial motives. The attackers demand ransom payments in exchange for decrypting the compromised systems. These payments can be substantial, providing a lucrative incentive for cybercriminals.

  2. Political or Geopolitical Goals: Some cybercriminal groups operate with political or nationalistic agendas. They may target specific organisations or countries to disrupt critical services, gain leverage, or advance their interests.

  3. Espionage and Data Theft: Cybercriminals may steal sensitive data during attacks. This stolen information can be sold on the dark web or used for espionage purposes. In the case of the Big Issue Group attack, personal and confidential data was compromised.

  4. Chaos and Disruption: Creating chaos and disrupting essential services can be a goal in itself. Attacks on healthcare systems, like the NHS, can have severe consequences for patient care, causing panic and highlighting vulnerabilities.

  5. Testing and Skill Demonstration: Some cybercriminals attack organisations to test their skills, demonstrate capabilities, or prove their prowess within the hacker community.

Cybercrime organisations like Qilin group operate in a complex landscape influenced by a mix of financial, political, and personal factors. It’s important to be aware of these gangs, and have a robust cyber security plan to keep your precious business data safe.

Contact LaneSystems to discuss your cyber security needs today.

Newsletter Image: CDKGlobal Outage For US Automotive Industry

CDKGlobal Outage For US Automotive Industry

In a busy month for cyberattacks, June saw another major casualty in the form of CDK Global, a software provider for thousands of car dealerships in the USA.

CDK suffered a cyberattack that disrupted its systems and is still ongoing. At time of writing the company has restored systems for a small initial test group of dealers, but many others are still affected. CDK is actively working to bring additional applications online, including Customer Relationship Management (CRM) and Service solutions.

The impact has been significant, with dealers relying on workarounds due to system downtime. It’s a significant enough outage that JD Power forecasts a decrease in new vehicle retail sales for June, primarily because of it. The situation remains urgent for affected dealerships, and CDK aims to address the issue by early July.

Who are CDK Global

CDK Global is an Illinois multinational corporation providing data and technology solutions to various industries, including automotive, heavy truck, recreation, and heavy equipment. CDK Global serves over 30,000 dealers worldwide, helping them optimise processes related to sales, inventory,service, parts, and more. An outage on this scale causes significant impact across the sector.

Reasons for the CDK Global attack?

The motive behind the recent CDK Global cyberattack has not been explicitly disclosed, however, we know CDK is dealing with a ransom event, where the attackers are demanding payment to restore systems. The company is actively working to address the situation and bring affected applications back online.

The specific details regarding how the attackers gained access to CDK Global’s systems have, at time of writing, not been publicly disclosed. There is also currently no public information regarding the identity or origin of the attackers.

What have CDK done in response so far?

In response to the cyber attack, CDK Global has taken several actions:

  1. System Restoration: CDK has been actively working to restore affected systems. They have already brought some applications online for a small initial test group of dealers, but many others are still impacted.

  2. Communication: CDK has been communicating with dealerships and providing updates on the situation. Transparency is crucial during such incidents.

  3. Addressing Ransom Demands: CDK acknowledges that the attack is a “ransom event.” The hackers are demanding payment to restore systems. CDK will be evaluating its options and working to mitigate the impact.

  4. Timelines: CDK aims to address the issue by early July, but the situation remains urgent for affected dealerships.

How could CDK – and all businesses – take precautions?

CDK Global can take several preventive measures to enhance their security and mitigate the risk of future cyberattacks:

  1. Regular Security Audits: Conduct regular security audits and vulnerability assessments of their systems. This helps identify and address potential weaknesses before they can be exploited.

  2. Employee Training: Educate employees about cybersecurity best practices. Training should cover topics like phishing awareness, password hygiene, and safe browsing habits.

  3. Multi-Factor Authentication (MFA): Implement MFA for all critical systems. This adds an extra layer of security by requiring users to provide additional verification beyond just a password.

  4. Network Segmentation: Segment their network to isolate critical systems from less sensitive ones. This limits lateral movement for attackers.

  5. Patch Management: Keep software and systems up to date with the latest security patches. Vulnerabilities in outdated software can be exploited by attackers.

  6. Incident Response Plan: Develop and regularly test an incident response plan. This ensures a swift and coordinated response in case of a security breach.

  7. Encryption: Encrypt sensitive data both in transit and at rest. This protects information even if it falls into the wrong hands.

  8. Access Controls: Limit access to sensitive systems based on the principle of least privilege. Only authorised personnel should have access to critical data.

  9. Threat Intelligence: Stay informed about emerging threats and attack techniques. Collaborate with industry peers and security experts to share threat intelligence.

  10. Backup and Recovery: Regularly back up critical data and test the restoration process.Having reliable backups can minimise the impact of ransomware attacks.

LaneSystems provides cyber security services, including data recovery and backup plans to minimise your disruption. If you’re a business in and around the North East of England, contact us today.

Newsletter Image: Congratulations Cormac! Thank You Elaine!

Congratulations Cormac! Thank You Elaine!

Our apprentice, Cormac Fitzgerald, recently passed his Level 3 ICT Technician apprenticeship – with distinction!

We are all very proud of him and his amazing progression since he joined our team back in March to complete said apprenticeship.

He will be joining us on a permanent basis from July.

Congratulations, Cormac!

We also can’t let June pass by without wishing a happy yeariversary to Elaine Pickering in our Accounts Department. Thank you for all your valuable work!

Newsletter Image: TeamViewer Data Breach

TeamViewer Data Breach

During June, TeamViewer, a popular provider of remote access software, discovered a breach within its internal corporate IT environment.

TeamViewer is a powerful remote connectivity software that allows you to connect to other devices from anywhere. Whether for online meetings, video conferencing, or accessing your home computer while on the go, TeamViewer provides real-time remote access and support. It requires installation on both your device and the target device you want to access.

With TeamViewer, you can remotely control computers, troubleshoot issues, and collaborate effectively. It is a common remote access solution used by IT companies to remote access and manage their clients’ systems.

Although this breach didn’t directly impact the functionality of TeamViewer’s remote access software or customer data security, it raised significant concerns due to the software’s widespread use by millions of people and businesses worldwide.

The breach was quickly detected, and TeamViewer immediately activated its response team to collaborate with global cybersecurity experts. While the company hasn’t disclosed specific details about the attackers, cybersecurity firm NCC Group suggested that an Advanced Persistent Threat (APT) group may be responsible. APT groups are known for sophisticated cyber espionage activities, targeting valuable information – a business like TeamViewer would be a prime target. [Update] TeamViewer is pointing the finger at Russian intelligence, as it believes the Cozy Bear cyber-spies, aka APT29 and Midnight Blizzard, are responsible.

In response to the breach, alerts have been circulated by cybersecurity bodies, warning of the potential exploitation of TeamViewer services by threat actors. While TeamViewer is transparent about the incident, some criticism has been levelled regarding the updates given, while some cybersecurity professionals have criticised weak controls on remote access to critical systems.

Be vigilant and always be aware of who has access to your systems. Limit the use of remote access tools to trusted devices and networks. Practice good password and authentication methods, review authorised devices and monitor activity. And make sure staff are aware of best practices regarding the use of TeamViewer, or any remote access tool.

Newsletter Image: Music Labels Sue AI Companies

Music Labels Sue AI Companies

In the ever-evolving landscape of music creation, artificial intelligence (AI) has emerged as both a boon and a challenge. Recently, three of the world’s largest record labels—Universal Music Group, Sony Music Entertainment, and Warner Music Group—have taken legal action against two prominent AI music-making companies: Suno and Udio-maker Uncharted Labs.

The Rise of AI Music Generators

Suno and Udio have developed AI programs that allow users to generate songs from simple text prompts. These accessible tools can produce realistic music, including full songs using AI versions of real artists’ voices. However, this technological leap has raised legal and ethical questions within the music industry.

The Lawsuits Unleashed

Coordinated by the Recording Industry Association of America (RIAA), the lawsuits were filed in U.S. federal courts for the District of Massachusetts and the Southern District of New York. The music labels allege that building services like Suno and Udio involves “copying decades worth of the world’s most popular sound recordings” to train their AI models. Moreover, both AI companies are accused of being “deliberately evasive” about disclosing their training data.

The Copyright Conundrum

At the heart of the legal battle lies the issue of copyright infringement. Suno and Udio’s music generators could only create such realistic songs if they had been trained on “vast quantities of sound recordings from artists across every genre, style, and era.” Many of these recordings remain copyrighted by the very record labels now suing the AI companies.

Artists’ Concerns and Compensation

Artists have expressed concern over how generative AI technologies might undermine human creativity and compensation. While AI-generated music can be impressive, it arguably lacks the emotional depth, personal experiences, and artistic intent that human musicians infuse into their work. The fear, though, is that AI-generated content could devalue original compositions and impact artists’ livelihoods.

In a recent video, music producer and YouTube star, Rick Beato, said he conducted a test of human composed music alongside AI generated compositions for his children and their friends. While he said he struggles to tell the difference between what was ‘real’ and what wasn’t, his son easily identified them all, and the other youngsters identified many of them.  Is AI music something ‘younger’ ears can more easily distinguish?

The Promise of Responsible AI

RIAA Chairman and CEO Mitch Glazier emphasised that the music community embraces AI but seeks responsible development. The goal is to build sustainable AI tools (of their own) that empower artists and songwriters. However, unlicensed services like Suno and Udio, which exploit artists’ work without consent or fair compensation, might hinder genuine innovation in AI.

The Road Ahead

As the legal battle unfolds, the music industry faces a delicate balancing act. It must protect artists’ rights while fostering technological advancements. The clash between creativity and code continues. While AI offers exciting possibilities, can it respect the foundations laid by human artists. As Suno, Udio, and other AI companies navigate these legal waters, the music industry grapples with defining the boundaries of innovation and artistic integrity.

The outcome will shape the future of music creation. Will it ensure that human and AI contributions find their rightful place in the symphony of creativity?

Newsletter Image: And Finally… Other June News

And Finally… Other June News

Some tech news that caught our attention in late June.

Skeleton Key AI Bypass

Microsoft recently disclosed a concerning new AI jailbreak technique called Skeleton Key. This technique targets generative AI models and allows an attacker to bypass the guardrails built into the model during training. Essentially, it tricks the AI chatbot into ignoring its intended behaviour, potentially leading to harmful or unethical outputs.

Microsoft has taken steps to mitigate this threat, including sharing findings with other AI providers and implementing safeguards in their own AI systems.

South Korea Telco Infects Customers with Malware

Korea Telecom, one of South Korea’s largest telecommunications providers, allegedly targeted its own customers with malware. The company reportedly infected users who excessively used peer-to-peer (P2P) downloading tools. Specifically, they inserted malware into the Grid Program, disrupting file exchange services.

The incident has drawn police attention, and an investigation is underway to determine if KT violated privacy and communications laws. While controlling P2P traffic is common, distributing malware and deleting customer files raises ethical concerns.

Nyobolt Fast Charging EV Battery

Nyobolt, a UK start-up, recently demonstrated an electric car battery capable of ultra-fast charging. During its first live demonstration, the battery charged from 10% to 80% in just four minutes and 37 seconds.

This achievement was accomplished using a specially-built concept sports car on a test track in Bedford. By comparison, existing Tesla superchargers take 15-20 minutes to charge a car battery to 80%. Nyobolt’s breakthrough aims to address “range anxiety” and accelerate the adoption of electric vehicles (EVs). While challenges remain, such as improving charging infrastructure, this milestone represents significant progress in electrification.