BlackCat claims to have exfiltrated the sensitive personal information of clinicians and Trust employees such as CVs, driver’s license numbers, IDs, social security numbers, financial reports, accounting and loan data, insurance agreements, and more. The data dump also includes client documentation, credit card data, and other commercial secrets.
 
The group demanded that the Trust pay a ransom by 3rd July to get its data back, failing which it would publish all of the stolen data online.

Cutting costs in the economic downturn has become a priority for many business leaders and one area that can produce quick savings for all is password resets.

Adding no value to businesses, they reduce employee productivity and come with an astronomical price tag, says Julia O'Toole , CEO of cyber product firm MyCena Security Solutions.

Can businesses eradicate these costs and put the savings back in their pockets?

Tens of thousands of employees of private and public organisations have had their personal data exposed as a result of a wide-ranging breach of the MOVEit Transfer tool.

“It is common for an initial breach to spread up and down the supply-chain of the initial target. Once a criminal is in, they will be looking for doors that can open onto new victims. When it comes to protection against these threats, segmenting and encrypting access is essential. By segmenting access, you minimise the amount of data that can be obtained at once and the malware cannot travel not just inside your systems, but also further up and down your supply chain to avoid infecting more companies.”

A zero-day vulnerability in the MOVEit file transfer software was infiltrated, affecting the supply chains of BA, BBC and Boots.

Julia O'Toole , CEO of MyCena Security Solutions, says : “When it comes to protection against these threats, segmenting and encrypting access is essential."

“By segmenting access, you minimise the amount of data that can be obtained at once, and the malware cannot travel not just inside your systems, but also further up and down your supply-chain to avoid infecting more companies.”

It is common for an initial breach to spread up and down the supply-chain of the initial target. Once a criminal is in – it could be spear-phishing, social engineering, brute force, credentials attacks - they will be looking for doors that can open onto new victims.

The holy grail is finding a flaw or open door that no one has yet discovered that can carry them fast, far and wide into new host systems; similar to a virus that found an unsuspected superhost that will spread it to new host bodies.

This time they found the zero-day vulnerability in the MOVEit Transfer software, which allowed them to spread from Zellis payroll services to their customers, including BA, BBC and Boots.

What can businesses do in terms of protection?

Segment access and encrypt each access, so that if one system is infected, for example payroll, the rest of the systems are safe, while the incident can easily be contained.

The ancient Greeks taught us many things. Thousands of years later, we still apply Greek wisdom to things like government, teaching and law. And, according to MyCena Security Solutions CEO Julia O’Toole, there are still lessons to be learned in the cybersecurity world. O'Toole explains how ancient Greek architecture can provide lessons for building a strong defence against modern ransomware attacks. Highlighting the city of Mycenae, known for its robust walls and layered security, as inspiration, O'Toole emphasises the speed and vulnerabilities associated with modern ransomware attacks, criticising the reliance on single access tools and employee-created passwords. Instead, companies should learn from the ancient Greeks – implementing segmented access with unique encrypted passwords at different levels to create an impregnable fortress for their digital assets.

The proposed EU certification scheme (EUCS) has taken another step closer to being implemented. The new law aims to ensure cybersecurity for cloud services and guide EU governments and companies in selecting reliable vendors. The EU's focus on cloud services is intended to protect sensitive data that could have significant consequences for public safety, human life, health, and intellectual property if compromised. But there are potential hurdles to overcome. While the EU wants to safeguard data rights and privacy, there are concerns about fragmentation of the single market as individual countries can implement the rules at their discretion. Similarly, these measures face criticism from US tech giants, such as Google, Amazon and Apple, concerned about potential exclusion from the European market.