Security News in Review: Belgian Hospital Forced to Redirect Patients

In today’s weekly edition of Security News in Review, the Morphisec team is bringing you stories about how a cyberattack forced a Belgian hospital to redirect patients, the discovery of yet another malware strain used in the SolarWinds attack, and the launch of a new campaign from CISA to reduce the risk of ransomware. 

Every week, the Morphisec team works hard to bring you the top stories from around the security media-sphere to make your job and securing your critical infrastructure easier.

Now on to the news: 

• Symantec Discovers Fourth Malware Strain Used in SolarWinds Attack -- Researchers at Symantec revealed the existence of a fourth malware strain during their investigation of the SolarWinds supply chain attack. Code-named “Raindrop,” this malware is a loader that delivers a payload of Cobalt Strike. Raindrop is not delivered by the initial compromise, but instead appears on other computers within a compromised network. 
• Hospital in Belgium Forced to Redirect Patients Due to Cyberattack -- Center Hospitalier de Wallonie Picarde (CHwapi) in Tournai, Belgium, has been forced to redirect urgent care cases to other area hospitals after a ransomware attack crippled 80 of its 300 servers. As of Saturday, no ransom was demanded, which could indicate that the hospital wasn’t the intended target.
• CISA Launches Campaign to Reduce the Risk of Ransomware -- This past Friday, June 22, the Cybersecurity and Infrastructure Security Agency launched a campaign designed to reduce the risk of ransomware attacks for public and private sector organizations through sharing of best practices, tools, and resources. 
• World Economic Forum pegs cybersecurity failure as a major global risk -- The World Economic Forum’s global risks report for 2021 listed cybersecurity failures as the fourth major risk facing the world today for the next two to three years. COVID-19 topped the list for the next to years in the survey of WEF members. 
• Malware reportedly found on laptops given to children in England -- An investigation was launched in England after the IT team at the school in Bradford discovered that the laptops the state handed out for home-schooling were infected with a malware tied to a Russian server. Investigations are currently ongoing to determine the extent of the problem. In all cases, the malware was caught and removed before the laptops went out.
• Ransomware Accounts for 81% of All Financially Motivated Cyberattacks in 2020 -- A new study from AtlasVPN found that 81% of all attacks from financially motivated cybercriminals took the form of ransomware in 2020. Nearly two-thirds (63%) of attacks last year were financially motivated, ransomware was 81% of those attacks and the remaining 19% were point-of-sale intrusions, e-commerce attacks, business email compromise, and cryptocurrency mining.
• Hackers publish thousands of files after government agency refuses to pay ransom -- Thousands of files from the Scottish Environmental Protection Agency were published online recently after the agency refused to pay the ransom demanded by attackers. The agency’s operations remain disrupted more than a month after the attack first locked down their systems. 
• Another ransomware now uses DDoS attacks to force victims to pay -- The Avaddon ransomware gang is the latest group to add DDoS attacks to their arsenal, using the strategy to lock down a victim’s website or network and then start negotiating with them to pay the ransom.