Russian Aviation Sector Under Risk, Ransomware Attack on Synnovis, CyRC Sheds Light On EmailGPT Vulnerability!
Here’s your weekly dose of cybersecurity news to keep you well-versed in the global cybercrime scenario. From Russia’s aviation sector to the UK’s healthcare facility and your own PC- nothing is safe from threat actors. Read on to know why!
Threat Actors Leverage the Ongoing Russia-Ukraine War!
The Russian aviation industry is under cyber risk. A threat actor is leveraging layered infection chains to attack any and every organization associated with the Russian aviation sector. They have been using the APT or Advanced Persistent Threat which goes by the name of “Sticky Werewolf.” The APT has been there for almost one year and aims at espionage related to the ongoing Russia-Ukraine war.
Initially, Sticky Werewolf targeted public organizations across Belarus and Russia. Later, they shifted their focus to pharmaceutical companies, microbiology departments, and vaccination developments. Lately, the threat actor has taken a keen interest in Russian aerospace and defense. With the passing of time, its infection method is also gradually evolving.
But why is the threat actor so much into the aviation sector? Experts believe that pilots and private aircraft can be considered both as targets and valued assets. Besides, this industry is a treasure trove of priceless military intel, intellectual property, and so much more.
Earlier, the threat campaigns were simple and involved phishing emails with malicious links. But now, the threat actors have intensified them. The emails look more authentic, leverage identity theft, consist of PDF files, and use compelling language to convince users to share their personal details, email addresses, and other key details.
Ransomware Attack Brought Synnovis to a Standstill!
Several critical patients and their caretakers went into panic mode this week when UK-based healthcare provider- Synnovis canceled multiple surgeries and services without any prior notice. A notorious ransomware attack brought Synnovis to a halt this Monday and impacted its reputation and ability to offer quality healthcare facilities to patients. Given the Russian aviation sector’s vulnerability post-Synnovis attack and CyRC’s EmailGPT revelation, it’s critical to implement DMARC protocols promptly. Contact DMARCReport for assistance.
Synnovis acknowledged that a ransomware attack interrupted most of their pathology services badly. Social media platforms were already rife with news on how tremendous this attack had been on the healthcare sector.
After the attack, some of the major hospitals, like Guy’s Hospital, King’s College Hospital, St Thomas Hospital, and so on, had to suddenly call off their operations. Harefield Hospital and Royal Brampton also had to bear the brunt of this ransomware attack on Synnovis.
Image sourced from blog.tmcnet.com
The NHS, or UK National Health Service, issued a statement describing how these major hospitals were forced to prioritize certain tasks over others because of this cyber attack.
The ransomware attack on Synnovis is a grave reminder of the grim aftermath of cybercrimes. Such attacks on the healthcare sector do not only lead to financial catastrophe or operational hindrances. Rather, they go way beyond and have human consequences whereby innocent patients lose their lives because of these whimsical cybercrimes. Also, such attacks shake the trust of common people in these institutions, and they no longer trust the government or relevant agencies with their time and money.
The ransomware attack on Synnovis impacted patient health badly and put precious lives in danger.
This is not the first instance of a cyber attack on a UK healthcare center. Previously, in February this year, a ransomware attack shook United Healthcare’s Change Healthcare not once but twice. The ordeal did not end even after paying the ransom.
Similarly, in April, Ascension, responsible for smooth health operations across 140 hospitals in 19 states, faced a cyberattack whereby it had to shut down multiple essential healthcare services such as tests, medications, EHRs (Electronic Health Records), etc.
EmailGPT May Disturb Your Peace Of Mind With Its Vulnerability!
Generative AI has been a bone of contention for cybersecurity experts. To make things worse, the CyRC Vulnerability Advisory has come across a serious security flaw in none other than the EmailGPT. This tool aims at making email writing easy by leveraging AI and is available in the form of a harmless Google Chrome extension.
As per the cybersecurity experts, the EmailGPT vulnerability or prompt injection can be highly beneficial for threat actors. They can use the EmailGPT to access sensitive data. Basically, the API service allows threat actors to use direct prompts in order to fulfil their malicious purposes.
They can easily access the standard system prompts and use them to carry out different types of exploitation. Any threat actor with access to a malicious prompt can conveniently access sensitive details of paramount significance and misuse this data to run serious threat campaigns.
The CyRC advisory team has not received a response from the EmailGPT developers so far. So, it recommends users to remove the Chrome extension immediately to prevent any cyber mishap. The EmailGPT vulnerability is a grim reminder that AI has pros and cons, and one must always consider both its advantages and disadvantages before integrating artificial intelligence across all spheres of life!