Authentication failure blamed for Change Healthcare ransomware attack
- by nlqip
“It’s highly likely that the absence of multi-factor authentication allowed attackers to circumvent the security measures of UnitedHealth Group’s [Change] Healthcare unit,” Aleem said. “Initial reports suggest that the attackers remained undetected in the environment for over a week and conducted lateral movement.”
Aleem added: “It’s probable that the attackers left some traces, or ‘breadcrumbs’, which went unnoticed by the UnitedHealth IT security team, thereby extending the breach exposure time.”
According to the latest edition of Verizon’s annual Data Breach Incident Report (DBIR), 74% of all breaches include a human element, with credential theft playing a big role.
Mark Allen, head of cybersecurity at CloudCoCo, said, it was entirely plausible that MFA not being enabled played a role in hackers being able to remotely access the systems at Change Healthcare.
“Every organisation needs to cultivate a robust cybersecurity environment, and that starts with a basic zero-trust strategy at its core,” he said. “Deploying MFA is non-negotiable. It’s the front line in ensuring that users are who they claim to be.”
While MFA is a recommended tool for preventing cyberattacks, it’s not the only defensive tool capable of mitigating ransomware attacks. MFA in itself is far from “bullet-proof” because it can be bypassed in man-in-the-middle (MitM) attacks, Sygnia’s Aleem warned.
Source link
lol
“It’s highly likely that the absence of multi-factor authentication allowed attackers to circumvent the security measures of UnitedHealth Group’s [Change] Healthcare unit,” Aleem said. “Initial reports suggest that the attackers remained undetected in the environment for over a week and conducted lateral movement.” Aleem added: “It’s probable that the attackers left some traces, or ‘breadcrumbs’,…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA