Authentication failure blamed for Change Healthcare ransomware attack
- by nlqip
“It’s highly likely that the absence of multi-factor authentication allowed attackers to circumvent the security measures of UnitedHealth Group’s [Change] Healthcare unit,” Aleem said. “Initial reports suggest that the attackers remained undetected in the environment for over a week and conducted lateral movement.”
Aleem added: “It’s probable that the attackers left some traces, or ‘breadcrumbs’, which went unnoticed by the UnitedHealth IT security team, thereby extending the breach exposure time.”
According to the latest edition of Verizon’s annual Data Breach Incident Report (DBIR), 74% of all breaches include a human element, with credential theft playing a big role.
Mark Allen, head of cybersecurity at CloudCoCo, said, it was entirely plausible that MFA not being enabled played a role in hackers being able to remotely access the systems at Change Healthcare.
“Every organisation needs to cultivate a robust cybersecurity environment, and that starts with a basic zero-trust strategy at its core,” he said. “Deploying MFA is non-negotiable. It’s the front line in ensuring that users are who they claim to be.”
While MFA is a recommended tool for preventing cyberattacks, it’s not the only defensive tool capable of mitigating ransomware attacks. MFA in itself is far from “bullet-proof” because it can be bypassed in man-in-the-middle (MitM) attacks, Sygnia’s Aleem warned.
Source link
lol
“It’s highly likely that the absence of multi-factor authentication allowed attackers to circumvent the security measures of UnitedHealth Group’s [Change] Healthcare unit,” Aleem said. “Initial reports suggest that the attackers remained undetected in the environment for over a week and conducted lateral movement.” Aleem added: “It’s probable that the attackers left some traces, or ‘breadcrumbs’,…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’