Jump to content
Kev

Ransomware: 'We won't pay ransom,' says Ireland after attack on health service

Recommended Posts

Ireland's health services are still recovering from a ransomware attack, but hackers shouldn't expect their demands to be met.

 

medicalistock-695218436.jpg

 

Rapid7 has disclosed the compromise of customer data and partial source code due to the Codecov supply chain attack. 

 

On Thursday, the cybersecurity firm said it was one of the victims of the incident, in which an attacker obtained access to the Codecov Bash uploader script. 

 

The cyberattack against Codecov took place on or around January 31, 2021, and was made public on April 15. The organization, which provides code coverage and testing tools, said that a threat actor tampered with the Bash uploader script, thereby compromising the Codecov-actions uploader for GitHub, Codecov CircleCl Orb, and the Codecov Bitrise Step. 

 

This enabled attackers to export data contained in user continuous integration (CI) environments. 

 

Hundreds of clients were potentially impacted, and now, Rapid7 has confirmed that the company was one of them. 

 

Rapid7 says the Bash uploader was used in a limited fashion as it was only set up on a single CI server used to test and build tooling internally for the Managed Detection and Response (MDR) service. 

 

As such, the attacker was kept away from product code, but they were able to access a "small subset of source code repositories" for MDR, internal credentials -- all of which have now been rotated -- and alert-related data for some MDR customers. 

 

Rapid7 has reached out to customers impacted by the data breach. 

 

The company pulled in cyberforensics assistance and following an investigation, has concluded that no other corporate systems or production environments were compromised. 

 

Codecov has since removed the unauthorized actor from its systems and is setting up monitoring and auditing tools to try and prevent another supply chain attack from occurring in the future.

 

Impacted customers were notified via email addresses on record and through the Codecov app. Codecov recommends that users of the Bash uploaders between January 31, 2021, and April 1, 2021, who did not perform a checksum validation should re-roll their credentials out of caution. 

 

Via zdnet.com

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...