Content 

01. News Bites
  • UK hospital network delays procedures following cyberattack
  • Operation Serengeti: Over 1,000 cybercrime suspects arrested across Africa
  • Blue Yonder ransomware attack disrupts supply chains
  • UK businesses lose £44 billion to cyberattacks over five years
  • RomCom cybercrime group exploits two zero-day vulnerabilities in widespread campaign
02. Conclusion

Quick News Bites

UK hospital network delays procedures following cyberattack 

This week, Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, suffered a significant cyberattack, disrupting services across its facilities. The breach, disclosed on Monday, has led to IT systems being taken offline, forcing the hospital to operate manually, delaying appointments and procedures. 

WUTH oversees Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children's Hospital, providing critical services like emergency care, surgery, and cancer treatment. The disruption has caused increased waiting times and limited availability of diagnostic services, including X-rays and treatments. 

A WUTH spokesperson stated: “Suspicious activity was detected, and systems were isolated as a precaution. We’ve reverted to manual processes to ensure service continuity, but delays are inevitable.” 

Staff have described the fallout as severe. “Without digital systems, everything is done manually, making operations extremely difficult,” one staff member told ECHO. Patients were informed that surgeries and treatments are currently unavailable, with no timeline for restoration. 

The hospital has urged the public to reserve emergency visits for genuine needs to prevent overburdening services. 

No ransomware groups have claimed responsibility, and the attack’s nature remains undisclosed. As of now, recovery efforts continue, but the damage to hospital operations is substantial. 

This incident highlights the critical need for robust cyber defences in healthcare as organisations remain prime targets for cybercriminals. 

Operation Serengeti: Over 1,000 cybercrime suspects arrested across Africa 

Law enforcement agencies across 19 African nations, coordinated by Interpol and Afripol, have arrested 1,006 individuals as part of Operation Serengeti, targeting cybercriminals involved in ransomware, business email compromise (BEC), digital extortion, and online scams. The operation, conducted from September 2nd to October 31st, dismantled 134,089 malicious infrastructures linked to nearly $193 million in global financial losses. 

Key successes include Kenya’s crackdown on a $8.6 million credit card fraud ring and Senegal’s dismantling of a $6 million Ponzi scheme. Nigeria arrested an individual behind cryptocurrency scams totalling $300,000, while Cameroon disrupted a marketing scam trafficking victims from seven countries. Angola dismantled a virtual casino fraud, making 150 arrests and seizing hundreds of devices. 

Operation Serengeti recovered $44 million and underscores the critical role of international collaboration in combating cybercrime, with operational partners like Fortinet, Kaspersky, and Group-IB providing crucial intelligence. 

Blue Yonder ransomware attack disrupts supply chains 

US-based supply chain SaaS vendor Blue Yonder has disclosed a ransomware attack causing significant service disruptions, leaving its customers grappling with operational challenges. 

The incident, reported on November 21, affected Blue Yonder’s managed services environment. By November 23, the company announced progress in recovery efforts alongside external cyber security firms but could not predict when systems would fully resume operations. 

The impact has been widespread. Starbucks reportedly faced issues with payroll and staff scheduling systems but continues to operate. In the UK, major retailers Morrisons and Sainsbury’s have reverted to backup processes, with Morrisons acknowledging supply chain disruptions affecting store deliveries. 

Blue Yonder stated it has implemented "defensive and forensic protocols" but offered few additional details. 

The incident underscores the vulnerability of supply chains to ransomware, recalling past crises like the Colonial Pipeline attack. Fortunately, this disruption appears unlikely to impact peak holiday retail seasons in the US or UK. 

UK businesses lose £44 billion to cyberattacks over five years 

Cyberattacks have cost British businesses approximately £44 billion ($55.08 billion) in lost revenue over the past five years, with more than half (52%) of private sector companies reporting at least one incident, according to insurance broker Howden. 

On average, cyberattacks account for 1.9% of a business's revenue, with larger organisations—those generating over £100 million annually—being the most frequent targets. The most common attack methods were compromised emails (20%) and data theft (18%). 

Alarmingly, only 61% of surveyed businesses use anti-virus software, and just 55% have implemented network firewalls. Cost constraints and a lack of internal IT expertise were cited as barriers to stronger cyber defences. 

“Cybercrime is on the rise, with malicious actors exploiting vulnerabilities as businesses become increasingly dependent on technology,” said Sarah Neild, head of UK cyber retail at Howden. 

These findings are based on a September survey of 905 UK private sector IT decision-makers conducted by YouGov. 

RomCom cybercrime group exploits two zero-day vulnerabilities in widespread campaign 

Russian-based RomCom cybercriminal group recently exploited two zero-day vulnerabilities in coordinated attacks targeting Firefox and Tor Browser users across Europe and North America. 

The first vulnerability (CVE-2024-9680), a use-after-free bug in Firefox's animation timeline, allowed code execution within the browser’s sandbox. Mozilla patched this on October 9, 2024. The second flaw (CVE-2024-49039), a privilege escalation issue in Windows Task Scheduler, enabled attackers to execute code outside Firefox's sandbox. Microsoft addressed this vulnerability on November 12. 

RomCom chained these exploits to achieve remote code execution without user interaction. Victims visiting attacker-controlled websites were compromised, leading to the deployment of the RomCom backdoor. Analysis revealed the campaign also targeted Tor Browser users via malicious JavaScript exploits. 

ESET telemetry indicates the attacks were widespread, targeting up to 250 victims per country. RomCom continues to target organisations in Ukraine, Europe, and North America across industries like government, defence, and energy, demonstrating its sophisticated and evolving capabilities. 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.