Hello! It was another active week in cybersecurity. Here’s our breakdown of the week’s major developments.
The UK Labor Party was actually hit by a third-party cyber attack. Unfortunately, this has resulted in a leak in member data. While details are still to be released, Labor said it was informed of a “cyber incident” on October 29 by an unnamed external data processor. This incident led to “a significant amount of data being made inaccessible by parties on their systems”. The hack is the third for the party. In August 2020, it informed its supporters that one of its suppliers – Blackbaud – had been compromised by a separate sophisticated ransomware attack, and also in 2019 when it was hit by a DDoS attack.
Also in the UK, a high-end jeweler was involved in a cyber incident. London-based Diamond specialist Graff was reportedly hit by a ransomware attack, which led to an investigation by the Information Commissioner’s Office (ICO). The ransomware gang Conti is said to be behind the attack. By the beginning of this week, 69,000 documents had already leaked on the Darknet. The list of victims includes high profile names like ex-soccer players David Beckham and Frank Lampard, former President Donald Trump, actors Tom Hanks and Samuel L. Jackson, and disgraced businessman Sir Philip Green.
In Greece, several Greek shipping companies were hit by a ransomware attack that spread via the systems of the popular, established IT consultancy Danaos Management Consultants. It is said that Danaos’ own shipping operations were not affected and that less than 10 percent of its external customers had their files encrypted by the ransomware attack.
In Canada, the health system in the province of Newfoundland and Labrador has been grappling with a cyber attack since last Saturday. It seems significant enough to have an impact on national security. At a press conference on Wednesday, Minister of Health and Community Services, John Haggie, confirmed that the IT outage affecting most of the provincial health system was caused by a cyber attack. However, he dismissed questions about how it started and whether it was a ransomware attack as reported by CBC News. Fortunately, on Thursday morning, the patient information system at St. John’s Health Science Center, the city’s main hospital, was back online.
Here in the US, government officials on Wednesday issued a comprehensive policy calling on civil federal agencies to immediately update hardware and software at risk of hacking. This is not much of a surprise in the face of attacks like Solar Winds. The new policy gives authorities – the Pentagon is the exception – just two weeks to fix newly discovered software vulnerabilities and requires authorities to have a process to mitigate the impact of these security issues.
Also earlier this week, the FBI issued an urgent warning that cyber trolls are targeting companies with Trojan horse malware and that they “are very likely to use significant financial events such as mergers and acquisitions to exploit victim companies for ransomware infections.” The FBI cited examples such as one from early 2020, when, according to this article in Bank Info Security, a ransomware actor nicknamed Unknown was posted on the Russian hacking forum Exploit, encouraging the use of the Nasdaq stock market to help the extortion process influence. The malware analyst Damian shared the report with the Bleeping Computer news platform. The operators of Sodinokibi / REvil say: “[We] have some interesting thoughts on auto-notification email addresses from exchanges (e.g. NASDAQ) that allow you to influence the company’s financial condition quickly and efficiently. “
That’s all for this week. Thank you for visiting our blog and have a nice weekend!
The most important global industry news
computer (November 4, 2021) Labor Party reveals cyberattack, member data stolen
“The Labor Party has suffered a ‘cyber incident’ in which members’ personal data was stolen by an unnamed third party that processes their member data.
In a statement, the party said it was informed of the incident on October 29 and that “a significant amount of party data” had been made inaccessible. Labor does not provide any further details about the attack, but based on this description, ransomware seems likely.
The National Crime Agency, NNCSC, ICO and Parliamentary Security are investigating, according to the party.
Information stolen includes “information provided to the party by its members, registered and affiliated supporters, and others who have provided their information to the party”.
CBC news (November 4, 2021) NL healthcare cyberattack is worst in Canadian history, says cybersecurity expert
“Newfoundland and Labrador have had a cyber attack on their healthcare system since Saturday.
A cybersecurity expert says the cyberattack on the Newfoundland and Labrador health systems may be the worst in Canadian history and have implications for national security.
David Shipley, the CEO of a cybersecurity firm in Fredericton, said he has seen similar violations before, but usually on a smaller scale.
“We have never seen such a major shutdown on a healthcare network,” Shipley said in an interview with CBC News. ‘The severity of it is what really sets it apart.’ ”
The maritime executive (November 3, 2021) Cyber attack hits several Greek shipping companies
“According to the Greek outlet Mononews, several Greek shipping companies were hit by a ransomware attack that spread via the systems of a popular, established IT consultancy.
Danaos Management Consultants, the IT service provider whose services were affected by the hack, confirmed the incident and. The company said Danaos’ own shipping operations were unaffected and that less than 10 percent of its external customers had their files encrypted by the ransomware attack.
An independent cybersecurity firm was hired to investigate the incident and determine how the ransomware got into Danaos’ customer-facing systems. In the meantime, the company is helping affected customers restore their systems. “
CNN (November 3, 2021) Cyber officials issue comprehensive policy urging federal agencies to update systems at risk of hacking
“On Wednesday, US officials issued a comprehensive policy calling on civil federal agencies to promptly update hardware and software that are vulnerable to hacking attacks following multiple breaches in government networks in recent years.
The policy only gives authorities two weeks to fix newly discovered software vulnerabilities and requires authorities in place to have a process in place to mitigate the impact of these security issues. The policy does not apply to the Pentagon, which is responsible for its own networks.
The new policy comes after several warnings from U.S. cybersecurity officials and outside experts that the federal defense has not kept pace with attempts by cyber criminals and state-sponsored hackers to access sensitive federal information. Alleged Russian hackers were able to go undetected for months in the unclassified networks of authorities such as the Ministry of Justice in the past year before a private company discovered the break-ins. “
CyberScoop (Nov. 2, 2021) The FBI warns that ransomware scammers are planning timing hacks to target big deals
“Companies planning major financial steps should be wary of ransomware attacks, the FBI warned on Monday in a warning.
Ransomware hackers are “very likely” timing attacks that coincide with financial events, according to the warning, and threaten to wreak havoc on investors if victims fail to pay.
To carry out the targeted attacks, scammers first identify information that could threaten a victim’s stock value. Between March 2020 and July 2020, two companies were infected with ransomware in private merger negotiations. The FBI also found that a hacking tool popular with ransomware actors was programmed to perform keyword searches on stock prices, suggesting that attackers were looking for specific information that they could use. “
IT-PRO (November 1, 2021) Celebrity data has been leaked following a ransomware attack on London-based jeweler Graff
“London-based diamond specialist Graff was reportedly hit by a ransomware attack, which prompted an investigation by the Information Commissioner’s Office (ICO).
The attack is believed to have been carried out by Conti, a notorious ransomware group based in Russia that is also blamed for a surge in attacks in the US recently.
A total of 69,000 documents have already been leaked on the Darknet, a number that makes up only 1% of the total files that Conti has stolen, the hacker group claimed. The list of victims includes high profile names like ex-soccer players David Beckham and Frank Lampard, former President Donald Trump, actors Tom Hanks and Samuel L. Jackson, and disgraced businessman Sir Philip Green, according to the Mail on Sunday first reported the story. “
Other industry news
Biden Government Takes Federal Agencies to Fix Hundreds of Cyber Bugs – Wall Street Journal (Requires Subscription)
German student app caught by data protection breach – Digital Journal
The Groove ransomware gang was kidding – Krebs on Security
California Clinic Network Cyber Incident Affects 656,000 – Healthcare Information Security
FTC wants to know when financial data is compromised, needs encryption – CyberScoop
As hackers target energy companies, phishing on mobile devices increases – SiliconANGLE
Cring ransomware continues to attack industrial companies with outdated applications and VPNs – ZDNet
Phishing and spam baits offer sports, aiming to steal credentials – dark reading
Phishing attacks are harder to spot on your smartphones. That’s why hackers use them more often – ZDNet