Overview of cybersecurity news: week of November 1, 2021
Hi! It has been another active week in cybersecurity. Here’s our breakdown of the week’s most important developments.
The British Labor Party has indeed been impacted by a cyberattack by a third-party company. Unfortunately, this led to a leak of member data. While details are still known, the Labor Party said it was informed of a “computer incident” by an anonymous third-party data processor on October 29. This incident led to “making inaccessible a significant amount of party data on their systems”. The hack is the third for the party. In August 2020, he informed his supporters that one of his vendors – Blackbaud – had been compromised in a separate sophisticated ransomware attack, and also back in 2019 when affected by a DDoS attack.
Also in the UK, a high-end jeweler was involved in a cyber incident. London diamond specialist Graff was reportedly hit by a ransomware attack, which sparked an investigation by the Information Commissioner’s Office (ICO). The Conti ransomware gang is believed to be behind the attack. At the start of this week, 69,000 documents had already been leaked on the dark web. The casualty list includes prominent names such as ex-footballers David Beckham and Frank Lampard, former President Donald Trump, actors Tom Hanks and Samuel L Jackson and disgraced businessman Sir Philip Green.
In Greece, several Greek shipping companies were hit by a ransomware attack that spread through the systems of a popular and well-established IT consultancy, Danaos Management Consultants. He said that Danaos’ own shipping operations had not been affected and that less than 10% of its external customers had their files encrypted by the ransomware attack.
In Canada, the health system in the province of Newfoundland and Labrador has been facing a cyberattack since last Saturday. It appears to be important enough to have national security implications. TO press conference wednesdayHealth and Community Services Minister John Haggie confirmed that the computer failure that affected most of the provincial health care system was caused by a cyber attack. However, he deflected questions about how it started and whether, as CBC News reported, it was a ransomware attack. Fortunately, by Thursday morning, the patient information system at St. John’s Health Sciences Center, the city’s main hospital, was back online.
Here in the United States, government officials on Wednesday issued a sweeping directive requiring federal civilian agencies to quickly update hardware and software vulnerable to piracy. This is not a big surprise considering attacks like Solar Winds. The new directive gives agencies – the Pentagon being the exception – only two weeks to fix newly discovered software vulnerabilities, and requires agencies to put in place a process to mitigate the impact of these security issues.
Also this week, the FBI issued an urgent warning regarding cyber trolls who attack businesses with Trojans and “most likely use significant financial events, such as mergers and acquisitions, to target and exploit businesses that are victims of” ransomware infections ”. The FBI cited examples like the one in early 2020, when, according to this article by Security of banking information, a ransomware player using the nickname Unknown posted on the Russian Exploit hacking forum that encouraged the use of the Nasdaq Stock Market to influence the extortion process. Malware analyst Damian shared the post with the Bleeping Computer news platform. In it, the Sodinokibi / REvil operators say: “[We] have some interesting thoughts on automatic stock exchange notification email addresses (eg NASDAQ), which will allow you to influence the financial position of the company quickly and effectively.
It’s all for this week. Thank you for stopping by our blog, and have a good weekend!
Top Global Industry News
Computing (November 4, 2021) Labor Party Discloses Cyber Attack, Membership Data Stolen
“The Labor Party has suffered a ‘computer incident’ with personal member details stolen from a third-party company that manages its membership data.
In a statement, the party said it was informed of the incident on October 29 and that “a significant amount of party data” had been made inaccessible. Labor does not give more details about the attack, but from this description, ransomware seems likely.
The National Crime Agency, NNCSC, ICO and Parliamentary Security are all investigating, according to the party.
Stolen information includes “information provided to the Party by its members, registered supporters and affiliates, and others who have provided their information to the Party.”
Radio-Canada News (November 4, 2021) Newfoundland and Labrador healthcare cyberattack worst in Canadian history, says cybersecurity expert
“Newfoundland and Labrador has faced a cyberattack on its health care system since Saturday.
A cybersecurity expert says the cyberattack on Newfoundland and Labrador’s health care system may be the worst in Canadian history and has national security implications.
David Shipley, CEO of a cybersecurity firm in Fredericton, said he has seen similar breaches before, but usually on a smaller scale.
“We have never seen such a significant health network pullout, ever,” Shipley said in an interview with CBC News. “The gravity of this situation is what really sets her apart. “
The maritime executive (November 3, 2021) Cyber attack hits several Greek shipping companies
“Several Greek shipping companies have been affected by a ransomware attack that spread through the systems of a popular and well-established IT consulting company, according to Greek newspaper Mononews.
Danaos Management Consultants, the IT service provider whose services were affected by the hack, confirmed the incident and. The company said that Danaos’ own shipping operations had not been affected and that less than 10% of its external customers had their files encrypted by the ransomware attack.
An independent cybersecurity company was hired to investigate the incident and determine how the ransomware entered Danaos customer systems. Meanwhile, the company is helping affected customers as they attempt to restore their systems. “
CNN (November 3, 2021) Cyber officials issue sweeping directive forcing federal agencies to update systems vulnerable to hackers
“US officials on Wednesday issued a sweeping directive requiring federal civilian agencies to quickly update hardware and software vulnerable to piracy following multiple breaches of government networks in recent years.
The directive gives agencies only two weeks to remediate newly discovered software vulnerabilities, and requires agencies to put in place a process to mitigate the impact of these security issues. The directive does not apply to the Pentagon, which is in charge of its own networks.
The new policy comes after several warnings from U.S. cybersecurity officials and outside experts that federal defenses have failed to keep pace with attempts by cybercriminals and state-sponsored hackers to gain access to federal information sensitive. Suspected Russian hackers were able to go undetected for months last year in unclassified networks of agencies such as the Justice Department before a private company discovered the intrusions.
CyberScoop (November 2, 2021) FBI warns ransomware crooks plan hacks to target large corporations
“Companies planning big financial moves should be wary of ransomware attacks,” the FBI warned in an alert Monday.
According to the alert, ransomware hackers are “very likely” sync attacks that coincide with financial events, and will threaten to wreak havoc on investors if the victims do not pay.
In order to carry out targeted attacks, crooks first identify information that could threaten the value of a victim’s actions. For example, between March 2020 and July 2020, two companies in private merger negotiations were infected with ransomware. The FBI also discovered that a hack tool popular with ransomware players was programmed with keyword searches related to stock prices, indicating that attackers were looking for specific information to exploit.
IT PRO (November 1, 2021) Celebrity data leaked after ransomware attack on London’s Graff jewelers
“London-based diamond specialist Graff was reportedly hit by a ransomware attack, which sparked an investigation by the Information Commissioner’s Office (ICO).
The attack was reportedly carried out by Conti, an infamous Russian-based ransomware group that has also been blamed for a recent increase in attacks in the United States.
A total of 69,000 documents have already been leaked to the dark web, a number that represents just 1% of the total files stolen by Conti, the hacking group claimed. The list of victims includes prominent names such as ex-footballers David Beckham and Frank Lampard, former President Donald Trump, actors Tom Hanks and Samuel L Jackson, and disgraced businessman Sir Philip Green , according to the Mail on Sunday, which first reported the story. “