Attack

Five ransomware attacks in 2022 so far you should know about

Five ransomware attacks in 2022 so far you should know about

Ransomware attacks have been on the rise, accelerated popularization of remote, increased digital transformation within organizations and increased risk around digital supply chains. The global cost of ransomware attacks is expected to increase from $20bn in 2021 to $265bn by 2031 according to predictions made by Cybersecurity Ventures. Ransomware is not going away in 2022. Here are five ransomware attacks that targeted large organizations since the start of the year. Shutting down the government Bernalillo County, the most populous county in New Mexico, US, discovered a data breach on 5 January 2022. Although no detail of ransom demands has been…
Read More
Everything you need to know about the Spring4Shell vulnerability

Everything you need to know about the Spring4Shell vulnerability

Spring – a widely-used Java framework from VMware – announced a remote code execution vulnerability that could affect users on 31 March 2021. While VMware learned of the issue on 29 March, and released a patch by 31 March, news of the vulnerability leaked on before the patch had been released. Users quickly drew comparisons between it and Log4Shell, dubbing it Spring4Shell. Spring4Shell is similar to Log4Shell in some ways (both affect popular Java frameworks), however, this comparison is not entirely accurate. Spring4Shell is still threatening but less so than Log4Shell. It is important to look past the hype to…
Read More
IOTW: Ukraine thwarts Russian cyber-attack on power grid

IOTW: Ukraine thwarts Russian cyber-attack on power grid

Ukraine’s Governmental Computer Emergency Response Team of Ukraine (CERT-UA) confirmed on 12 April that it had taken urgent measures in response to a security incident related to a targeted cyber attack on Ukraine’s energy facilities. The victim organization has not been disclosed by CERT-UA. Since the start of the Russian invasion of Ukraine in late February 2022 it has been expected that Russia would use cyber-attacks as part of its campaign, with critical infrastructure a valuable target. The attack involved the decommissioning of several infrastructural elements of the target of the attack. These included high-voltage electrical substations. The incident occurred…
Read More
IOTW: Social engineering attack sees Mailchimp hacked

IOTW: Social engineering attack sees Mailchimp hacked

Email marketing company, Mailchimp, has disclosed that it was targeted by hackers who gained access to and exported information from Mailchimp accounts. The incident was first raised to the Mailchimp security team on 26 March and the company disclosed the attack publicly on 4 April. “The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” the company said. Become a Cyber Security Hub member and gain exclusive access to our upcoming digital events, industry reports and expert webinars Mailchimp said that as part of the same…
Read More
IOTW: Ukraine suffers 15-hour internet outage

IOTW: Ukraine suffers 15-hour internet outage

Major internet disruption hit Ukrtelecom, Ukraine’s national internet provider, following a cyber-attack on 28 March. NetBlocks, a global internet monitoring organization, reported that at the time of the incident real-time network data showed connectivity collapsing to 13 percent of pre-war levels. “Real-time network data show an ongoing and intensifying nation-scale disruption to service, which is the most severe registered since the invasion by Russia,” NetBlocks said in a Tweet. Some reported that this was the most severe cyber-attack since the Russian invasion of Ukraine began on 24 February. The internet provider confirmed a cyber-attack against its core infrastructure. Ukrtelecom is…
Read More
IOTW: Lapsus$ gang targets Microsoft and Okta

IOTW: Lapsus$ gang targets Microsoft and Okta

The Lapsus$ hacker group has targeted Microsoft and Okta in recent breaches confirmed by both technology organizations. On 22 March 2022 Okta, an identity and access management company, confirmed that back in January it had “detected an unsuccessful attempt to compromise the account of a customer support engineer working for a third-party provider”. The statement came as Lapsus$, a South American hacking group, posted a message on 22 March, 2022, at 03:30 UTC on their official Telegram group claiming they had breached the company. According to the group the attack targeted Okta’s customers. Okta confirming the detials  On 23 March…
Read More
Biden warns organizations to act now against potential Russian cyber attack

Biden warns organizations to act now against potential Russian cyber attack

White House intelligence indicates that Russia may be exploring options for potential cyber-attacks against US targets. Evolving intelligence suggests that such an attack could be on the horizon as Russia looks to respond to the unprecedented sanctions the US has imposed following the outbreak of war in Ukraine. Cyber attacks are seen as part of Russia’s playbook. A statement released on 21 March by President Joseph Biden said, “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”…
Read More
IOTW: US agencies warn about cyber threats to satellite communications

IOTW: US agencies warn about cyber threats to satellite communications

The CISA and FBI have warned that SATCOMs are likely targets to cyber attacks Add bookmark The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued an alert pertaining to threats to both US and international satellite communication (SATCOM) networks on 17 March 2022. This follows an attack on commercial satellite operator Viasat, which caused a partial outage of its KA-SAT network in Europe. SATCOMs are critical during time of warfare. KA-SAT provides broadband internet to European and Mediterranean markets. The service was launched in May 2011. According to NetBlocks, an internet monitoring group,…
Read More
IOTW: Romanian oil company hit by ‘complex cyber-attack’

IOTW: Romanian oil company hit by ‘complex cyber-attack’

Rompetrol, a Romanian gas station chain and part of KMG International, has confirmed it was subject to a “complex cyber-attack”. Following the attack, which was confirmed on 7 March 2022 in a company Facebook post, the company sought to mitigate the impact on data by suspending operations of its website and its Fill&Go service at its gas stations. The company also noted that the activity at Petromidia refinery, the largest oil refinery in Europe and operated by Rompetrol, has not been affected and operation at the gas stations remain normal with payment accepted by either cash or card. Romania’s National…
Read More
IOTW: Car production halted by Toyota after suspected cyber-attack

IOTW: Car production halted by Toyota after suspected cyber-attack

One of Toyota Japan’s suppliers was hit by a cyber-attack which led to the suspension of production from 28 February and resuming on 2 March. First reported by the Nikkei Asia news agency, the cyber-attack affected Kojima Industries which manufactures both interior and exterior car parts and is a part of Toyota’s just-in-time supply chain in Japan. The issue resulted in 14 plants and 28 production lines being suspended. Plants outside of Japan have not been affected. In a statement on 1 March 2022, Toyota said: “We would like to apologize again to our customers, suppliers, and other related parties…
Read More