This past month has been an interesting one for cyber security enthusiasts (like us!) – a mixture of cyber activity, policy setting and mini breakthroughs. Again, we’ve collated the top stories from the month of February, so you don’t have to:
- Late in the month, the AICD published a governance framework to guide Boards through cyber incidents. Find it here: Governing Through a Cyber Crisis - Cyber Incident Response and Recovery for Australian Directors
- We now have a new National Cyber Security Coordinator, Lieutenant General Michelle McGuiness. Lieutenant General McGuinness served in the Australian Defence Force for 30 years in a range of tactical, operational, and strategic roles both in Australia and internationally. Here’s the Minister for Home Affairs’ release on Lieutenant General McGuiness’ appointment: Appointment of new National Cyber Security Coordinator
- The Government’s National Office of Cyber Security released a report on the HWL Ebsworth cyber security incident. While it is “light on”, it does make an interesting observation about the use of injunctions in mitigating risks in the event of a data breach. See here: NOCS HWL Ebsworth Lessons Learned Report
- The OAIC released its notifiable data breach report for July to December 2023. Notifications are up, including in relation to malicious activity. Surprisingly, human error-related incidents have also taken a bit of a jump. It’s clear the OAIC is moving into a more active enforcement phase as well. See the report here: Notifiable Data Breaches Report: July to December 2023
- Law enforcement around the world has made some progress in relation to threat actor activity. Last month, BlackCat’s leak site was taken down, the Medibank perpetrator was outed, and we’ve been having a series of “whack-a-mole” fights with LockBit. We’ve included a range of articles to help you dissect all that’s gone on in the world of cyber law enforcement.
- The NIST has released Version 2.0 of its cyber security framework. The NIST is moving to broaden its assistance reach (beyond critical infrastructure) and is starting to look more user friendly. The press release (with links to the new 2.0 edition) is here: NIST Releases Version 2.0 of Landmark Cybersecurity Framework
- It looks like we’re seeing some really material supply chain / third party breaches. We’re also witnessing record-breaking ransomware profits even though less companies are choosing to pay ransom demands (so less are paying, but those that are, are paying more!). See this key article for more: Record-Breaking Ransomware Profits Surpassed $1B in 2023
- Importantly, the Government’s consultation period in relation to the recent cyber security reform proposals closed on 1 March. This is the first of a number of reform initiatives. Please see here for the consultation page: Cyber Security Legislative Reforms
Contents
-
News from HSF
-
Regulatory and industry insights
-
Cyber research and reports
-
Recent cyber incidents and developments
Cyber simulations through the roof
In an interesting development in our practice, we’re seeing a lot of clients investing in cyber simulation exercises. Across our firm (and our network) we have now completed well in excess of 40 simulations and have about 20 more locked in. A plan is nothing without planning…so let us know if we can help you.
Australia
‘Keeps me up at night’: How Australia’s government sees hacker threat
Australian Financial Review – 29 February 2024
This article sets out comments made by Home Affairs Minister, Clare O’Neil, who has warned of the increasing cyber sabotage on Australian power, telecommunications, health, and water infrastructure. The article suggests that although the Minister did not name China as a direct threat, her comments come a month after the US disrupted a Chinese state-led hacking project. The Minister raised further concerns about Australia’s ability to recover from a cyberattack on essential infrastructure.
ASIO direct-general warns of nation-state actors targeting critical infrastructure
Cyber Daily – 29 February 2024
This article details warnings from Australia’s spy chief that nation-state threat actors are aggressively targeting Australian critical infrastructure. The Director-General of the Australian Security Intelligence Organisation (ASIO), Mike Burgess, also claimed that cyber is the most immediate, low cost, and potentially high-impact vector for sabotage. Mr Burgess’ concerns echo comments made by Home Affairs Minister Clare O’Neil, which suggest that Australia’s critical infrastructure could be facing an influx of cyber espionage in 2024.
New cyber guidelines: ‘Ignore at your peril’
The Australian – 28 February 2024
This article explores the Federal Government’s endorsement of new governance guidelines to help hold Australian company directors to greater accountability and higher standards for responding and managing cyber incidents. See also the AICD press release (28 February).
Lieutenant General Michelle McGuinness appointed national cyber security coordinator
ABC News – 25 February 2024
This article confirms that the appointment of Lieutenant General Michelle McGuinness as the new National Cyber Security Co-ordinator. Lieutenant McGuinness served the Australian Defence Force for 30 years in tactical, operational and strategic roles, and replaces Air Marshall Darren Goldie as Co-ordinator (who was recalled last year). See also the Minister for Home Affairs’ media release (25 February) and ITNews article (26 February).
ATO defends against 4.7m cyberattacks each month
Australian Financial Review – 21 February 2024
This article touches on comments made by the Australian Taxation Office (ATO) Commissioner, Chris Jordan, who states that the ATO defends against 4.7 million cyber-attacks each month. Mr Jordan points to the ATO holding 50 petabytes of data as a cause for the frequency of attacks, with threat actors routinely targeting the ATO website, services, and technology infrastructure. See also Cyber Daily article (21 February).
Aust-UK deepen online safety cooperation with new pact
Innovation Aus – 21 February 2024
This article summarises Australia and the UK’s commitment to a new intergovernmental agreement on improving digital online safety, and addressing harms caused by technologies like generative AI. Australia and the UK will seek to strengthen their respective Online Safety Acts, with the agreement encouraging increased coordination between regulators and law enforcement agencies and working with industry to address other challenges.
Five telcos breached for allowing SMS scams
Australian Communications and Media Authority – 15 February 2024
This release by the Australian Communications and Media Authority (ACMA) confirms that action has been taking against five telcos who allegedly sent bulk SMS messages, breaching multiple anti-scam and public safety rules. Investigations by ACMA found these entities allowed millions of SMS messages to be sent using text-based sender IDs without sufficient checks to ensure they were not scams.
Paying cyber-ransoms still lands organisations in hot water
Australian Cyber Security Magazine – 15 February 2024
This article outlines the potential offences and penalties facing organisations who elect to pay a cyber ransom. Whilst there is no legislation which outright prohibits ransom payments, making a payment could still constitute an offence such money laundering under the Criminal Code Act 1995 (Cth) or a breach of director’s duties under the Corporations Act 2001 (Cth). However, some ransomware experts have expressed concerns over an outright ban on paying ransom demands, suggesting that cybercriminal behaviour would remain unaffected by such a policy change.
ASD sees “frequency, richness” of cyber info sharing fall away
ITNews – 14 February 2024
This article discusses how the Australian Signals Directorate (ASD) has called for new trusted information exchange mechanisms due to a decline in cyber incident data sharing by the private sector. The ASD has suggested a limited use obligation for cyber incident disclosure, subject to restrictions. The decline in reporting has also been attributed to the growing regulation over industry responses to cyber security. See also Cyber Daily article (14 February).
New expert group will help guide the future of safe and responsible AI in Australia
Department of Industry, Science and Resources – 14 February 2024
This release by the Department of Industry, Science and Resources provides that the Australian Government has established a temporary AI expert group that will advise on the testing, transparency, and accountability measures for AI. The group includes experts from several areas including law, ethics and technology, and will continue to operate until 30 June 2024.
Review to examine new penalties, cost recovery for online safety
Innovation Aus – 13 February 2024
This article details Australia’s review of its online safety laws, led by former consumer watchdog deputy chair Delia Rickard. The review will consider existing elements of the Online Safety Act 2021 (Cth) and address harms not explicitly captured under the existing statutory schemes. It will also examine the impact of generative AI, immersive technologies, and decentralised platforms on harms. The government will release an issue paper for consultation in the coming months.
International
Mass sale of data to China and Russia banned in US executive order
Cyber Daily – 29 February 2024
This article details that the US government has banned the sale of bulk data belonging to American citizens to countries deemed a ‘concern’, including Russia, China, North Korea, and Iran. Countries of concern will no longer have access to sensitive personal information of Americans or government-related data, and the acquisition, holding, transfer, transportation, or exportation of any property is prohibited. The order gives the Justice Department the authority to block countries that pose a threat to national security from harvesting Americans' most sensitive personal data.
Defensive AI safeguards against emerging cyber threats
Australian Cyber Security Magazine – 26 February 2024
This article investigates Google’s recent announcement of an AI Cyber Defense Initiative, which emphasises the importance of defending against sophisticated cyber threats. AI is expected to play a pivotal role in collecting, processing, and neutralising threats, transforming the way organisations combat cyber risks. Notably, patent filings for AI-driven security solutions surged from 387 in 2018 to 1,098 in 2023, reinforcing the robust growth trajectory in AI technology.
Russian Threat Actor APT29 Pivots to the Cloud for Espionage
Healthcare Info Security – 26 February 2024
This article describes how the Russian hacking group APT29 is using techniques such as stealing cloud-based authentication tokens to gain access to corporate data. The group is a component of the Russian Foreign Intelligence Service and has amplified its global cyber espionage operations as part of Moscow's ongoing war against Ukraine. See also Bleeping Computer article (26 February).
NIST Releases Cybersecurity Framework 2.0
Government Technology – 26 February 2024
This article reports that the National Institute of Standards and Technology (NIST) has released a new version of its Cybersecurity Framework, Version 2.0. This new version adds a key cybersecurity function, aimed at supporting all sectors, and is accompanied by the release of supplementary resources. See also NIST press release and Version 2.0 (26 February) and Australian Cyber Security Magazine article (28 February).
Ransomware Operation LockBit Reestablishes Dark Web Leak Site
Data Breach Today – 24 February 2024
This article confirms that LockBit, the infamous Russian-speaking ransomware group, has re-established its dark web leak site. In a lengthy post on the leak site, LockBit’s leader claims that the FBI used a system flaw to penetrate the ransomware-as-a-service (RaaS) operation's servers and destroy its reputation. The FBI seized decryption keys, source code, and cryptocurrency wallets from LockBit's servers, but did not take down backup servers that didn't have PHP installed. LockBit also claims that only 1,000 of the 20,000 ransomware decryptors on the LockBit server were captured. See Cyber Daily article (26 February).
LockBit developing 4.0 encryptor at time of global takedown
Cyber Daily – 23 February 2024
This article discusses how the LockBit ransomware group was in the final stages of developing its new encryptor before law enforcement shutdown their operations on 20 February. The encryptor reportedly supports three different types of encryption and will likely be renamed to LockBit 4.0. After news that LockBit re-established their dark web leak site, the new encryptor will pose a serious threat to businesses moving forward.
Binance Restricts 85 LockBit Crypto Wallets
Data Breach Today – 24 February 2024
This article identifies that Binance has seized 85 accounts tied to the LockBit ransomware group, though more than 500 affiliate accounts continue to remain active. The seizure of bitcoin wallets is the latest in a series of actions taken by law enforcement agencies against the ransomware group.
US offers $15 million bounty for info on LockBit ransomware gang
Bleeping Computer – 21 February 2024
This article provides that the US Department of State is offering rewards of up to US$15 million to individuals who can provide information about the LockBit ransomware gang members and their associates. LockBit has claimed over 2,000 victims since beginning their ransomware attacks, walking away with more than US$120 million in ransom profits. Rewards are provided through the Transnational Organized Crime Rewards Program, and come after under a global law enforcement operation.
LockBit ransomware operations seized by law enforcement in ‘Operation Cronos’
CSO – 20 February 2024
This article explores the takedown of several operations belonging to the notorious ransomware gang LockBit. A collective international law enforcement action led by the National Crime Agency of the UK and the FBI saw eight “.onion” domains owned by the ransomware group taken offline. Access to LockBit’s affiliate panel was also seized, preventing LockBit from running their RaaS samples and attacking victims. See also National Crime Agency statement (20 February), Europol statement (20 February) and Cyber Daily article (20 February).
OpenAI bans state-sponsored hacker accounts
Cyber Daily – 16 February 2024
This article provides that ChatGPT creator, OpenAI, has banned several accounts belonging to state-sponsored threat groups originating from Russia, China, Iran, and North Korea. The ban was undertaken after OpenAI received intel from Microsoft’s Threat Intelligence Team that these groups were using ChatGPT to assist in their attacks.
Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
U.S. Department of Justice – 15 February 2024
This release by the US Department of Justice discusses the recent disruption of the Moobot botnet used by the Russian Main Intelligence Directorate to target US and allied government entities in credential theft and phishing attacks. This is the second time the Moobot botnet has been disrupted in a two-month period, and indicates Russia’s continued interest in leveraging the capabilities of threat actors for their own espionage purposes. See also Cyber Daily article (16 February).
Americans lost record $10 billion to fraud in 2023, FTC warns
Bleeping Computer – 9 February 2024
This article reports that the US Federal Trade Commission (FTC) found that Americans lost over US$10 billion to scammers in 2023. This marked a 14% increase in reported losses compared to the previous year. Consumers reported losing the most money to investment scams, which surpassed US$4.6 billion and represented a 21% increase over 2022.
Record-Breaking Ransomware Profits Surpassed $1B in 2023
Data Breach Today – 7 February 2024
This article outlines that ransomware attackers collected record-high profits in 2023, following a surge in ransom payments. The total amount received by ransomware attackers increased dramatically from 2019, which saw US$220 million paid as compared to US$1.1 billion in 2023.
Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware
U.S. Department of State – 5 February 2024
This release confirms that the US will put in place a new visa restriction policy that will prevent individuals who have been involved in the misuse of commercial spyware from entering the country. The policy comes a year after the Biden administration issued an executive order that prohibited the use of commercial spyware by the government where its use would threaten foreign policy or national security interests. See also Cyber Daily article (6 February).
Governing Through a Cyber Crisis – Cyber Incident Response and Recovery for Australian Directors
Australian Institute of Company Directors – 28 February 2024
The AICD has published a guidebook for Australian directors to prepare and respond to cyber incidents. The guidance covers the four Rs of cyber incident readiness, response, recovery, and remediation. The Minister for Cyber Security, Clare O'Neil, has commended the guidance for supporting better cyber governance from the board down. The guidebook states that directors have a key role to play in dealing with increasing cyber threats, and this guidebook will put them in a stronger position to navigate the challenges posed by cyber risks.
Global Privacy: Year in Review and a Look Forward, 2023–2024
JD Supra – 26 February 2024
JD Supra has released its Global Privacy report, which reviews findings from 2023 and forecasts predictions for 2024. Key findings for 2023 include:
- In the US, 40 States introduced / were considering legislation to govern relevant data, while 13 States passed similar privacy laws.
- Privacy was a lead story in consumer litigation for 2023, with plaintiffs filing a wave of lawsuits. The EU, UK, and Asia saw significant legislative activity in privacy-related matters, with China and India enacting / making comprehensive updates to privacy legislation.
- The Middle East also saw developments in personal data handling and AI systems.
Predictions for 2024 include:
- In the US, many States will follow California’s new privacy laws, coupled with a rise in court decisions which will aim to guide companies on wiretap statutes, and greater regulatory enforcement on AI.
- EU and UK regulators will begin focussing on children’s data protection, AI, and content moderation rules.
- In the Middle East, the UAE Privacy Law is expected to be clarified in 2024, with further guidance on international personal data transfers.
Notifiable data breaches report July to December 2023
Office of the Australian Information Commissioner – 22 February 2024
The OAIC has published the second of its twice-yearly reports on notifications received under the NDB scheme to help track the leading sources of data breaches, while also pinpointing emerging issues and areas for regulated entities to focus on moving forward. Key findings include:
- 483 breaches were notified, representing a 19% increase from the 407 breaches reported in January to June 2024.
- Malicious or criminal cyber attacks were up 12% between July to December, with human error and system fault breaches rising by 36% and 21%, respectively.
- 65% of data breaches affected 100 people or fewer.
- 44% of all data breaches resulted from cyber security incidents.
HWL Ebsworth Cyber Security Incident | Lessons Learned Review
National Office of Cyber Security – February 2024
The National Office of Cyber Security released the results of their Lessons Learned Review on last year’s cyber-attack on HWL Ebsworth, where Russian cyber criminals exfiltrated and leaked four terabytes of sensitive data from HWL Ebsworth’s network. 62 government entities were affected, with multiple departments being involved in coordinating the incident response. Key takeaways from the Lessons Learned Review include:
- Collaboration is Key: Central coordination and consequence management functions, like those used by the National Office of Cyber Security, help reduce operational and informational burdens on impacted entities.
- Consistent and Accurate Public Communications: These are key to developing and maintaining transparency and trust.
- Government-Industry Engagement: Genuine engagement and coordination between government and industry is key to responding to cyber incidents and building trust.
- Consideration of Stakeholder Groups: Consideration should be given to broader groups of stakeholders in the coordinated response, including both public and private sector impacted entities.
- Timely and Accurate Data Analysis: Expectations should be set around timely and accurate data analysis, which should be managed considerately and consistently.
- Injunction: The granting of an injunction to HWL Ebsworth to restrict further access, publication and dissemination of the exposed data may have limited harm to impacted clients.
Report: Lazarus hacking group goes after defence sector
Cyber Daily – 20 February 2024
This article explores findings discussed in a joint advisory by Germany’s domestic intelligence agency and South Korea’s chief intelligence agency on the North Korean Lazarus hacking group. According to German and South Korean intelligence, Lazarus has most recently been conducting espionage campaigns aimed at stealing military technologies to boost North Korea’s own capabilities. Lazarus has been using social engineering tactics and remote-control malware to steal account information in order to access business portals and email contents. To read the report, see the Joint Cyber Security Advisory (19 February). See also Bleeping Computer article (19 February).
New guidance for engaging with artificial intelligence
Australian Signals Directorate & Australian Cyber Security Centre – 24 January 2024
The ASD Australian Cyber Security Centre (ACSC) released a new comprehensive set of guidelines on how to safely use and leverage generative AI platforms. Several international partners, including the FBI and National Security Agency (NSA), assisted with the project. The guidance discusses a wide range of threats to safe AI use accompanied by short case studies.
Australia
3 Sydney men arrested over alleged SMS phishing operation
Cyber Daily – 27 February 2024
This article provides that three Sydney men have been arrested for their alleged involvement in a phishing operation that sent over 80 million phishing texts. NSW Police detectives worked with telco operators to locate the scammers, with the individuals being charged with using equipment connected to a network to commit serious offences.
Internet provider Tangerine suffers cyberattack
Sydney Morning Herald – 21 February 2024
This article confirms that Australian internet service provider, Tangerine, suffered a data breach resulting in the names, dates of birth, email addresses and mobile phone numbers of more than 200,000 customers being stolen by hackers. Tangerine stated that no drivers licence numbers, ID documentation details, bank account details or passwords were disclosed in the breach, and the availability and operation of NBN and mobile services have remained online.
Hacker offers the personal details of 25m Aussies for sale
Cyber Daily – 16 February 2024
This article details promises made by a member of a clear web hacking forum to sell the personal details of 25 million Australians. The user – JasperOliverx – also included a short sample of 16 lines of data, with the apparent hacker offering to sell all the information they possess for US$8,000.
Australian Human Resources Institute warns customers of cyber attack
Cyber Daily – 9 February 2024
This article provides that the Australian Human Resources Institute (AHRI) has revealed that it suffered a cyber attack after sending emails to customers. The incident occurred after an unidentified threat actor gained access to AHRI’s website via the site provider. The AHRI stated in their email that the threat actor installed a script and malware that was active between 1 and 2 February.
International
Ransomware gang seeks $3.4 million after attacking children’s hospital
The Record – 28 February 2024
This article outlines that the Rhysida ransomware gang is seeking US $3.4 million after launching a cyber attack on a children's hospital in Chicago, which forced staff to resort to manual processes. The Rhysida group has listed Lurie Children’s Hospital on its darknet extortion site and is attempting to sell data stolen from the institution for 60 bitcoins (US $3.7 million). The hospital remains open and providing care to patients, but some appointments and elective surgeries have been cancelled.
Fortnite game developer Epic Games allegedly hacked
Cyber Daily – 28 February 2024
This article states that a new ransomware gang called Mogilevich claims to have successfully hacked Epic Games, stealing nearly 200 gigabytes of internal data, including email, passwords, payment information, and source code. The gang posted the details of the alleged hack on its darknet leak site, but Epic Games says there is no evidence of any compromise. The data is listed for sale and the deadline for Epic Games to pay or for someone else to purchase it outright is 4 March.
The I-Soon data leak unveils China’s cyber espionage tactics, techniques, procedures, and capabilities
CyberWire – 23 February 2024
This article dissects the I-Soon data leak, which revealed extensive cyber espionage activities conducted by a Chinese cybersecurity vendor. The leak details a range of sophisticated hacking tools and services, including malware capable of infiltrating Android and iOS devices. The documents include contracts, product manuals, and employee lists, pointing to a comprehensive support system for Beijing's hacking endeavours. The operational details emerging from the leak provide a rare glimpse into the inner workings of a cyber espionage campaign. See also Palo Alto Networks article (23 February).
US health tech giant Change Healthcare hit by cyberattack
Tech Crunch – 22 February 2024
This article discusses the cyber attack on US healthcare giant, Change Healthcare, after the company experienced a network interruption caused by an outside threat. Change Healthcare’s login website was inaccessible and offline for a short time, while local pharmacies experienced prescription delays as well. A subsidiary of Change Healthcare – UnitedHealth Group – stated that a suspected nation-state actor gained access to Change Healthcare’s IT systems. On 29 February, BlackCat claimed responsibility for the attack, stating that it exfiltrated over six terabytes of “highly selective data”. See also Cyber Daily article (29 February), Forbes article (23 February) and Data Breach Today article (23 February).
Russia Announces Arrest of Medibank Hacker Tied to REvil
Data Breach Today – 21 February 2024
This article outlines that Russian police arrested three men, including the recently-sanctioned Aleksandr Ermakov who is allegedly responsible for the 2022 Medibank cyber-attack, for violations of Article 273 of the country’s criminal code, which probits creating, using or sharing harmful computer code. A Russian cybersecurity firm has reported that the three attackers “worked under the guise of a legal IT company offering services” in order to launch their ransomware operation on Russian entities.
Cambridge University hit by DDoS attack
Computing UK – 20 February 2024
This article confirms that Cambridge University suffered a distributed denial-of-service (DDoS) attack, which flooded its servers and disrupted internet access and services. The Anonymous Sudan hacking group has taken responsibility for the incident, citing the UK’s support for Israel and complicity with the ongoing genocide in Gaza as motivation for the attack. See also TechRadar article (20 February) and Varsity article (19 February).
ALPHV ransomware claims loanDepot, Prudential Financial breaches
Bleeping Computer – 16 February 2024
This article discusses ALPHV / BlackCat’s infiltration of Prudential Financial and mortgage lender loanDepot. loanDepot confirmed that 16.6 million people had their personal information stolen in a ransomware attack on January 8, with Prudential Financial also revealing that a threat actor breached their network on February 4 and exfiltrated employee and contractor data. Coincidentally, days later, the US Department of State announced rewards of up to US$10 million for any individual that could assist in the identification or location of BlackCat gang leaders.
OpenAI hit but Anonymous Sudan DDoS for executive’s political comments
Cyber Daily – 15 February 2024
This article explores an attack on ChatGPT creator, OpenAI, which has been claimed by the DDoS threat group Anonymous Sudan. The threat actor took credit for outages across the OpenAI systems via their Telegram account accompanied by screenshots of outage notices. Anonymous Sudan provided that their motivation for the attack was due to OpenAI’s “cooperation with the occupation state of Israel” and because of OpenAI’s CEO’s willingness to continue investment into Israel’s genocide and oppression of Palestinians. See also SC Media article (15 February).
Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election
Trellix – 13 February 2024
This article details increased cyber threat activity during Taiwan’s 2024 Presidential Election. Researchers from Trellix identified that malicious activity rose significantly during the voting period, from 1,758 detections on January 11 to over 4,300 on January 12. It is suggested that state-sponsored hackers are increasing their activity to collect damaging information about political opponents that can be shared across political, electoral and media domains to influence public opinion.
Is Ransomware Finally in Decline? Groups Are 'Struggling'
Data Breach Today – 14 February 2024
This article discusses the recent struggles of ‘top-tier’ ransomware groups in adapting to the current threat landscape. Researchers from RedSense point to a scarcity in talent, trauma from the Russia-Ukraine war, and repeated disruptions by law enforcement as causing a retreat in the efficiency and effectiveness of ransomware groups. Ransomware has become more of a hot topic in the cybersecurity realm in recent years, and with this heightened exposure has come a decline in threat actors being able to maintain “a certain level of mystique and power” to continue their operations.
Researchers release free Ryhsida Ransomware decryptor
Cyber Daily – 13 February 2024
This article explores the development of a free Rhysida ransomware decryptor by South Korean researchers to assist entities whose data has been encrypted by the Russia-affiliated hacker group. Researchers exploited an implementation vulnerability that existed in Rysida’s ransomware to successfully decrypt encrypted data. Notable recent attacks conducted by Rhysida include the British Library data breach in November, and the attack against major video game developer Insomniac Games. The decryptor is now available on the Korea Internet and Security Agency website for download.
Ransomware attack forces 100 Romanian hospitals to go offline
Bleeping Computer – 12 February 2024
This article provides that 100 hospitals throughout Romania were forced to take their systems offline following a ransomware attack which compromised their healthcare management system. It has been confirmed that 25 hospitals had their data encrypted, while the remaining 75 healthcare facilities took their systems offline as a precautionary measure. The Hipocrate Information System used by the hospitals manages medical activity and stores patient data, though most of the affected hospitals did have data backups in place.
Largest-ever French cyber attack exposes half of the population
Cyber Daily – 9 February 2024
This article reports that half of the population of France had its data exposed after two of the country’s medical insurance providers – Viamedis and Almerys – were targeted in a hacking attack five days apart from one another. The type of data stolen included individuals’ dates of birth, marital status, social security numbers, and the type of insurance coverage a person has. The French Data Protection Authority has confirmed that no bank details, medical data, postal addresses, telephone numbers or emails were involved in the exfiltration.
UN experts investigate 58 cyberattacks worth $3 bln by North Korea
Reuters – 8 February 2024
This article outlines that United Nations sanctions monitors have begun investigating North Korean-sponsored cyber attacks which have accrued an estimated US$3 billion. Excerpts from an unpublished UN report suggest that North Korea is using the profits to develop its nuclear weapons program despite being subject to sanctions which ban the nation from conducting nuclear tests and ballistic missile launches.
Black Basta Ransomware Gang Hacked Hyundai Motor Europe
Security Affairs – 9 February 2024
This article confirms that Hyundai Motor was breached by the Black Basta ransomware gang, with the threat actor claiming to have stolen three terabytes of company data. Black Basta shared lists of folders that were allegedly stolen from numerous Window domains, including those from KIA Europe as well. It remains unknown what data was stolen, but the folder names suggest that the data relates to the company’s legal, sales, HR, accounting, IT and management divisions. See also Bleeping Computer article (8 February).
Note: The articles above are a selection of cyber related media reports during the month of September 2023. The linked articles are provided for convenience. The headlines, summaries and articles themselves do not represent the views or opinions of HSF.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.