GlobalSign Blog

Cybersecurity News Round-Up: Week of April 11, 2022

Cybersecurity News Round-Up: Week of April 11, 2022

Hello and welcome to GlobalSign's weekly cybersecurity news round-up.

This week we begin in India, where the second largest government-owned hydrocarbon producer has been hit by a major cyberattack. Known as Oil India Limited (OIL), the attack has compromised some of the servers at the company’s headquarters in Assam. The hackers have demanded 196 bitcoins in ransom (equivalent to $39,879.) OIL has disabled all affected systems to limit the impact of the attack. 

In Africa, banks are increasingly being targeted by what's known as remote access trojans (RATs). According to Checkpoint, RATs are "malware designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response."  By using a RAT, cybercriminals can profit from attacks. As a result, African banks must now deploy strict gateway security controls -- forcing the threat actors to devise more clever methods. HP Wolf Security has been tracking this activity. 

A digital currency heist took place this week at Elephant Money. The company announced on Tuesday that hackers stole $11.2 million worth of Binance Coin via an automated attack. According to a Medium post from the company founder, the "base layer of the Elephant Money platform is secure and has stood up to this challenge. The exploit of the Reserve will be addressed and we will move on."

German wind turbine manufacturing giant Nordex Group continues to restore its systems after a damaging cyberattack on March 31. On Tuesday, the company announced that preliminary results of its investigation suggest the impact of the incident has been limited to internal IT infrastructure, and there is no indication the incident spread to any third-party assets or otherwise beyond Nordex’ internal IT infrastructure. 

Here in the U.S., the Department of Justice (DOJ) this week announced the seizure of popular online cybercriminal marketplace, RaidForums. The DOJ announced charges against the founder, Diogo Santos Coelho. At one point, the site boasted having close to 10 billion pieces of personally identifiable information for sale. A government affidavit claims that RaidForums was a massive online marketplace where cybercriminals could buy and sell hacked and stolen data -- including data from 178 million Facebook users.

Also this week, on Wednesday federal agencies including the the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a warning that critical infrastructure operators may face attacks targeting multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. The alert says the tools used in the attacks were designed specifically for Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers.

That's a wrap for this week. Have a great weekend. 

Amy 

Top Global Security News

Business Insider India (April 14, 2022) India’s second largest government-owned hydrocarbon producer hit by a major cyberattack, hackers demand 196 bitcoins in ransom

The state-run Oil India Limited (OIL) has been hit by a major cyberattack that has compromised some of the servers of the company. The ransomware attack has hit the company’s headquarters in Assam. 

According to media reports, the hackers have demanded 196 bitcoins as ransom. At the current prices (approx. ₹31.35 lakh per bitcoin), that is a little more than ₹61 crore. 

According to a statement from the company’s spokesperson Tridiv Hazarika, while the breach is serious and the virus is severe, the company has disabled the affected systems as a precautionary measure.

READ MORE 

The Record (April 13, 2022) US agencies warn of custom-made hacking tools targeting energy sector systems

Several advanced persistent threat (APT) actors have created custom-made tools designed to breach IT equipment used in critical infrastructure facilities, according to a new advisory from multiple US agencies. 

In an alert released on Wednesday, the Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) warned critical infrastructure operators of potential attacks targeting multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. 

The alert says the tools used in the attacks were designed specifically for Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers.

READ MORE

Bleeping Computer (April 13, 2022) African banks heavily targeted in RemcosRAT malware campaigns

African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans (RATs).

Cybercriminals interested in quick financial gains are a constant source of trouble for banks in Africa, which have resorted to deploying strict gateway security controls. This has forced the threat actors to craft more clever attacks that could bypass the protection measures, and in 2022, bank-targeting campaigns are seen using a combination of tricks.

READ MORE 

The Record (April 13, 2022) Hackers steal more than $11 million from Elephant Money DeFi platform

Elephant Money, the decentralized finance (DeFi) protocol behind the ELEPHANT token and the TRUNK stablecoin, announced this week that hackers stole $11.2 million worth of Binance Coin.

The company said it was facing an “automated attack” against its treasury and in a Medium post, their founder said they are working with their partners – blockchain security company CertiK and DeFi insurance protocol InsurAce – to address the issue.

“It took a significant amount of capital to bust through the system’s defenses. Over $261M in volume,” the founder said.

READ MORE

Security Week (April 13, 2022) Wind Turbine Giant Nordex Scrambling to Recover From Cyberattack

Wind turbines manufacturing giant Nordex Group this week announced that it is still working on restoring systems after a crippling cyberattack on March 31.

The incident was publicly disclosed in early April, when the company announced that it shut down “IT systems across multiple locations and business units” to contain the issue.

On Tuesday, the wind turbine maker published an updated incident notification, saying that it was still working on restoring systems to “enable business continuity and resume normal operations as soon as reasonably practicable.”

READ MORE 

Cyberscoop (April 12, 2022) Justice Department seizes major cybercrime spot RaidForums

The Department of Justice seized popular online cybercriminal marketplace RaidForums, according to recently unsealed criminal charges against the website’s founder, Diogo Santos Coelho.

The takedown, which DOJ announced Tuesday, is the latest massive sweep by the U.S. government and international law enforcement partners of online marketplaces where hackers buy and sell data. RaidForums boasted at one point of having close to 10 billion pieces of personally identifiable information for sale, making it one of the biggest destinations for cybercriminals.

According to the affidavit filed by law enforcement, RaidForums operated from around 2016 through Feb. 22 of this year as a massive online marketplace for individuals to buy and sell hacked and stolen data, including sensitive personal and financial information from victims in the United States. Among those sales included leaked data from 178 million Facebook users.

READ MORE 

Other Industry News

FIN7 hacking group member sentenced to five years behind bars - ZDNet 

VMware patches critical flaws in Workspace ONE Access identity management software - Portswigger 

Holiday-themed phishing emails most likely to get clicks - Beta News 

Thieves Create Makeshift IDs With Synthetic Identity Fraud - GovTech

Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid - Dark Reading

At small and rural hospitals, ransomware attacks are causing unprecedented crises - STAT

Clueless hackers spent months inside a network and nobody noticed. But then a ransomware gang turned up - ZDNet 

T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. - Vice

Share this Post