Hello and welcome back to our blog.
We begin with a story out of the UK, where a water supply company was impacted by a Clop ransomware attack in the last week. South Staffordshire Water, which supplies drinking water to 1.6m consumers daily, confirmed an attack, but said its safety and water distribution systems have remained operational. At the same time, Clop boasted on its leak website it had breached the systems of a different water company, Thames Water. Thames Water disputed these claims via a statement, saying that reports of Clop having breached its network are "cyber-hoax" and that its operations have been at full capacity. According to Trend Micro, Clop (sometimes stylized as “Cl0p”) has been one of the most prolific ransomware families in the past three years, gaining a reputation for compromising high-profile organizations in various industries worldwide using multilevel extortion techniques resulting in huge payouts.
Large consumer company HanesBrands took a big hit following a supply chain attack earlier in the year to the tune of $100M. That massive number was the amount the company lost in just three weeks. The incident, which was disclosed to investors on May 31st, was due to a ransomware attack. The attack affected the company's global supply chain network, limiting its ability to fulfil orders for three weeks. It remains unclear who was responsible for the incident.
Google says a record of sorts was made this week. The company says it blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second. To put things in perspective, this is about 76 percent larger than the previous record DDoS attack that Cloudflare thwarted earlier that same month - or as product manager Emil Kiner and technical lead Satya Konduru explain: "That is like receiving all the daily requests to Wikipedia in just 10 seconds."
Security risk management firm Kroll released data suggesting that ransomware gangs are continuing to focus on healthcare organizations. In fact, in Q2 of this year, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022. The hits to healthcare keep coming. Just last week the U.S. Department of Health and Human Services' Health Sector Cybersecurity Coordination Center issued an alert about a phishing campaign targeting healthcare providers. The campaign tries to lure recipients to a fake Evernote notepad website in an attempt by hackers to harvest security credentials, federal authorities warn. There have been a slew of other healthcare related attacks, some of which are detailed in this August 17th article from Databreach Today.
Argentina's Judiciary of Córdoba was hit by ransomware attackers last week. The PLAY ransomware attack shut down the Judiciary's IT systems. The resulting outage forced users to rely on pen and paper for submitting official documents.
Finally, here's something that probably wasn't on anybody's security bingo card: Janet Jackson's music video for her 1989 hit single Rhythm Nation has been declared a security vulnerability after a Microsoft engineer discovered it could freeze some hard drives on older computers. The vulnerability, CVE-2022-38392, has been categorized as a Denial of Service (DoS), a side-channel attack. In this case, the vulnerability causes hard drives of some laptop PCs from 2005 to malfunction and crash. Reality is the risk for new devices is essentially nonexistent. Still, the MITRE Corporation decided to list it on the register of Common Vulnerabilities and Exposures (CVEs).
That's all for this week. Have a great weekend.
Top Global Security News
The Register (August 18, 2022) Google blocks third record-breaking DDoS attack in as many months
Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.
To put things in perspective, this is about 76 percent larger than the previous record DDoS attack that Cloudflare thwarted earlier that same month.
As Googlers Emil Kiner and Satya Konduru explain: "That is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds."
SecureWorld (August 18, 2022) Janet Jackson Music Video Declared Security Vulnerability
Yes, you read that headline correctly. Janet Jackson's music video for her 1989 hit single Rhythm Nation has been declared a security vulnerability after a Microsoft engineer discovered it could freeze some hard drives on older computers.
Raymond Chen, the Microsoft engineer, said that a colleague shared a story from Windows XP product support that described a "major computer manufacturer" who discovered the music video would crash certain models of laptops.
What could possibly be going on?
ZDNet (August 16, 2022) Confused cyber criminals have hacked a water company in a bizarre case of mistaken identity
A water company that supplies drinking water to over 1.6 million people in the UK says it has been hit by a cyber attack. But the criminal gang involved appears to have claimed it had breached a different water utilities firm.
South Staffordshire Water says it has been the "target of a criminal cyber attack" which is causing disruption to its corporate IT network, but hasn't affected the company's ability to provide safe drinking water to customers.
"This is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis," the company said in a statement.
Bleeping Computer (August 15, 2022) Argentina's Judiciary of Córdoba hit by PLAY ransomware attack
Argentina's Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation.
The attack occurred Saturday, August 13th, causing the Judiciary to shut down IT systems and their online portal. The outage is also forcing the use of pen and paper for submitting official documents.
In a 'Cyberattack Contingency Plan' shared by Cadena 3, the Judiciary confirmed that it was hit by ransomware and engaged with Microsoft, Cisco, Trend Micro, and local specialists to investigate the attack.
"The cyberattack suffered by the technological infrastructure of the Court of Córdoba on Saturday, August 13th, 2022, for a ransomware that has compromised the availability of its IT services," reads a Google translation section of the plan.
HelpNetSecurity (August 15, 2022) Ransomware is back, healthcare sector most targeted
In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID-19 pandemic. Ransomware helped to fuel this uptick against healthcare as attacks increased this quarter to once again became the top threat, followed closely by email compromise.
While phishing continued to be the vector used for initial access, there was a vast increase in external remote services (such as VPNs and RDP environments) being compromised, up 700%. This indicates a growing vulnerability in the remote environments many of us now rely on.
PYMNTS (August 11, 2022) HanesBrands Speeds up Supply Chain Remake After $100M Hit From Cyberattack
After suffering a cyberattack that cost it $100 million in net sales, HanesBrands is pressing forward with its efforts to remake its supply chain and innovate its products.
“Our second-quarter results fell below our expectations as a result of unexpected events and the difficult global operating environment,” HanesBrands CEO Steve Bratspies said in the company’s Q2 earnings release. “Despite the challenges, we continue to make progress on our Full Potential plan.”
During the cyberevent, which HanesBrands disclosed in a May 31 report to the U.S. Securities and Exchange Commission (SEC), the company was subject to a ransomware attack. The company said in the earnings release that the attack affected its global supply chain network and limited its ability to fulfil orders for about three weeks, costing it about $100 million in net sales.
Other Intriguing Stories