Welcome to the latest cybersecurity wrap up.
Topping the news this week are the continued concerns in France around the recent spate of cyber attacks on French hospitals. This week country’s minister for digital technology, Cedric O, stated that, unlike major attacks such as SolarWinds which involved foreign powers, the attacks on French hospitals may be the work of what he described as “mafia-type organizations.” The minster believes these organizations are likely based in Eastern Europe.
The Ukrainian government is placing blame on Russian hackers for an attack on its System of Electronic Interaction of Executive Bodies (SEI EB). The attack compromised a government file-sharing system as part of an attempt to disseminate malicious documents to other government agencies. SEI EB is a web-based portal used by Ukrainian government agencies to circulate documents between each other and public authorities.
Over in Finland, IT services giant TietoEVRY disclosed a ransomware attack. On Monday, 25 customers reported experiencing technical issues which were later learned to be caused by a ransomware attack. After learning of the attack, TietoEVRY disconnected the affected infrastructure and services to prevent the ransomware's further spread. The company considers the attack “a serious criminal act.”
Here in the West, well known Canadian airplane manufacturer Bombardier disclosed a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang. The company’s internal investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application. Bombardier is just one of many victims of a campaign targeting customers using legacy file transfers.
Finally, it was also revealed in the last week that Underwriters Laboratories (UL) has suffered a ransomware attack that encrypted its servers, causing them to shut down systems while they recover. UL is the largest and oldest safety certification company in the U.S. The company has decided not to pay the ransom and is restoring from backups instead.
Those are the biggest stories that made headlines this week. Scroll down to read them in full, along with some other intriguing stories, such as the emergence of CaaS – Crime as a Service.
That’s all for this week. Enjoy the weekend everyone!
Top Global Security News
France24 (February 25, 2021) ‘Mafia-type’ groups likely behind cyber attacks on French hospitals, minister says
"Mafia-type organisations, often based in eastern Europe, are likely to have been behind a recent wave of cyber attacks on French hospitals, rather than foreign powers, said the French minister for digital technology Cedric O on Thursday.
'Concerning the hospitals, in all likelihood it is not foreign powers, but rather Mafia-type organisations - often situated in eastern countries but not just limited to there - who are looking for money,' Cedric O told France 2 television.
Cedric O said such criminal organisations would typically demand ransom money from victims to restore their computer systems, after paralysing their software."
ZDNet (February 24, 2021) Ukraine reports cyber attack on the government's document management system
"The Ukrainian government said today that Russian hackers compromised a government file-sharing system as part of an attempt to disseminate malicious documents to other government agencies.
The target of the attack was the System of Electronic Interaction of Executive Bodies (SEI EB), a web-based portal used by Ukrainian government agencies to circulate documents between each other and public authorities.
In a statement published today, officials with Ukraine's National Security and Defense Council said the purpose of the attack was 'the mass contamination of information resources of public authorities.'"
Threatpost (February 23, 2021) Finnish IT Giant Hit with Ransomware Cyberattack
"A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures.
Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a communications director at the company. Remman acknowledged technical problems with several services that TietoEVRY provides to 25 customers, which are 'due to a ransom attack,' according to the report.
Remman told E24 that the company considers the attack 'a serious criminal act.' TietoEVRY turned off the unspecified services and infrastructure affected 'as a preventative measure' until it can recover relevant data, and restart systems “in a controlled manner,' he said."
ZDNet (February 23, 2021) Airplane maker Bombardier data posted on ransomware leak site following FTA hack
"Canadian airplane manufacturer Bombardier has disclosed today a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang.
'An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network,' the company said in a press release today.
While the company did not specifically name the appliance, they are most likely referring to Accellion FTA, a web server that can be used by companies to host and share large files that can't be sent via email to customers and employees."
Bleeping Computer (February 19, 2021) Underwriters Laboratories (UL) certification giant hit by ransomware
"UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover. UL is the largest and oldest safety certification company in the United States, with 14,000 employees and offices in over 40 countries.
To prevent further spread of the attack, the company shut down its systems, making it impossible for some employees to perform their jobs. UL told employees not to contact the threat actors or visit any sites related to the ransomware operation.
According to a source familiar with the attack, UL has decided not to pay the ransom and is restoring from backups instead."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.