Hello and welcome to GlobalSign’s weekly news round up! Here’s the latest in cybersecurity news…
It was revealed this week that Britain's Foreign, Commonwealth & Development Office (FCDO) was recently the target of a serious cyber security incident. As a result the FCDO was forced it to seek urgent cyber security help from one of its cyber security contractors, BAE Systems Applied Intelligence. To date the FCDO has only stated that the details of the event cannot be disclosed. The FCDO is responsible for U.K. diplomacy and international development efforts.
Cybersecurity agencies from the U.S., UK and Australia jointly announced on Wednesday the increase in attack sophistication is proof of the growing threat of ransomware. But as this story in SearchSecurity points out, ransomware groups are redirecting their focus from “big game hunting” toward midsized victims to reduce scrutiny. Over the past several years, ransomware has become the most prevalent threat to organizations in private and public sectors alike, including financial services, food and agriculture, government, healthcare, and other critical infrastructure industries. In the U.S., ransomware attacks targeted 14 of the 16 critical infrastructure sectors, as defined by the Department of Homeland Security.
This week the European Central Bank announced that banks should prepare for the possibility of a Russian-sponsored cyber attack as tensions between Russia and Ukraine mount. In light of the escalation in tensions, banks have been conducting cyber war games to test their ability to fend off an attack.
Vodafone Portugal announced on Tuesday that it was hit with a cyberattack that caused network disruptions across the country. In a statement, the company said services based on data networks -- namely the 4G/5G network, fixed voice, television, SMS and voice/digital answering services -- were affected by the attack, which they discovered on Monday night.
It's unfortunate but December's attack on Kronos continues to impact some of its customers. It was announced this week that sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos. The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.
A settlement for the massive 2017 Equifax data breach was reached this week. The breach affected more than 147 million US citizens and 15 million British citizens. Names, Social Security numbers, birth dates, addresses as well as driver’s license details of more than 10 million individuals were exposed after attackers used a known vulnerability to break into Equifax’s databases. An estimated 15 million British citizens were affected by the incident, of which 694,000 had sensitive data exposed. A smaller number of Canadians were also affected.
Finally, will Meta unfriend the EU? This week, the company formerly known as Facebook warned in an SEC filing it may leave the European Union market if it’s not allowed to share EU user data with its US-based data centers. The announcement is based on an EU ruling back in 2020 that using US cloud providers was a violation of the GDPR. While many companies have ignored the ruling, the Austrian Data Protection Authority recently ruled that it is illegal for EU companies to use Google Analytics. It will certainly be interesting to see what happens here. Meta leaving the EU would be quite a drastic measure for the company.
That's our wrap-up for the week. As always, thanks for stopping by our blog. Have a great weekend.
Amy
Top Global Security News
Computing (February 10, 2022) Foreign Office targeted in a 'serious cyber security incident'
Britain's Foreign, Commonwealth & Development Office (FCDO) was the target of a serious cyber security incident that forced it to seek urgent cyber security help from one of its cyber security contractors.
The existence of the incident was revealed in a public tender document posted on the government's website, as discovered by The Stack.Wormhole, a "decentralised finance" site that allows the transfer of information across crypto networks, said on Wednesday it had been "exploited" for 120,000 digital tokens connected to the second-largest cryptocurrency, ether.
The document, published on February 4, revealed that the FCDO called in 'urgent business support' after detecting the breach.
'The Authority was the target of a serious cyber security incident, details of which cannot be disclosed,' the tender document said.
The Department paid BAE Systems Applied Intelligence, FCDO's cyber security contractor, £467,325.60 for its assistance in remediation and investigation of the incident.
SecurityWeek (February 10, 2022) Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021
An increase in attack sophistication is proof of the growing threat that ransomware poses to all organizations, cybersecurity agencies from the United States, United Kingdom, and Australia said on Wednesday.
Over the past several years, ransomware has become the most prevalent threat to organizations in private and public sectors alike, including financial services, food and agriculture, government, healthcare, and other critical infrastructure industries.
In the U.S., ransomware attacks targeted 14 of the 16 critical infrastructure sectors, as defined by the Department of Homeland Security.
In a joint advisory on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the Australian Cyber Security Centre (ACSC) warn that each time a ransom is paid ransomware operators may be emboldened to launch more attacks.
ZDNet (February 10, 2022) Adobe urges customers to upgrade after 500 stores breached through Magento platform
Adobe urged customers using the Magento 1 e-commerce platform to upgrade to the latest version of Adobe Commerce after security company Sansec detected a mass breach of over 500 stores running the platform.
In a statement to ZDNet, Adobe said it ended support for Magento 1 on June 30, 2020.
"We continue to encourage merchants to upgrade to the latest version of Adobe Commerce for the most up-to-date security, flexibility, extensibility, and scalability," an Adobe spokesperson said.
"At a minimum, we recommend Magento Open Source merchants on Magento 1 to upgrade to the latest version of Magento Open Source (built on Magento 2), to which Adobe contributes key security updates."
Reuters (February 9, 2022) European, U.S. regulators tell banks to prepare for Russian cyberattack threat
The European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, two people with knowledge of the matter said, as the region braces for the financial fallout of any conflict.
The stand-off between Russia and Ukraine has rattled Europe's political and business leaders, who fear an invasion that would inflict damage on the entire region.
Now the European Central Bank, led by former French minister Christine Lagarde and which has oversight of Europe's biggest lenders, is on alert for the threat of cyber attacks on banks launched from Russia, the people said.
Banks were conducting cyber war games to test their ability to fend off an attack, a source said.
Portswigger (February 9, 2022) Equifax finalizes data breach settlement with US regulators
Credit reference agency Equifax has finalized a settlement for a 2017 data breach that affected more than 147 million US citizens and 15 million Brits.
Equifax first admitted the massive breach in September 2017. Names, Social Security numbers, birth dates, addresses as well as driver’s license details of more than 10 million individuals were exposed after attackers used a known vulnerability to break into Equifax’s databases.
The breach exposed the credit card data of a smaller subset of around 209,000 victims.
An estimated 15 million British citizens were affected by the incident, of which 694,000 had sensitive data exposed. A smaller number of Canadians were also affected.
ZDNet (February 8, 2022) Vodafone Portugal hit with cyberattack affecting 4G/5G network, TV, SMS services
Vodafone Portugal announced on Tuesday that it was hit with a cyberattack that caused network disruptions across the country.
In a statement, the company said services based on data networks -- namely the 4G/5G network, fixed voice, television, SMS and voice/digital answering services -- were affected by the attack, which they discovered on Monday night.
"Vodafone was the target of a network disruption that began on the night of February 7, 2022, due to a deliberate and malicious cyberattack intended to cause damage and disruption. As soon as the first sign of a problem on the network was detected, Vodafone acted immediately to identify and contain the effects and restore services," the company said.
"We have already recovered mobile voice services and mobile data services are available exclusively on the 3G network in almost the entire country but, unfortunately, the scale and seriousness of the criminal act to which we were subjected implies careful and prolonged work for all other services. recovery process that involves multiple national and international teams and external partners. This recovery will happen progressively throughout this Tuesday.
Bleeping Computer (February 7, 2022) Puma hit by data breach after Kronos ransomware attack
Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021.
The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.
Kronos describes KPC as secure storage protected from attacks using firewalls, multi-factor authentication, and encrypted transmissions. It's used as a server facility for hosting Workforce Central, Workforce TeleStaff, Enterprise Archive, TeleTime IP, Extensions for Healthcare (EHC), and FMSI environments.
Web Pro News (February 6, 2022) Meta May Leave EU Market Over Privacy Regulations
Meta is threatening to leave the EU market if it’s not allowed to share EU user data with its US-based data centers.
The EU ruled in 2020 that using US cloud providers was a violation of the GDPR. Because they are often required to hand over data to intelligence agencies, US companies are not capable of being compliant with the privacy protections the GDPR provides EU citizens. While many companies, on both sides of the Atlantic, have ignored the ruling, the Austrian Data Protection Authority recently ruled that it is illegal for EU companies to use Google Analytics.
Other Top Industry News
Linux-based systems targeted with ransomware and cryptojacking - Beta News
FBI Received 1,600 SIM Swapping Complaints in 2021 - Security Week
Ransomware: Alphv/BlackCat Is DarkSide/BlackMatter Reboot - Data Breach Today
Attacks against health plans up nearly 35% - HelpNetSecurity
Supply Chain Zero Day Leverages Kubernetes Files to Steal Passwords - SC Magazine
New Mexico lawmakers propose 45M school cybersecurity fund - Security Week
Washington state Department of Licensing hit by a potential data breach - SiliconANGLE
Cybercriminals Are Exploiting Automobile Innovation To Steal Cars - The Fintech Times
How a Texas hack changed the ransomware business forever - The Record by Recorded Future
Digital downwards spiral? Data breaches show a decline - Digital Journal
