Hello and welcome to GlobalSign’s weekly cybersecurity news wrap up! Here’s a re-cap of the week’s biggest stories.
A large-scale fuel industry attack took place in Europe this week, impacting some of northwest Europe's biggest ports. Earlier in the week, Hamburg-based Oiltanking GmbH Group and mineral oil dealer Mabanaft GmbH & Co. KG Group announced in a joint statement they discovered an intrusion on January 29th. The attack also impacted the Antwerp based-SEA-Tank Terminal. As many other six other oil terminals in the Netherlands and Belgium seem to be affected by the cyberattack. It appears that, in all cases, the IT systems have been infiltrated and can’t process barges.
The well-known Conti gang is being blamed for the attack, which was discovered on Monday. As part of the attack, the cyber criminals group also stole data and posted “proof” of the steal on its leak site.
Also this week, more than 100,000 files with student records belonging to British Council were found exposed online. The British Council promotes the study of British culture and the English language around the world. According to SC Magazine, researchers from MacKeeper and cybersecurity researcher Bob Diachenko said in a blog post that students were potentially open to identity theft and phishing attacks. The cybersecurity firm and Diachenko uncovered an unsecured Microsoft Azure blob that revealed more than 144,000 student names, IDs, usernames and email addresses, and other personal information.
Cryptocurrency firm Wormhole is breathing a sigh of relief after confirming that "all funds have been restored" after more than $320 million was stolen from its site earlier in the week. The hack was the fourth-largest crypto heist on record. Wormhole is what is known as a "decentralised finance" site that allows the transfer of information across crypto networks. In a series of tweets on Wednesday afternoon, the company revealed that cyber criminals had stolen 120,000 wETH, or wrapped ethereum, worth nearly $324 million at current exchange rates.
Here in the U.S., it’s very unfortunate but last month’s attack on payroll service provider Kronos is still causing major problems. Scroll down the page to read a story by NBC News which delves into how some employees of Coca Cola in the U.S. haven’t been paid since Christmas. And this story out of Reno highlights one employee of the Ritz Carlton Lake-Tahoe who is owed at least $5,000 in back pay. Let’s hope this situation is resolved soon!!
Finally, the FBI's Internet Crime Center (IC3) is warning that scammers are exploiting verification weaknesses in job-focused networking sites to post legitimate looking ads, capture personal information and steal money from job seekers. Scammers "continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," the FBI warns in a new public service announcement. According to IC3's complaint reports, the average reported loss from this scheme since early 2019 has been $3,000 per victim.
That’s a wrap for the week. Wishing everyone a great – and cybersafe – weekend.
Amy
Top Global Security News
Reuters (February 3, 2022) Crypto platform Wormhole says funds are 'restored' after $320 mln hack
Cryptocurrency firm Wormhole said on Thursday that "all funds have been restored" after over $320 million was stolen from its site in the fourth-largest crypto heist on record.
Wormhole, a "decentralised finance" site that allows the transfer of information across crypto networks, said on Wednesday it had been "exploited" for 120,000 digital tokens connected to the second-largest cryptocurrency, ether.
At the time of its announcement of the heist, the market value of the tokens was just over $320 million.
The theft was the latest to hit the fast-growing but mostly unregulated DeFi sector. DeFi platforms allow users to lend, borrow and save - usually in crypto - while bypassing traditional gatekeepers of finance such as banks.
"All funds have been restored and Wormhole is back up," the platform said on Twitter after earlier saying on its Telegram channel that "all funds are safe".
SecurityWeek (February 03, 2022) European Oil Port Terminals Hit by Cyberattack
Major oil terminals in some of Western Europe's biggest ports have fallen victim to a cyberattack, sources confirmed on Thursday.
Belgian prosecutors have launched an investigation into the hacking of oil facilities in the country's ports, including Antwerp, Europe's second biggest port after Rotterdam.
According to a specialised broker, the alleged hacking is affecting several European ports and is disrupting the unloading of barges in an already strained oil market.
"There was a cyber attack at various terminals, quite some terminals are disrupted," said Jelle Vreeman, senior broker at Riverlake in Rotterdam. "Their software is being hijacked and they can't process barges. Basically, the operational system is down," he said.
ThreatPost (February 2, 2022) KP Snacks Left with Crumbs After Ransomware Attack
KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest.
The British company (also the purveyor of deeply English treats such as Skips prawn cocktail snacks and Butterkist toffees) said that the Conti gang was behind the strike, which was reportedly discovered on Monday. True to form, the cyberattackers also stole data in a classic double-extortion gambit, posting “proof” of the steal on its leak site.
According to Better Retailing, which first reported the incident, the crisps connoisseur sent its merchant partners a letter on Wednesday explaining the situation, noting that it “cannot safely process orders or dispatch goods.”
ZDNet (February 2, 2022) FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity
The FBI's Internet Crime Center (IC3) is warning that scammers are exploiting verification weaknesses in job-focused networking sites to post legitimate looking ads, capture personal information and steal money from job seekers.
Scammers "continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," the FBI warns in a new public service announcement.
The bogus ads threaten to damage the impersonated firm's reputation and financial loss for the job seeker.
According to IC3's complaint reports, the average reported loss from this scheme since early 2019 has been $3,000 per victim.
Computer Weekly (February 1, 2022) German fuel supplier taken offline in cyber attack
Petrol distribution facilities across Germany have been forced to shut off their operational technology (OT) systems in response to an apparent cyber attack of an undisclosed nature affecting Hamburg-based fuel logistics firm Oiltanking.
According to German newspapers Handelsblatt and Der Spiegel, which were among the first to report on the incident, the attack was carried out against Oiltanking’s systems and those of another subsidiary of the same parent group, Mabanaft. The firms supply numerous fuel companies in Germany, with larger customers including the likes of Shell.
It is understood that the incident has taken the automated systems responsible for filling and emptying its fuel storage tanks offline at 13 facilities in Germany that, between them, handle around 155 million tonnes of material every year. The filling of petrol tankers is being held up as a result.
A spokesperson for Germany’s independent tank storage association told Der Spiegel that in spite of the attack, other suppliers should be able to fill the gap in the meantime, meaning there is unlikely to be any immediate danger to fuel supplies to German consumers and businesses.
Bleeping Computer (February 1, 2022) British Council exposed more than 100,000 files with student records
More than 100,000 files with student records belonging to British Council were found exposed online.
An unsecured Microsoft Azure blob discovered on the internet by a cybersecurity firm revealed student names, IDs, usernames and email addresses, and other personal information.
British Council promotes the study of British culture and the English language around the world and is known for administering the IELTS standardized language exam.
NBC News (February 1, 2022) Weeks after a ransomware attack, some workers still worry about paychecks
When a ransomware attack left Rich, a Coca-Cola delivery driver and salesman in Charleston, West Virginia, without a paycheck at Christmas, he made do.
But since then, things haven’t gotten much better. Rich, who asked not to be identified by his last name for fear of retaliation from his employer, is among hundreds of workers who deliver Coke products in at least three states who say they’re still owed wages — fallout from one of the many ransomware attacks that hit U.S. companies practically every day.
Rich, a father of three, said he’s had to dip into his savings, which have dwindled down in recent weeks.
Other Top Industry News
BlackMatter Ransomware Group No Longer Active, HC3 Says - Health IT Security
Why Cyberattacks Are the No. 1 Health Tech Danger in 2022 - Data Breach Today
Disclosure, Panic, Patch: Can We Do Better? - Dark Reading
ITRC Data Breach Report Says Threat Actors Are More Targeted - Data Breach Today
Top Scam-Fighting Tactics for Financial Services Firms - Bank Info Security
Prison for Dark Overlord Collaborator – InfoSecurity
Mirai splinter botnets dominate IoT attack scene – ZDNet
Scottish Agency Still Recovering from 2020 Ransomware Attack – InfoSecurity
