Hello! Welcome to GlobalSign’s latest weekly cybersecurity news wrap-up.
It’s only been six weeks since the Colonial Pipeline ransomware hack, but already the company is facing at least two lawsuits seeking class action status. In a lawsuit filed Monday, the claimant says Colonial Pipeline lacked a proper cybersecurity program for ransomware, and that led to the May 7th shutdown of the pipeline. The lawsuit, filed on behalf of the owners of a gas station in Wilmington, North Carolina, also claims the company ignored warnings about the risks to interstate pipeline systems. The law firm representing them, Morgan and Morgan, is seeking class action status for its lawsuit so it can represent more than 11,000 other gas station owners and retailers that were affected by the hack.
The US Securities and Exchange Commission (SEC) is investigating whether some US companies failed to disclose if they were victims of the SolarWinds breach. The SEC wants to know because US securities law requires companies to disclose such information. It sent letters last week to a small number of public issuers and investment firms asking for voluntary information on whether they had been victims of the hack and failed to disclose it, according to Reuters. The SEC is also seeking details on whether public companies that had been attacked had experienced a lapse of internal controls.
With all the attacks taking place, the US government is increasingly looking at new cybersecurity regulations. Regulations for “Systemically important critical infrastructure” (SICI) is one proposal being reviewed by both Washington lawmakers and the Cyberspace Solarium Commission. They say the proposed regulation strikes a middle ground between the new zeal for hard rules and the tradition of non-regulation in cyberspace.”
In Asia, a North Korean hacker group allegedly broke into South Korea's nuclear research center last month. Seoul-based cybersecurity firm IssueMakersLab analyzed the attackers' IP addresses and discovered that one of the three addresses traced back to the hacking group Kimsuky, which is believed to be affiliated with North Korea's Reconnaissance General Bureau spy agency. The analysis identified it was the same address that targeted COVID-19 vaccine developers in South Korea last year.
Brazil’s largest medical diagnostic company, Grupo Fleury, has suffered a REvil ransomware attack that’s disrupted business operations. As a result, the company has taken its systems offline. Grupo Fleury’s website began displaying an alert on Tuesday warning customers about the attack and the fact their systems weren’t available. A story in the June 24th edition of the Rio Times quotes the company as stating “we emphasize that our database is intact and that the service in all of the company's service units continues to happen through contingency solutions...”
Finally, in the EU, the European Commission is looking to create a Joint Cyber Unit to help member states respond to and prevent cyberattacks. Not surprisingly, the massive rise in ransomware attacks is a major driver of this new effort. Under the proposal, the EU would create a rapid response team to mitigate threats from hackers as well as establish national and cross-border monitoring and detection capabilities. The new unit also would work with member nations' law enforcement and cyber agencies, security firms, diplomats and military services to coordinate cybersecurity operations and threat intelligence sharing.
That is a wrap for the week. Stay cyber safe and have a great weekend!
Top Global Security News
Data Breach Today (June 23, 2021) EU Proposes Joint Cybersecurity Unit
"The European Commission has proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware.
Under the proposal, the EU would create a rapid response team to mitigate threats from hackers and establish national and cross-border monitoring and detection capabilities. The new unit also would work with member nations' law enforcement and cyber agencies, security firms, diplomats and military services to coordinate cybersecurity operations and threat intelligence sharing, the European Commission says."
Bleeping Computer (June 23, 2021) Healthcare giant Grupo Fleury hit by REvil ransomware attack
"Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline.
Grupo Fleury is the largest medical diagnostics company in Brazil, with over 200 service centers and more than 10,000 employees. The company performs approximately 75 million clinical exams in a year.
Starting yesterday, the Fleury website began displaying an alert warning that they suffered an attack and that systems are no longer accessible."
Data Breach Today (June 23, 2021) Lawsuits Allege Colonial Pipeline Had Inadequate Cybersecurity
"Colonial Pipeline Co. now faces at least two lawsuits seeking class action status in the aftermath of a ransomware attack in May that led the firm to shut down the operations of a 5,500-mile pipeline for nearly a week.
The latest lawsuit, filed Monday, claims the company lacked a cybersecurity program encompassing ransomware issues at the time of the attack, which led it to shut down pipeline operations serving much of the East Coast. It claims the company ignored warnings about cyber risks to interstate pipeline systems.
The lawsuit was filed on behalf of the owners of EZ Mart 1 LLC, a gas station in Wilmington, North Carolina, which buys its fuel from a distributor that's supplied by Colonial Pipeline. The law firm Morgan and Morgan, which has offices in Atlanta, is seeking class action status for its lawsuit so it can represent more than 11,000 other gas station owners and retailers that were affected by the May 7 ransomware attack against Colonial Pipeline."
CyberScoop (June 22, 2021) A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill
"The notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents, after decades of a largely hands-off approach to private sector-owned critical infrastructure.
Top Biden administration team picks have testified about how voluntary standards aren’t getting the job done, and some in Congress have indicated their patience is waning with letting industry go it alone.
Enter a proposal that some lawmakers and the Cyberspace Solarium Commission that they say strikes a middle ground between the new zeal for hard rules and the tradition of non-regulation in cyberspace: 'systemically important critical infrastructure.' Also known as SICI, it’s an idea that involves labeling hacking targets that are most likely to cause economic, public health or national security disruptions if attacked, then offering the owners of that infrastructure a mixture of government boons in exchange for meeting baseline cybersecurity standards."
Axios (June 21, 2021) SEC investigating if companies failed to disclose breaches in SolarWinds hack
"The Securities and Exchange Commission is probing whether some U.S. companies failed to disclose that they had been a victim of the massive SolarWinds breach by Russian hackers, according to Reuters.
Why it matters: U.S. securities law requires companies to disclose information, like a cyberattack, that could impact their share prices.
The SEC sent letters last week to a small number of public issuers and investment firms asking for voluntary information on whether they had been victims of the hack and failed to disclose it, according to Reuters.
It also sought information on whether public companies that had been attacked had experienced a lapse of internal controls."
Bleeping Computer (June 19, 2021) South Korea's Nuclear Research agency hacked using VPN flaw
"South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.
The Korea Atomic Energy Research Institute, or KAERI, is the government-sponsored institute for the research and application of nuclear power in South Korea.
The breach was first reported earlier this month when South Korean media Sisa Journal began covering the attack. At the time, KAERI initially confirmed and then denied that the attack occurred."
Other Industry news
Hit by a ransomware attack? Your payment may be deductible - Yahoo.com
Bay Area Water System Apparent Cyber Victim - IndustryWeek
APWG: Phishing maintained near-record levels in the first quarter of 2021 - Security Affairs
Ransomware: Too many firms are still willing to pay up if attacked - ZDNet
U.S. brokerage firms warned of FINRA support phishing attacks - Bleeping Computer
Medicaid Contractor Data Breach Affected 334,000 Providers - GovInfoSecurity
413% Rise in Ransomware Attacks in Ireland - Check Point Software - Irish Tech News
Cyber criminals are using virtual machines to hide attacks from being detected - ZDNet
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
