Hello and welcome to the latest cybersecurity wrap up from GlobalSign. Some big names were in the bullseye this past week. Let’s dig in.
It was just last week that ZDNet’s Danny Palmer wrote that cyber criminals are getting bolder seemingly by the day.
One week later, Taiwanese computer manufacturing company Acer announced it is the latest victim of a ransomware attack, and that the perpetrators are demanding at least $50M. Some estimates have even doubled that. That’s some ask!
According to Bleeping Computer, REvil – the ransomware gang who is thought to be behind this attack – offered Acer a 20% discount if the money was transferred by Wednesday, March 17. But that did not happen. Acer reportedly now has until March 28 to send the funds before any alleged stolen data is leaked.
It appears that the cyber criminals got away with financial spreadsheets, bank balances, and bank communications. No word yet on whether the ransom has been paid.
Then, CNA, one of America's top providers of cybersecurity insurance, has supposedly been hit so hard it is “struggling” and has been forced to disconnect its systems from its network. As of this writing, its website is still displaying this message:
According to a cyber insurance industry expert quoted in a CyberScoop article, the attack “could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts.”
Then, to the north, Canadian IoT manufacturer Sierra Wireless was forced to halt production after it, too, fell victim to a ransomware attack. The attack occurred on March 20. In addition to halting production, internal operations have also been disrupted.
On the bright side the company believes the scope of the attack is limited to Sierra Wireless systems since their internal IT system network and the one for customers are separate. Phew!
As with CNAs website, the only content that website visitors will find on Sierra Wireless’ home page right now is this message.
In England, the University of Northampton has also been hit with a cyber attack. It’s resulted in the disruption of its IT services and telephone systems. A spokesperson for the university told BBC the university had been 'severely impacted' and that "IT forensics investigators" were advising the university IT staff on how to restore services.
Finally, yet another company has been impacted by the Accellion hack. This time, it’s a big one – energy giant Royal Dutch Shell. The petrochemical powerhouse announced last week that a “data security incident”, AKA a data breach, had occurred using Accellion’s secure file-transfer application. The company had been using Accellion to securely transfer large data files.
The cyber criminals behind the breach accessed some personal data as well as data belonging to Shell stakeholders and subsidiaries. So far, the incident may only have impacted the Accellion file transfer service, and Shell claims there is “no evidence” any systems were impacted beyond its IT system.
Those are the biggest stories, but of course there’s so much more that happened this week which you can read about below. Thanks as always for stopping by, and wishing you a terrific weekend!
Top Global Industry News
Computing UK (March 25, 2021) University of Northampton 'severely impacted' by cyber attack
"The University of Northampton has suffered a cyber attack that resulted in the disruption of its IT services and telephone systems.
In a message posted on Twitter, the university said that it had been 'working across the network to resolve the issue' and was 'sorry for the inconvenience caused', promising to provide an "update as soon as systems are up and running again".
A spokesperson for the university told BBC the university had been 'severely impacted' and that 'IT forensics investigators' were advising the university IT staff on how to restore services."
CyberScoop (March 24, 2021) Top insurer CNA disconnects systems after cyberattack
"CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network.
Its website hasn’t been working for the last couple days, and at press time displayed the message, 'The attack caused a network disruption and impacted certain CNA systems, including corporate email.'
The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements.
If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated."
ZDNet (March 23, 2021) Ransomware attack halts production at IoT maker Sierra Wireless
"A multinational manufacturer of Internet of Things (IoT) devices has halted production after falling victim to a ransomware attack.
Canadian IoT maker Sierra Wireless says it suffered a ransomware attack against its internal IT systems on March 20, which has led to production being halted at its manufacturing sites. Internal operations have also been disrupted by the attack and at the time of writing, the company website is down, stating that it's 'under maintenance'.
The company says the impact of the attack is limited to internal Sierra Wireless systems and customer-facing products haven't been affected by the incident because the networks of internal IT systems and services designed for customers are separated."
Security Week (March 22, 2021) Shell Says Personal, Corporate Data Stolen in Accellion Security Incident
"Oil and gas giant Royal Dutch Shell (Shell) is the latest company to have confirmed impact from the December 2020 cyber-attack on Accellion’s File Transfer Appliance (FTA) file sharing service.
A legacy service designed to allow for the sharing of large files, Accellion’s FTA service fell victim to a cyber-attack in December 2020, when hackers exploited zero-day vulnerabilities to gain access to customer data.
The soon-to-be-retired service had roughly 300 customers at the time, with up to 25 of them suffering significant data compromise following the incident."
Tech Spot (March 22, 2021) Acer reportedly facing $50 million - even $100 million - ransomware demand following hack
"What just happened? Acer is reportedly the latest tech giant to become the victim of a ransomware attack. The Taiwanese company was hit by the REvil ransomware gang, which is demanding it hand over $50 million worth of Monero cryptocurrency in exchange for the decryption key. The payment will also ensure sensitive company data isn't leaked online.
The Record writes that the attack has only affected Acer's back-office and not the hardware maker's production systems. The firm hasn't confirmed any ransomware incident, and the attack never stopped the announcement of its Q4 2020 financial results last Wednesday.
The Record found Acer's name on a dark web portal where the REvil gang usually leaks stolen data from companies that don't pay ransoms. While no files have been posted, there were screenshots of internal documents."
Other Industry News
Phish Leads to Breach at Calif. State Controller — Krebs on Security
Russian man pleads guilty to Ransomware Plot against Tesla – US News
Black Kingdom ransomware hits unpatched Exchange servers – BankInfoSecurity
SilverFish: Swiss researchers identify threat actor with links to SolarWinds hack – Computing UK
Data of 50K PACE Program Patients Stolen from PeakTPA Cloud Servers (healthitsecurity.com)
The U.S. Government Finally Gets Serious About IoT Security – IEEE Spectrum
Charm Offensive: Ransomware Gangs 'Tell All' in Interviews – Data Breach Today
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
