GlobalSign Blog

Cybersecurity News Round-Up: Week of November 1, 2021

Cybersecurity News Round-Up: Week of November 1, 2021

Hello! It’s been another active week in cybersecurity. Here’s our breakdown of the week’s most prominent developments. 

The UK’s Labour Party has indeed been impacted by a cyberattack due to a third-party company. Unfortunately, that has led to a leak of members’ data. While details are still coming out, Labour said it was informed of a “cyber incident” by an unnamed third-party data processor on October 29. That incident led to “a significant quantity of party data being rendered inaccessible on their systems.” The hack is the third one for the party. In August 2020 it informed supporters that one of its suppliers –Blackbaud – was compromised in a separate sophisticated ransomware attack, and also back in 2019 when it was hit by a DDoS attack.  

Also in the UK, a high-end jeweler was involved in a cyber incident. London-based Diamond specialist Graff has reportedly been hit by a ransomware attack, prompting an investigation from the Information Commissioner's Office (ICO). The ransomware gang Conti is allegedly behind the attack. As of early this week, 69,000 documents had been leaked on the dark web already. The list of victims includes high-profile names such as ex-footballers David Beckham and Frank Lampard, former president Donald Trump, actors Tom Hanks and Samuel L Jackson, and disgraced businessman Sir Philip Green.

In Greece, several Greek shipping companies have been hit by a ransomware attack that spread through the systems of a popular, well-established IT consulting firm Danaos Management Consultants. It said that Danaos' own shipping operations have not been hit, and that fewer than 10 percent of its external customers had their files encrypted by the ransomware attack. 

In Canada, the healthcare system of the Province of Newfoundland and Labrador has been dealing with a cyberattack since last Saturday. It appears to be significant enough to have implications for national security. At a news conference on Wednesday, health and community services minister John Haggie confirmed that the IT outage that has affected most of the provincial healthcare system was caused by a cyberattack. However, he deflected questions about how it started and whether, as reported by CBC News, it was a ransomware attack. Fortunately, by Thursday morning the patient information system at St. John’s Health Science Centre, the city’s main hospital, was back online.

Here in the US, government officials issued a sweeping directive on Wednesday requiring federal civilian agencies to promptly update hardware and software vulnerable to hacking. This comes as no great surprise given attacks like Solar Winds. The new directive gives agencies – the Pentagon being the exception - just two weeks to remediate newly discovered software vulnerabilities, and requires agencies to have a process in place for mitigating the impact of those security issues. 

FBI tweet.png

Also this week, the FBI issued an urgent warning about cyber trolls attacking businesses with trojan malware and are “very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.” The FBI cited examples such as one from early 2020, when according to this article in Bank Info Security, a ransomware actor using the moniker Unknown posted on the Russian hacking forum Exploit that encouraged using the Nasdaq Stock Market to influence the extortion process. Malware analyst Damian shared the post with news platform Bleeping Computer. In it, the Sodinokibi/REvil operators say: "[We] have some interesting thoughts about auto-notification email addresses of stock exchanges (for example, NASDAQ), which will allow you to influence the financial condition of the company quickly and efficiently.”

That is all for this week. Thanks for stopping by our blog, and have a great weekend!

Top Global Industry News 

Computing (November 4, 2021) Labour Party discloses cyber attack, members' data stolen

"The Labour Party has suffered a ‘cyber incident' with personal details of members stolen from an unnamed third-party company that handles its membership data.
In a statement the party says it was informed of the incident on October 29th and that 'a significant quantity of Party data' had been rendered inaccessible. Labour does not give further details about the attack, but from that description ransomware seems likely.
The National Crime Agency, the NNCSC, the ICO and parliamentary security are all investigating, according to the party.

The information stolen includes 'information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party.'"

READ MORE 

CBC News (November 4, 2021) N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert

"Newfoundland and Labrador has been dealing with a cyberattack on its health-care system since Saturday. 

One cybersecurity expert says the cyberattack on the Newfoundland and Labrador health-care system may be the worst in Canadian history, and has implications for national security.
David Shipley, the CEO of a cybersecurity firm in Fredericton, said he's seen similar breaches before, but usually on a smaller scale.

'We've never seen a health-network takedown this large, ever,' Shipley said in an interview with CBC News. 'The severity of this is what really sets it apart.'"

READ MORE 

The Maritime Executive (November 3, 2021) Cyberattack Hits Multiple Greek Shipping Firms

"Multiple Greek shipping companies have been hit by a ransomware attack that spread through the systems of a popular, well-established IT consulting firm, according to Greek outlet Mononews. 

Danaos Management Consultants, the IT service provider whose services were affected by the hack, confirmed the incident and. The company said that Danaos' own shipping operations have not been hit, and that fewer than 10 percent of its external customers had their files encrypted by the ransomware attack. 

An independent cybersecurity company has been contracted to investigate the incident and determine how the ransomware got inside Danaos' customer-facing systems. Meanwhile, the firm is helping affected clients as they try to restore their systems."

READ MORE 

CNN (November 3, 2021) Cyber officials issue sweeping directive requiring federal agencies to update systems vulnerable to hacking

"US officials issued a sweeping directive on Wednesday requiring federal civilian agencies to promptly update hardware and software that is vulnerable to hacking following multiple breaches of government networks in recent years.

The directive gives agencies just two weeks to remediate newly discovered software vulnerabilities, and requires agencies to have a process in place for mitigating the impact of those security issues. The directive does not apply to the Pentagon, which is in charge of its own networks.

The new policy comes after multiple warnings from US cybersecurity officials and outside experts that federal defenses have not kept pace with attempts by cybercriminals and state-sponsored hackers to access sensitive federal information. Alleged Russian hackers were able to go undetected for months last year in the unclassified networks of agencies such as the Justice Department before a private firm discovered the intrusions."

READ MORE 

CyberScoop (November 2, 2021) FBI warns that ransomware scammers are timing hacks to target big business deals

"Companies planning big financial moves should be on guard for ransomware attacks, the FBI warned in an alert on Monday.

Ransomware hackers are “very likely” timing attacks to coincide with financial events, according to the alert, and will threaten to wreak havoc with investors if the victims don’t pay.

In order to pull off the targeted attacks, scammers first identify information that could threaten a victim’s stock value. For instance, between March 2020 and July 2020 two companies under private merger negotiations were infected with ransomware. The FBI also found that a hacking tool popular with ransomware actors was programmed with keyword searches related to stock prices, indicating that attackers were looking for specific information to leverage."

READ MORE

IT PRO (November 1, 2021) Celebrity data leaked after ransomware attack on London's Graff jewellers

"London-based diamond specialist Graff has reportedly been hit by a ransomware attack, prompting an investigation from the Information Commissioner's Office (ICO).

The attack is believed to have been carried out by Conti, an infamous Russia-based ransomware group that has also been blamed for a recent uptick in attacks across the US.
A total of 69,000 documents have been leaked on the dark web already, a number which represents just 1% of the total files Conti has stolen, the hacking group claimed. The list of victims includes high-profile names such as ex-footballers David Beckham and Frank Lampard, former president Donald Trump, actors Tom Hanks and Samuel L Jackson, and disgraced businessman Sir Philip Green, according to the Mail on Sunday, which first reported the story."

READ MORE 

Other Industry News

Biden Administration to Order Federal Agencies to Fix Hundreds of Cyber Flaws - Wall Street Journal (requires a subscription) 

German student app caught out in data breach - Digital Journal

The Groove ransomware gang was a hoax – Krebs on Security 

California Clinic Network Cyber Incident Affects 656,000 - Healthcare Infosecurity 

FTC wants to know when financial data is compromised, will require encryption - CyberScoop 

As hackers take aim at energy companies, mobile phishing surges - SiliconANGLE

Cring ransomware continues assault on industrial organizations with aging applications, VPNs - ZDNet 

Phishing and Spam Lures Feature Sports, Aim to Steal Credentials - Dark Reading 

Phishing attacks are harder to spot on your smartphones. That’s why hackers are using them more - ZDNet

Blog CTA_blog newsletter signup.jpg

Share this Post