Welcome to another weekly cybersecurity news wrap-up.
The past week has been all about continued attacks against a wide variety of organizations. The most concerning is a series of incidents at companies and government institutions involved with the distribution of Covid-19 vaccinations. IBM’s cybersecurity task force has been dedicated to tracking down these threats and several days ago announced the discovery of fraudulent emails impersonating a Chinese business executive at a credible cold-chain supply company. The emails, dating to September, targeted organizations in Italy, Germany, South Korea, the Czech Republic, greater Europe and Taiwan.
Another sector of the medical space impacted by hackers was fertility. U.S. Fertility, one of the largest networks of fertility clinics in the United States last week confirmed it was hit by a ransomware attack, and as a direct result, a data breach. U.S. Fertility – which has 55 locations country-wide – said the hackers “acquired a limited number of files” during the month that they were in its systems, until the ransomware was triggered on September 14.
Meanwhile, schools in Baltimore County, Maryland have been reeling from a significant ransomware attack. Students were unable to attend classes for several days and those who have Microsoft Windows-based devices were advised to not use them until further notice (though Chromebooks were not affected). As many as 115,000 students were unable to attend classes due to the incident. This crisis is just the latest in a series of cyber attacks Baltimore has been plagued by over the past several years. In 2019, the city’s government was “held hostage” by hackers and in 2018 its 9-1-1 system was hit with an attack.
Also, French IT services firm Sopra Steria, the company has been hit by a Ryuk ransomware attack. According to BankInfoecurity, it could trigger up to €50 million ($59 million) in recovery costs, and the company will receive a $35 million cyber insurance payout following the ransomware attack. The attack was discovered on October 20 when cybercriminals used Ryuk ransomware to steal Sopra Steria’s data and lock its database. Once the hack was identified, the company implemented security measures to contain it and protect its customers and partners. It appears the company has not said whether any leaked data or damage caused to its customers’ information systems as a result of the incident.
There was also a significant hack at chip maker Adventech. The company confirmed that it received a ransom note from a Conti ransomware operation on Nov. 26 demanding 750 Bitcoin (about $14 M) to decrypt compromised files and delete the data they stole. To add insult to injury, the hackers published a list of files from a stolen .zip archive on their leak site. Their ransom note claimed that the 3.03GB of data posted on the leak site accounted for about 2 percent of the total amount of data lifted ripped off from Advantech.
That’s the wrap up of this week’s top stories. Thanks for stopping by our blog!
Top Security News
NYTimes.com (December 3, 2020) Cyberattacks Discovered on Vaccine Distribution Operations
A series of cyberattacks is underway aimed at the companies and government organizations that will be distributing coronavirus vaccines around the world, IBM’s cybersecurity division has found, though it is unclear whether the goal is to steal the technology for keeping the vaccines refrigerated in transit or to sabotage the movements.
The findings are alarming enough that the Department of Homeland Security plans to issue its own warning on Thursday to Operation Warp Speed, the Trump administration’s effort to develop and distribute coronavirus vaccines, federal officials said.
Baltimore Brew (December 2, 2020) Baltimore County Attorney warns school administration not to negotiate with hackers
A top Baltimore County official has warned school administrators not to pay ransom to the cyber-criminals who infected the Baltimore County Public Schools computer network last week, pointing out the group could be on a federal government watch list.
The school system’s apparent willingness to engage the hackers has created tension with others, including Baltimore County Executive Johnny Olszewski, who feels his administration has been shut out of the process, multiple sources tell The Brew.
The county’s top lawyer informed BCPS in a letter that acceding to ransom demands could expose Baltimore County, as well as the school system, to “severe penalties” by the federal government.
Threatpost (November 30, 2020) Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand
Advantech, the chip manufacturer, has confirmed that it received a ransom note from a Conti ransomware operation on Nov. 26 demanding 750 Bitcoin, which translates into about $14 million, to decrypt compromised files and delete the data they stole.
Just to let Advantech know they weren’t bluffing, the scammers published a list of files from a stolen .zip archive on their leak site. The ransom note claimed that the 3.03GB of data posted on the leak site accounted for about 2 percent of the total amount of data lifted ripped off from Advantech.
Advantech specializes in internet-of-things (IoT) intelligent systems, Industry 4.0, machine automation, embedded computing, embedded systems, transportation and more.
PETA pixel (November 30, 2020) Canon Confirms August Ransomware Attack: Troves of Employees’ Personal Information Were Stolen
Canon has published a notice that confirms a ransomware attack on its servers that took place between July 20 and August 6, 2020. The company notes that the attack targeted a server containing a significant amount of its employees’ personal information.
Initial reports of the ransomware attack claimed that over 10 terabytes of data was stolen and and leaked internal emails at the time confirmed a massive attack. Canon states that it became aware of the ransomware on August 4 and “immediately began to investigate” the situation. The company brought on a cybersecurity firm and worked with law enforcement to support the investigation.
MSSP Alert (November 30, 2020) Ryuk Ransomware Attack Could Cost French IT Services Firm Nearly $60M
Sopra Steria, a French IT services firm and MSP that specializes in digital transformation, has experienced a Ryuk ransomware attack that could trigger up to €50 million ($59 million) in recovery costs, according to BankInfoSecurity. The company also will receive a $35 million cyber insurance payout following the ransomware attack and does not expect the incident to impact its fourth-quarter sales results.
Sopra Steria discovered the Ryuk attack on October 20, the company said. Cybercriminals used Ryuk to steal Sopra Steria’s data and lock its database during the attack.
After Sopra Steria identified the Ryuk attack, the company implemented security measures to contain the attack and protect its customers and partners. Sopra Steria did not identify any leaked data or damage caused to its customers’ information systems as a result of the Ryuk attack.
TechCrunch (November 26, 2020) US Fertility says patient data was stolen in a ransomware attack
U.S. Fertility, one of the largest networks of fertility clinics in the United States, has confirmed it was hit by a ransomware attack and that data was taken.
The company was formed in May as a partnership between Shady Grove Fertility, a fertility clinic with dozens of locations across the U.S. East Coast, and Amulet Capital Partners, a private equity firm that invests largely in the healthcare space. As a joint venture, U.S. Fertility now claims 55 locations across the U.S., including California.
In a statement, U.S. Fertility said that the hackers “acquired a limited number of files” during the month that they were in its systems, until the ransomware was triggered on September 14. That’s a common technique of data-stealing ransomware, which steals data before encrypting the victim’s network for ransom. Some ransomware groups publish the stolen files on their websites if their ransom demand isn’t paid.
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.