Welcome back to GlobalSign’s weekly news round-up.
US bookseller Barnes & Noble has confirmed a cyberattack has impacted its Nook eBook reader and storage platform. Customer data may also have been exposed.
The attack appears to have begun last weekend when some customers discovered they were unable to access their Nook libraries, their previous purchases had vanished while others couldn’t log in to the bookseller’s online platform. Also, the attack spread to physical outlets, where it appeared that some cash registers were also temporarily unable to function, leading to speculation the disruption could be due to a malware infection.
German software conglomerate Software AG is working intensely to contain a data leak stemming from a Clop ransomware attack. The attack began on October 3, forcing the company to shut down internal systems and forcing helpdesk and internal communications offline. The tactic used by the attackers is known as a “double extortion”, because not only is data stolen but if the cybercriminal’s demands aren’t met, the data is released for anyone to access on a criminal website. Attackers are demanding a whopping $23 million ransom, though it’s unclear whether the ransom has been paid.
It took three weeks, but Universal Health Services (UHS) has finally gotten its IT under control after a ransomware attack in September that forced 400 of the company’s locations offline. Some sites diverted ambulances during the initial attack stages, while others experienced problems such as delays of lab test results. Ryuk ransomware was suspected but it's not yet been confirmed. It’s also unknown how much the hackers demanded in ransom, or if the health system paid them.
Ransomware has become so pervasive that the G7 released a joint statement this week. In the statement, the G7 discussed how the intensification of ransomware attacks are a growing concern. The group called upon all countries to implement the Financial Action Task Force (FATF) standards to reduce criminals’ access “to and exploitation of financial services, particularly the updated FATF stands on virtual assets.” The FATF is devoted to monitoring global money laundering and terrorist financing, and has been working to address the risks to the assets.
That’s the wrap for this week. There’s much more to read. Hope you can set aside some time to review all the stories. Wishing everyone a terrific weekend.
Top Global Security News
ZDNet (October 15, 2020) Barnes & Noble confirms cyberattack, suspected customer data breach
Barnes & Noble has confirmed a cyberattack impacting Nook services and potentially exposing customer data.
The US bookseller stocks over one million titles at any one time for distribution worldwide. As eBooks emerged as an alternative to traditional literature, in 2009, the company launched the Nook service, an eBook reader and storage platform.
Over the weekend, as reported by Bleeping Computer, Barnes & Noble customers complained across social media of outages. Some customers were unable to access their Nook libraries, their previous purchases had vanished into thin air, others were not able to log in to the firm's online platform, and connectivity issues between sending or loading new books ran rampant.
Sky News (October 13, 2020) Data breach reported as Hackney Council hit by 'serious cyber attack'
Hackney Council has reported a data breach after being hit by what it described as a "serious cyber attack" on Tuesday morning, which is still affecting many of its services and IT systems.
The council says it is working with the UK's National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.
It is not yet clear what type of cyber attack has hit the council, however a spokesperson from the Information Commissioner's Office confirmed to Sky News that it had received a report of a data breach as a result.
coindesk (October 13, 2020) G7 Warns of Crypto Threat From Tidal Wave of Ransomware Attacks
Canadian, French, German, Italian, Japanese, British and American officials said ransomware attacks against schools, hospitals and companies "have intensified in the last two years," and pose a particular threat during the COVID-19 pandemic.
The statement said the G7 member nations will share information related to such threats, including financial information, cyber tactics and procedures, in order to guide coordinated action.
Ransomware attacks burrow into and encrypt malware into computer networks before demanding payment from the victims to unlock their files. But regaining control of one's network is seldom assured.
Computer Weekly (October 12, 2020) Software AG caught in double extortion ransomware hit
German software giant Software AG is racing to contain a major data leak resulting from a double extortion attack that saw its files encrypted and stolen by the operators of the Clop ransomware.
The firm first came under attack on 3 October, and was forced to shut down its internal systems, forcing its helpdesk and internal communications offline, although its core customer-facing services, including its cloud-based services, were unaffected.
At the time of writing, its online support system remained offline and customers were being asked to email a support address with details of their problem instead of using the standard interface.
Bleeping Computer (October 12, 2020) Hackers used VPN flaws to access US govt elections support systems
Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure.
"Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," says a joint security advisory published by CISA and the FBI.
Lawyer Monthly (October 12, 2020) Seyfarth Shaw Targeted in Ransomware Attack
Seyfarth Shaw was targeted over the weekend by “a sophisticated and aggressive malware attack that appears to be ransomware”, the firm said in a statement on Monday.
The attack, which took place on Saturday, was largely foiled. “Our monitoring systems detected the unauthorised activity, and our IT team acted quickly to prevent its spread and protect our systems,” Seyfarth Shaw said in its statement. “However, many of our systems were encrypted, and we have shut them down as a precautionary measure.”
The firm stressed that there was not yet any reason to believe that client data was stolen or tampered with during the attack, and that it was working to bring its systems back online.
Other Industry News
Microsoft fixes Windows certificate spoofing bug abusing CAT files
Miami-based tech company suffers massive 1TB customer and business data leak
Zoom to roll out end-to-end encrypted (E2EE) calls
DOJ formalizes request for encryption back-doors
Blackbaud ransomware attack may have impacted millions of Individuals
Cybercriminals are using legitimate Office 365 services to launch attacks
3 Weeks After Ransomware Attack, All 400 UHS Systems Back Online
Mind the gap – do not risk lapses with one-year certificates
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
