GlobalSign Blog

The GlobalSign Cybersecurity News Round-Up: Week of September 7, 2020

The GlobalSign Cybersecurity News Round-Up: Week of September 7, 2020

Welcome back to the GlobalSign’s weekly news round-up.

It was a fairly active week for Latin America in terms of significant events. In Argentina, it was reported that a ransomware attack actually halted a border crossing for four hours late last month. This came after the National Direction of Migration was crippled due to a malware attack. The attackers demanded $4B in Bitcoin. Then, in Chile on Monday, the country’s only public bank was forced to shut down its nationwide operations early in the week due to a cyberattack that turned out to be a ransomware launched by REvil.  

Over in the middle east, Israel-based wireless chip and camera sensors manufacturer Tower Semiconductor Ltd. suffered from a serious security breach last weekend. The company seems likely to have been the victim of a ransomware attack, similar to that suffered recently by Israeli software company Sapiens. Tower confirmed that it identified on Friday an incident that forced it to shut down its information and communications systems, but didn't say whether it was the victim of a ransomware attack. 

Here in the US, many school districts are feeling the pain of remote learning as attacks are occurring just as children are heading back to class from home. Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack – the latest in a series of online attacks that have disrupted some schools' return to teaching this fall. Last week, for example, online instruction at Miami-Dade County Public Schools in Florida was disrupted by distributed denial-of-service (DDoS) attacks. These districts join schools in Alabama, Oklahoma and New York, among other locations, that have had their operations affected by some type of online attack in recent weeks.

Given all this activity, no one should be surprised by this new story in ZDNet which states that ransomware accounted for 41% of all cyber insurance claims in the first half of 2020. 

zdnet screenshot cyber insurance claims stats.png

These are just some of the highlights of what’s been happening this week. You can read all the stories covered in this week’s news scan below. Have a great weekend!  

Top Global Security News 

Security Boulevard (September 9, 2020) More than 230 Million US Health Records Have Been Stolen or Lost in Past Decade

The data breach phenomenon has been plaguing the US healthcare sector for more than a decade, with a 2,733% increase between 2009 and 2019, according to a PrivacyAffairs study.

Through analysis of reported healthcare data breaches over the past decade, researchers have revealed some alarming statistics:

3,054 data breaches were disclosed between 2009-2019;230,954,151 healthcare records have been lost, stolen or exposed; and Healthcare data breaches have impacted 70% of US citizens

READ MORE 

Dark Reading (September 9, 2020) Meet the Middlemen Who Connect Cybercriminals With Victims

Ransomware operators looking for victims can find them on the Dark Web, where initial access brokers publish listings containing vague descriptions of businesses they've managed to breach. 

Initial access brokers, the "middlemen" of ransomware attacks, have noticed demand for their services surge as ransomware-as-a-service (RaaS) gains popularity. Their listings have steadily increased over the past two years, with a significant spike in the past six months, according to Digital Shadows researchers who today published an analysis of these threat actors.

The job of an initial access broker is to handle the initial requirements of an attack and streamline the process so RaaS operators can launch a successful infection. The growing reliance on RaaS has created a market for initial access brokers to flourish, explains threat intelligence team lead Alec Alvarado.

READ MORE 

Coin Telegraph (September 8, 2020) Major Chilean bank shuts down all branches following ransomware attack

MBanco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil.

According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. 

Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and proceeded to open.ajor Chilean bank shuts down all branches following ransomware attack

READ MORE 

CTECH (September 9, 2020) Israeli chipmaker Tower confirms cyberattack forced it to shut down systems

Israel-based and Nasdaq-listed wireless chip and camera sensors manufacturer Tower Semiconductor Ltd. (TSEM) has confirmed it has suffered from a serious security breach over the weekend. The company seems likely to have been the victim of a ransomware attack, similar to that suffered recently by Israeli software company Sapiens. Tower confirmed that it identified on Friday an incident that forced it to shut down its information and communications systems, but didn't say whether it was the victim of a ransomware attack. 

The company notified the relevent authorities, including law enforcement, of the incident and reported it to the Tel Aviv Stock Exchange on Sunday. It is still unclear if and what damage the company suffered due to the attack and when it believes it will overcome it. One person familiar with the matter who spoke on condition of anonymity told Calcalist that the company has insurance for damages caused by a cyberattack.

READ MORE 

DataBreach Today (September 8, 2020) Ransomware and DDoS Attacks Disrupt More Schools

The start of classroom and online instruction at Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack - the latest in a series of online attacks that have disrupted some schools' return to teaching this fall. Last week, for example, online instruction at Miami-Dade County Public Schools in Florida was disrupted by distributed denial-of-service attacks.

These districts join schools in Alabama, Oklahoma and New York, among other locations, that have had their operations affected by some type of online attack in recent weeks.

Cybersecurity professionals had been predicting a spike in ransomware attacks this fall as new hybrid learning environments go online and unpatched equipment that has spent months in the homes of students and faculty is reconnected to school networks

READ MORE 

Security Boulevard (September 7, 2020) Ransomware Attack Halts Border Crossing for Four Hours in Argentina

In a rare occurrence, ransomware operators have managed to halt border crossing into and out of Argentina for four hours after infecting the National Direction of Migration with data-crippling malware. Government officials reportedly refused to negotiate with the hackers. 

According to the country’s cybercrime agency, Unidad Fiscal Especializada en Ciberdelincuencia, government officials discovered the breach on August 27. IT reps immediately shut down the computer networks used by immigration offices. With the control posts shut down, border crossings were suspended for four hours while the servers were brought back online, Argentina’s Infobae news site reports. 

“The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory,” the National Directorate of Migration (DNM) said.

READ MORE 

Silicon Angle (September 7, 2020) 186,000 customer records stolen from Australian state government in phishing attack

A trove of data relating to 186,000 customers of an Australian state government agency has been stolen in an attack that targeted employee email accounts.

The attack, reported today, involved Service NSW, an arm of the New South Wales government that providers one-stop access to government services. The theft of data took place in April and included the theft of 738 gigabytes of data consisting of 3.8 million documents.

Those documents included handwritten notes and forms, scans and records of transaction applications. Approximately 500,000 documents included personally identifiable information including drivers licenses, firearms registration, working with children checks, birth certificates, credit card details and medical records. Notably, the data is said to have involved transactions over the phone or over-the-counter at Service NSW centers.

READ MORE 

Other Industry News 

Sophisticated Phishing Scam Targeting Lloyds Bank Customers

NYDFS’ First Cybersecurity Suit Could be a Precursor for Future Privacy Enforcement Actions

What happens to funds once they have been stolen in a cyberattack?

State of Cybersecurity Industry Exposure at Dark Web 

Customers respond to digital transactions, even partial ones

Connecticut Redoubled Election Security Efforts, Official Says

Surge in Cyberattacks Puts Manufacturing OT Systems at Risk

Hack attack! We challenged a cyber firm to break into our phones and emails... the frightening results should be a wake-up call for every reader 

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post