Welcome back to the GlobalSign’s weekly news round-up.
It was a fairly active week for Latin America in terms of significant events. In Argentina, it was reported that a ransomware attack actually halted a border crossing for four hours late last month. This came after the National Direction of Migration was crippled due to a malware attack. The attackers demanded $4B in Bitcoin. Then, in Chile on Monday, the country’s only public bank was forced to shut down its nationwide operations early in the week due to a cyberattack that turned out to be a ransomware launched by REvil.
Over in the middle east, Israel-based wireless chip and camera sensors manufacturer Tower Semiconductor Ltd. suffered from a serious security breach last weekend. The company seems likely to have been the victim of a ransomware attack, similar to that suffered recently by Israeli software company Sapiens. Tower confirmed that it identified on Friday an incident that forced it to shut down its information and communications systems, but didn't say whether it was the victim of a ransomware attack.
Here in the US, many school districts are feeling the pain of remote learning as attacks are occurring just as children are heading back to class from home. Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack – the latest in a series of online attacks that have disrupted some schools' return to teaching this fall. Last week, for example, online instruction at Miami-Dade County Public Schools in Florida was disrupted by distributed denial-of-service (DDoS) attacks. These districts join schools in Alabama, Oklahoma and New York, among other locations, that have had their operations affected by some type of online attack in recent weeks.
Given all this activity, no one should be surprised by this new story in ZDNet which states that ransomware accounted for 41% of all cyber insurance claims in the first half of 2020.
These are just some of the highlights of what’s been happening this week. You can read all the stories covered in this week’s news scan below. Have a great weekend!
Top Global Security News
Security Boulevard (September 9, 2020) More than 230 Million US Health Records Have Been Stolen or Lost in Past Decade
The data breach phenomenon has been plaguing the US healthcare sector for more than a decade, with a 2,733% increase between 2009 and 2019, according to a PrivacyAffairs study.
Through analysis of reported healthcare data breaches over the past decade, researchers have revealed some alarming statistics:
3,054 data breaches were disclosed between 2009-2019;230,954,151 healthcare records have been lost, stolen or exposed; and Healthcare data breaches have impacted 70% of US citizens
Dark Reading (September 9, 2020) Meet the Middlemen Who Connect Cybercriminals With Victims
Ransomware operators looking for victims can find them on the Dark Web, where initial access brokers publish listings containing vague descriptions of businesses they've managed to breach.
Initial access brokers, the "middlemen" of ransomware attacks, have noticed demand for their services surge as ransomware-as-a-service (RaaS) gains popularity. Their listings have steadily increased over the past two years, with a significant spike in the past six months, according to Digital Shadows researchers who today published an analysis of these threat actors.
The job of an initial access broker is to handle the initial requirements of an attack and streamline the process so RaaS operators can launch a successful infection. The growing reliance on RaaS has created a market for initial access brokers to flourish, explains threat intelligence team lead Alec Alvarado.
Coin Telegraph (September 8, 2020) Major Chilean bank shuts down all branches following ransomware attack
MBanco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil.
According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident.
Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and proceeded to open.ajor Chilean bank shuts down all branches following ransomware attack
CTECH (September 9, 2020) Israeli chipmaker Tower confirms cyberattack forced it to shut down systems
Israel-based and Nasdaq-listed wireless chip and camera sensors manufacturer Tower Semiconductor Ltd. (TSEM) has confirmed it has suffered from a serious security breach over the weekend. The company seems likely to have been the victim of a ransomware attack, similar to that suffered recently by Israeli software company Sapiens. Tower confirmed that it identified on Friday an incident that forced it to shut down its information and communications systems, but didn't say whether it was the victim of a ransomware attack.
The company notified the relevent authorities, including law enforcement, of the incident and reported it to the Tel Aviv Stock Exchange on Sunday. It is still unclear if and what damage the company suffered due to the attack and when it believes it will overcome it. One person familiar with the matter who spoke on condition of anonymity told Calcalist that the company has insurance for damages caused by a cyberattack.
DataBreach Today (September 8, 2020) Ransomware and DDoS Attacks Disrupt More Schools
The start of classroom and online instruction at Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack - the latest in a series of online attacks that have disrupted some schools' return to teaching this fall. Last week, for example, online instruction at Miami-Dade County Public Schools in Florida was disrupted by distributed denial-of-service attacks.
These districts join schools in Alabama, Oklahoma and New York, among other locations, that have had their operations affected by some type of online attack in recent weeks.
Cybersecurity professionals had been predicting a spike in ransomware attacks this fall as new hybrid learning environments go online and unpatched equipment that has spent months in the homes of students and faculty is reconnected to school networks
Security Boulevard (September 7, 2020) Ransomware Attack Halts Border Crossing for Four Hours in Argentina
In a rare occurrence, ransomware operators have managed to halt border crossing into and out of Argentina for four hours after infecting the National Direction of Migration with data-crippling malware. Government officials reportedly refused to negotiate with the hackers.
According to the country’s cybercrime agency, Unidad Fiscal Especializada en Ciberdelincuencia, government officials discovered the breach on August 27. IT reps immediately shut down the computer networks used by immigration offices. With the control posts shut down, border crossings were suspended for four hours while the servers were brought back online, Argentina’s Infobae news site reports.
“The Comprehensive Migration Capture System (SICaM) that operates in international crossings was particularly affected, which caused delays in entry and exit to the national territory,” the National Directorate of Migration (DNM) said.
Silicon Angle (September 7, 2020) 186,000 customer records stolen from Australian state government in phishing attack
A trove of data relating to 186,000 customers of an Australian state government agency has been stolen in an attack that targeted employee email accounts.
The attack, reported today, involved Service NSW, an arm of the New South Wales government that providers one-stop access to government services. The theft of data took place in April and included the theft of 738 gigabytes of data consisting of 3.8 million documents.
Those documents included handwritten notes and forms, scans and records of transaction applications. Approximately 500,000 documents included personally identifiable information including drivers licenses, firearms registration, working with children checks, birth certificates, credit card details and medical records. Notably, the data is said to have involved transactions over the phone or over-the-counter at Service NSW centers.
Other Industry News
Sophisticated Phishing Scam Targeting Lloyds Bank Customers
NYDFS’ First Cybersecurity Suit Could be a Precursor for Future Privacy Enforcement Actions
What happens to funds once they have been stolen in a cyberattack?
State of Cybersecurity Industry Exposure at Dark Web
Customers respond to digital transactions, even partial ones
Connecticut Redoubled Election Security Efforts, Official Says
Surge in Cyberattacks Puts Manufacturing OT Systems at Risk
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.