Cybersecurity News Round-Up: Week of August 29, 2022

70

Hello and welcome back to our blog.

We start this week with a series of ransomware attacks in Chile, the Dominican Republic and Argentina. Chile is the latest victim. The country’s Interior Ministry reported last week that a government agency had disrupted systems and online services due to ransomware targeting Windows and VMware ESXi servers. In the Dominican Republic, the country’s national cyber security center announced on August 24 that the Ministry of Agriculture’s Dominican Agrarian Institute (IAD) had been attacked. So far, he has refused to pay the $650,000 ransom. Earlier in August, Argentina’s Judiciary of Córdoba was hit by ransomware, forcing the organization to shut down systems and services.

The Balkan country of Montenegro has also been hit by ransomware, with hackers demanding a whopping $10 million. The attack, which targeted its critical infrastructure, took place on August 19. According to Bleeping Computer, several government spokesmen initially blamed “Russian services” for the incident. However, a Cuban ransomware gang claimed responsibility for the attack.

Portuguese state-owned airline TAP Air Portugal is the victim of an attack by the Ragner Locker ransomware gang. First reported on August 26, the incident appears to have been successfully blocked. The company said at the time that it had found no evidence of improper access to customer data. But on August 31, the Ragnar Locker ransomware gang boasted on its leak website that the airline’s systems had, in fact, been breached and customer data exfiltrated.

In the United Kingdom, a massive cyber attack on its National Health Service (NHS) has continued to wreak havoc since the incident was first reported in early August. This week the NHS announced that some services could be offline for another three months. The attack affected key services, including those used for patient registrations and medical notes. As a result, some employees had to rely on pen and paper. It is also likely that it will take months to process the increasing amount of medical records.

NATO is investigating a leak of data allegedly stolen from European missile systems firm MBDA Missile Systems, which hackers put up for sale on the Dark Web. According to a recent BBC story, the data includes blueprints for weapons used by NATO allies in the war in Ukraine. MBDA Missile Systems has admitted that its data was stolen, but claims that no classified files were part of it. The information was hacked from a compromised external hard drive. The data was leaked for sale on Russian- and English-language forums after MBDA refused to pay a ransom of nearly $300,000.

Student loan holders from the Oklahoma Student Loan Authority (OSLA) and EdFinancial received bad news this week about a data breach by Nelnet Servicing. The breach exposed data on 2.5 million student loan accounts. The data was discovered after hackers broke into technology services provider Nelnet Servicing. The breach of the company, which began in June, lasted until July 22, and the breach was discovered on August 17.

Top global security news

Security Week (September 1, 2022) Ransomware attacks target government agencies in Latin America

Several government agencies in Latin America have been targeted by ransomware attacks in recent months, with Chile and the Dominican Republic the latest victims.

Chile’s Ministry of the Interior reported last week that a government agency had disrupted systems and online services due to ransomware targeting Windows and VMware ESXi servers. Ransomware encrypted files on compromised systems and renamed them with a .crypt extension.

The agency targeted seems to be Sernac, the National Service for Consumer Protection, which ensures the protection of consumer rights. The organization disclosed the incident on August 25.

Chilean authorities have released some indicators of compromise (IoC) and based on available information, SecurityWeek believes the incident involved the relatively new RedAlert ransomware, which is also known as N13V.

READ MORE

Safety week (September 1, 2022) Ransomware gang claims customer data stolen in TAP Air Portugal hack
The Ragnar Locker ransomware gang says it exfiltrated customer data in a cyberattack on Portugal’s state-owned airline TAP Air Portugal.

The incident was initially disclosed on August 26, when TAP announced on Twitter that it was able to stop the cyberattack before the threat could access any user data.

“TAP was the target of a cyber attack, now blocked. Operational integrity is guaranteed. No facts were found that would allow us to conclude that there was improper access to user data. The website and app still have some instability. Thank you for your understanding”, the company said.

However, on August 31, the Ragnar Locker ransomware gang boasted on its leak website that the airline’s systems had actually been breached and customer data exfiltrated.

READ MORE

BBC News (31 August 2022) Advanced cyber attack: NHS doctors’ paperwork piles up

Doctors say it could take months to process the backlog of medical records caused by the ongoing cyber attack on an NHS provider.

One out-of-hours GP says patient care has been hit hard as staff enter their fourth week of pen-and-paper note-taking.

The ransomware attack on software and service provider Advanced was first spotted on August 4.

The company says it may take another 12 weeks to bring some services back online.

READ MORE

Bleeping Computer (August 29, 2022​​​​) Nelnet servicing breach exposes data on 2.5 million student loan accounts

Information on more than 2.5 million individuals with student loans from the Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology service provider Nelnet Servicing.

OSLA and EdFinancial use Nelnet Servicing’s technology services, including a web portal, to provide student loan borrowers with online access to their loan accounts.

Sometime in June, unidentified intruders compromised Nelnet Servicing and remained on its systems until July 22. Hackers compromised the company’s network possibly after exploiting a vulnerability.

READ MORE

Dark Reading (August 29, 2022) NATO Investigates Dark Web Leak of Data Stolen From Missile Supplier

NATO is investigating a leak of data allegedly stolen from a European missile systems firm that hackers put up for sale on the Dark Web, according to a published report.

The leaked data includes blueprints for weapons used by Ukraine in its current war with Russia.

France-based integrated defense company MBDA Missile Systems has admitted that data from its systems was part of a cache sold by threat actors on hacking forums after what appeared to be a ransomware attack.

READ MORE

Other top cybersecurity stories

Identified PyPI users as a threat actor – Dark reading

UK imposes tough new cyber security rules on telecom providers – Infosecurity

Congress Presses Major Crypto Exchanges for Details on How They Fight Fraud – The Verge

CISA, NSA and npm issue Software Supply Chain Guidelines – Infosecurity

Standards body publishes guidelines for Internet of Things security testing – InfoSecurity

Neopets says hackers had access to its systems for 18 months – Bleeping Computer

DoorDash Data Breach Leaves Important Customer Details Exposed – Mashable

Cyber ​​insurance guidance change from Lloyd’s reflects market turmoil – Cybersecurity Dive

Researchers discover a way to impersonate Okta users in popular cloud environments – SC Media

Comments are closed.