Cybersecurity News of the Month - August 2022

Welcome to our monthly instalment of “Cyber Security News of the Month”.

At Secora, we believe that learning from past cybersecurity incidents can enable organisations to better withstand and even prevent future cyber security attacks. With that in mind, in this blog, we take a look back at August’s cyber security breaches, cyber security awareness and hot topic of the month.

Be sure to subscribe to our monthly newsletter to receive the latest cyber security news and advice.

Latest Cyber Security Breaches

German chipmaker falls victim to ransomware attack

In early August, Semikron was hit with a ransomware attack that had partially encrypted its network.

The hacker group behind the attack on the semiconductor manufacturer claimed to have used LV ransomware (a repurposed form of REvil malware) to steal 2TB of company data.

Semikron has yet to confirm if the malicious hackers have stolen data but an alert issued by the German Federal Office for Information stated that the company was blackmailed with threats to leak stolen data.

In a statement issued, the company stated that they were investigating and cleaning up its network in response to the attack and affected customers and partners will be informed when more information becomes available.

Semikron has 24 branches with eight production sites across Germany, Brazil, China, France, India, Italy, Slovakia and the US. The chip manufacturer says 35% of the wind turbines installed annually are operated with its technology.

Cyber attacks hits NHS systems across the UK

Major NHS IT provider, Advanced, confirmed in August that it was hit with a ransomware attack.

The company, which provides digital services for the NHS including patient check-in and NHS 111, stated that it could take up to 3 weeks to recover from the attack.

The hack was discovered on August 4th at 7am. Once found, steps were taken to contain the hackers and restore the services lost.

The NHS insists that disruption is minimal and Advanced would not say whether any NHS data had been stolen in the breach.

Products confirmed to have been affected include Adastra, which is used by NHS 111 service, Caresys and Carenotes, which provide the backbone for care home services like patient notes and visitor booking.

A statement made by Advanced noted that, "We are rebuilding and restoring impacted systems in a separate and secure environment."

An NHS England spokesperson stated, "While Advanced has confirmed that the incident impacting their software is ransomware, the NHS has tried and tested contingency plans in place including robust defences to protect our own networks, as we work with the National Cyber Security Centre to fully understand the impact.

In an updated statement on August 23rd, Advanced confirmed that they completed their investigations on Adastra and will be moving on to reconnect the system and work on a phased basis to reconnect the remaining products.

Smishing attack led to major Twilio breach

Communications giant Twilio has revealed that it was hit with a cyber security breach in which customer data was accessed after hackers successfully handed over their corporate login credentials.

The breach began with a SMS phishing attack, also known as smishing attack, which targeted both current and former company employees. The messages sent claimed to be from Twilio’s IT department stating that their employee credentials expired or their schedule had changed and they needed to log in to a URL controlled by the malicious actors.

In a statement made by the company, Twilio noted that “Typical text bodies suggested that the employee's passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls. The URLs used words including "Twilio," "Okta," and "SSO" to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page.”

“The text messages originated from U.S. carrier networks. We worked with the U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down. Additionally, the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.”

Twilio confirmed the incident occured in early August. Once confirmed, the company's security team revoked access to compromised employee accounts and engaged with a forensics team to help in their investigation into the incident.

Affected customers were notified of the incident. The investigation is still ongoing.

7-Eleven stores in Denmark shut down by ransomware attack

Denmark's 7-Eleven stores were shut down in mid-August due to a ransomware attack affecting its cash registers and payment systems.

Company CEO, Jesper Østergaard, spoke to local TV stations on the incident and stated that once the breach was discovered the stores were closed until the extent of the attack was known.

As of yet, information has not been made public on the exact details of the incident and whether the malicious attackers have made any ransom demands. It does appear that the attacks have been limited to 7-Eleven stores based only in Denmark.

7-Eleven is not the first retailer to have found itself with closed stores following a ransomware attack.

Late last year, UK supermarket chain Spar had its checkouts disabled at over 300 branches.

Earlier in the year, in separate attacks, Swedish branches of Coop were forced to shut after being hit, and an attack on a Dutch supermarket chain resulted in a cheese shortage.

French hospital hit with $10M ransomware attack

The Center Hospitalier Sud Francilien (CHSF), suffered a cyber attack on August 21st resulting in the medical centre referring patients to other centres and postponing surgeries.

The hospital released a statement in which it revealed that its business software, storage systems and information systems relating to patient admissions were made inaccessible by the ransomware attack.

According to an article in La Monde, the malicious hackers responsible for the breach demanded a ransom payment of $10,000,000 in exchange for the decryption key.

A police source told the newspaper that, "An investigation for intrusion into the computer system and for attempted extortion in an organised gang has been opened to the cybercrime section of the Paris prosecutor's office.”

The 1,000 bed hospital located 28km from Paris city centre serviced an area of 600,000 inhabitants, so any disruption in its operations can endanger the health, and even lives, of people in a medical emergency.

Cybersecurity News

Twitter ex Head of Security blows whistle on allegedly reckless and negligent cybersecurity policies

Twitter's former head of security, Peiter "Mudge" Zatko, has blown the whistle on what he characterised as sprawling cybersecurity weaknesses, including vulnerabilities that could lay the social media platform open to cyberattacks and could potentially have major national-security implications.

The 200+ page disclosure, obtained exclusively by CNN and The Washington Post, was sent to Congress detailing issues that he claimed could allow foreign manipulation of users, account hacking and espionage.

German operators sued for GDPR breach

North Rhine-Westphalia’s regional consumer advice bureau Verbraucherzentrale NRW is taking action against German operator trio Telekom Deutschland, Telefónica (O2), and Vodafone, amid allegations of data privacy breaches.

The operators are accused of passing on customer data to credit agencies, violating the European Union’s GDPR legislation.

UK Police investigated 4,300 cyber offences last year – but charged fewer than 100 criminals

“Experimental statistics” which tracked instances of fraud and offences relating to the Computer Misuse Act (CMA) have recently been published in addition to its crime figures.

The data uncovered that there were a total of 28,886 CMA offences from 2021, 4,335 of which were passed onto authorities. The offences investigated in the last year resulted in 97 instances where the offender was charged with a crime or issued with a court summons.

Hot Topic of the Month

Ransomware attacks against Irish businesses on the rise

Irish SME’s have been advised to stay on alert for cyber attacks as ransomware attacks increase.

In a letter sent to Ibec’s Small Firms Association by the National Cyber Security Centre (NCSN) and the Garda National Cyber Crime Bureau (GNCCB) have warned of “a trend of small and medium-sized businesses being increasingly targeted by ransomware groups”.

In the past, these groups typically focussed on larger organisations. However, they noted that "recently there have been several smaller Irish businesses impacted by ransomware".

How our experts can help

Identifying cyber security vulnerabilities without the input of an expert can be a difficult task.

At Secora Consulting, our experts provide a range of services that can help you to assess the security of your organisation. Our cyber security assessment focuses on gaining an insight into weaknesses in your organisation's current security posture which may make you vulnerable to the most common cyber-attacks.

Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems. If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration testing services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get.

Get in touch with us today to discuss your specific requirements.