Cyber Bulletins 2021

Cyber risk is developing all the time with hackers being more innovative than ever before and the threat landscape further evolving. Ransomware will remain a dominant threat to organisations and it likely that the frequency and severity of such cyber attacks will increase.

June

10th June

Game publisher Electronic Arts (EA) has been the subject of a cyber-attack where hackers have claimed to have stolen various source codes. This may have included FIFA21 and the Frostbite game engine.

It is understood that no data of players has been taken by the hackers.

8th June

Fastly, a US cloud computing services provider has suffered a major outage that has impacted a number of high profile websites that include Amazon,Reddit,The Guardian and the FT.

It is understood that they had issues with their global content delivery network (CDN) which was in the process of being fixed. It appears that  a service configuration triggered disruption across POPS (points of presence) globally and as result the configuration was disabled.

The websites were down for about an hour before they were restored. An hours downtime could cost companies about GBP250,000 which could be covered by service level agreements that are typically in place for such cloud services.

1st June

JBS, one of the largest beef producers in the world has been targeted by a Russian ransomware gang.

A ransom was demanded and it has been revealed that a sum in bitcoins equivalent to USD11M was paid to the hackers. This was very reluctantly paid as JBS so as avoid harm to their customers.

No employee or customer was it believed has not been compromised.

It  is understood that the FBI are investigating the incident and that the White House is in contact with Russia.

May

22nd May

Air India has revealed that a data breach that took place in February this year affected four and half million passengers.

The information included names , passport and credit card details but it understood that no passwords were compromised.

The airline advised that they had appointed specialists in order to manage the incident and notified any affected credit card users.

21st May

It is understood that the US insurance company CNA may have paid a USD40M ransom following the ransomware attack that took place in March this year.

If this was the case this would be one of the highest ransoms ever paid to hackers. The original demand was believed to be USD60M.

The attack was believed to have been instigated by Evil Corp which is a Russian cybercrime organisation.

16th May

One the worlds’ leading insurers AXA has been subject to a ransomware attack carried out by the Avaddon ransomware group. It is believed that 3TB of data was taken from their Asian offices.

The data included insurance related details such as medical reports, bank account details and claim forms.

The ransom ware group also carried out a DDoS attack on a number of websites so that customers could be prevented from accessing these.

15th May

The Health Service Executive in Ireland has given warning of a significant data breach to the Data Protection Commission following a ransomware attack.

The incident has severely hit the operation of Ireland’s health services and it is believed that 520 patients have had their personal information released.

The very worrying impact of this is that this has had a very considerable impact on the treatment of patients and those being treated for cancer.

The ransomware gang initially demanded a ransom of Euro 16.40M which has not been paid.

HSE are continuing to restore their systems and have announced that the attack may cost them circa Euro100M.

14th May

The energy sector continues to be a target for hackers as Colonial Pipeline Co ,who run the largest fuel pipeline in the US has now been hit by a ransomware attack.

It is believed that the company paid a ransom demand of almost $5M to the ransomware gang who call themselves Darkside who seem to be based in Eastern Europe.

Once Colonial were aware of the attack they decided to shut down their operations for six days which caused severe fuel shortages in many US states and lead to panic buying. The incident was serious enough for the President to declare a state of emergency.

It is understood that the hackers stole 100 gigabytes of data and threatened to put this on the internet unless the ransom was paid.

Rumours are afoot that cyber insurance had been purchased and the assumption is that insurers agreed to pay the ransom.

April

21st April

Apple and Quanta received a $50M ransom demand from the REvil ransomware gang after they had stolen blueprints of Apple devices from Quanta who build computer devices. This was timed ahead of a new product release by Apple.

The threat if the ransom was not paid was to double the initial ransom demand to $100M.

Some very technical blueprints were released into the public domain by the gang together with personal details of the Apple employees that were also taken.

It is not know whether the ransom was paid or not.

6th April

It has been announced that a number of cyber-attacks have been experienced by the Mumbai power supply in India.

Malware has been found in the energy supply system and it was necessary to isolate and take action so that preventative measures could be put in place to avoid disruption of services. It is believed that Chinese hackers may have been behind this.

March

25th March

Hackers have managed to compromise the website of the insurance company CNA which lead to them shutting down their network.

Forensic investigators were appointed to ascertain what damage had been caused and what was stolen. It is understood that no customer data was stolen.

22nd March

Significant ransomware demands continue to be in vogue with Acer the latest company to be targeted.

REvil were believed to be behind the $50M ransom demand which is one of the largest ever seen. Documents were published which included confidential spreadsheets and bank balances. Ace would not comment on whether the ransom was paid.

10th March

Storting, the Norwegian parliament has been hit by a cyber-attack where data was stolen which is believed to be linked the Microsoft Exchange server vulnerabilities that recently  impacted many companies.

February

25th February

Npower announced that it has closed down its app as a result of a cyber-attack which some of its customers data to be exposed.

The information that was compromised is understood to be bank details (in part) , contact details , birth dates and addresses.

Npower have advised all of the affected individuals to change their passwords on the app and other accounts that they hold.

It is understood that the ICO have been informed of the incident.

16th February

Pfizer have reported that their computer systems have been subject to a cyber-attack which is believed to be in an effort to obtain information on coronavirus vaccines.

Behind this is thought to have been is a group of North Korean hackers who appear to be very active at the moment targeting a number or organisations with confidential and highly sensitive information.

January

25th January

E.On have taken down their app amid concerns that customers’ log- in details have been stolen as a result of a cyber security attack.

This has impacted customers who use pre-payment methods for their gas and electricity and therefore have been unable to top up their accounts resulting in no power in their homes. Customers it is understood will utilise the company’s website to make payments.

It has not been discovered how the attack took place and an investigation is currently underway.

16th January

Wentworth golf club has revealed that it has been hacked with the personal details of all its members being taken.

12th January

The United Nations (UN) has been subject to a significant data breach where ID’s names and travel details were compromised.

It is understood that 100,000 employees of  the United Nations Environmental Programme have had their data compromised. This occurred as a result of a vulnerability which provided access to the employees records.

This was discovered by the ethical hacker and security research group Sakura Samurai. Git Directories and Git credential files on domains linked to this part of the UN.

4th January

T-Mobile have announced that hackers have managed to gain access to call records of their customers.

It is understood that personal details were stolen and that this impacted only a limited number of customers.