Cyber Bulletins 2021

Cyber risk is developing all the time with hackers being more innovative than ever before and the threat landscape further evolving. Ransomware will remain a dominant threat to organisations and it likely that the frequency and severity of such cyber attacks will increase.

May

14th May

The energy sector continues to be a target for hackers as Colonial Pipeline Co ,who run the largest fuel pipeline in the US has now been hit by a ransomware attack.

It is believed that the company paid a ransom demand of almost $5M to the ransomware gang who call themselves Darkside who seem to be based in Eastern Europe.

Once Colonial were aware of the attack they decided to shut down their operations for six days which caused severe fuel shortages in many US states and lead to panic buying. The incident was serious enough for the President to declare a state of emergency.

It is understood that the hackers stole 100 gigabytes of data and threatened to put this on the internet unless the ransom was paid.

Rumours are afoot that cyber insurance had been purchased and the assumption is that insurers agreed to pay the ransom.

April

21st April

Apple and Quanta received a $50M ransom demand from the REvil ransomware gang after they had stolen blueprints of Apple devices from Quanta who build computer devices. This was timed ahead of a new product release by Apple.

The threat if the ransom was not paid was to double the initial ransom demand to $100M.

Some very technical blueprints were released into the public domain by the gang together with personal details of the Apple employees that were also taken.

It is not know whether the ransom was paid or not.

6th April

It has been announced that a number of cyber-attacks have been experienced by the Mumbai power supply in India.

Malware has been found in the energy supply system and it was necessary to isolate and take action so that preventative measures could be put in place to avoid disruption of services. It is believed that Chinese hackers may have been behind this.

March

25th March

Hackers have managed to compromise the website of the insurance company CNA which lead to them shutting down their network.

Forensic investigators were appointed to ascertain what damage had been caused and what was stolen. It is understood that no customer data was stolen.

22nd March

Significant ransomware demands continue to be in vogue with Acer the latest company to be targeted.

REvil were believed to be behind the $50M ransom demand which is one of the largest ever seen. Documents were published which included confidential spreadsheets and bank balances. Ace would not comment on whether the ransom was paid.

10th March

Storting, the Norwegian parliament has been hit by a cyber-attack where data was stolen which is believed to be linked the Microsoft Exchange server vulnerabilities that recently  impacted many companies.

February

25th February

Npower announced that it has closed down its app as a result of a cyber-attack which some of its customers data to be exposed.

The information that was compromised is understood to be bank details (in part) , contact details , birth dates and addresses.

Npower have advised all of the affected individuals to change their passwords on the app and other accounts that they hold.

It is understood that the ICO have been informed of the incident.

16th February

Pfizer have reported that their computer systems have been subject to a cyber-attack which is believed to be in an effort to obtain information on coronavirus vaccines.

Behind this is thought to have been is a group of North Korean hackers who appear to be very active at the moment targeting a number or organisations with confidential and highly sensitive information.

January

25th January

E.On have taken down their app amid concerns that customers’ log- in details have been stolen as a result of a cyber security attack.

This has impacted customers who use pre-payment methods for their gas and electricity and therefore have been unable to top up their accounts resulting in no power in their homes. Customers it is understood will utilise the company’s website to make payments.

It has not been discovered how the attack took place and an investigation is currently underway.

16th January

Wentworth golf club has revealed that it has been hacked with the personal details of all its members being taken.

12th January

The United Nations (UN) has been subject to a significant data breach where ID’s names and travel details were compromised.

It is understood that 100,000 employees of  the United Nations Environmental Programme have had their data compromised. This occurred as a result of a vulnerability which provided access to the employees records.

This was discovered by the ethical hacker and security research group Sakura Samurai. Git Directories and Git credential files on domains linked to this part of the UN.

4th January

T-Mobile have announced that hackers have managed to gain access to call records of their customers.

It is understood that personal details were stolen and that this impacted only a limited number of customers.