WEEK OF AUGUST 08, 2022
German Chambers of Industry and Commerce hit by ‘massive’ cyberattack
- The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.
- A short statement published on the DIHK site describes the shutdown as a precaution and a way to give IT teams time to develop a solution and build up defense.
- While the cyberattack carries the signs of ransomware, with systems being shut down to prevent the spread of the malware, this hasn’t been officially confirmed yet.
- Also, there have been no announcements of successfully compromising DIHK on any of the major ransomware extortion sites, although it would be too early for that.
EPFO pension scheme holders’ data exposed online, says security researcher
- A Ukraine-based researcher has claimed that about 288 million personal records of the EPS holders in the EPFO, were exposed online before being taken off the Internet.
- The security researcher’s claim about the data exposed online was yet to be verified by the EPFO, national cyber agency CERT-In or the IT Ministry.
- Bob Diachenko, cyber threat intelligence director and journalist at SecurityDiscovery.com, claimed that their systems identified two separate IPs with Universal Account Number (UAN) data.
- Each record contained personal information, including marital status, gender and date of birth, UAN, bank account number and employment status, among others.
Twitter fixes security bug that exposed at least 5.4 million accounts
- Twitter says it has fixed a security vulnerability that allowed threat actors to compile information of 5.4 million Twitter accounts, which were listed for sale on a known cybercrime forum.
- The vulnerability allowed anyone to enter a phone number or an email address of a known user and learn if it was tied to an existing Twitter account, potentially exposing the identities of pseudonymous accounts.
- Twitter said it fixed the bug in January — six months after the bug was initially introduced to its codebase — after a bug bounty report by a security researcher, who was awarded $6,000 for disclosing the vulnerability.
Neuro practice tells 363,000 that PHI was posted on dark web
- An Indiana neurology practice is notifying nearly 363,000 individuals that their sensitive information was compromised in a recent ransomware attack – and that some of their data was posted on the dark web.
- The practice does not identify the ransomware group or data leak site, but Russian ransomware group Hive – which was the subject of a recent federal advisory to the healthcare sector – is implicated in the attack. Hive has been aggressively targeting the U.S. healthcare sector.
- Nerve and gray matter specialists Goodman Campbell Brain and Spine, in a data breach report to Maine’s attorney general on July 19, says a “sophisticated” ransomware attack, which affected its computer network and communications system – including email and phones – resulted in a compromise to patient and employee information.
Disruptive cyberattacks on NATO member Albania linked to Iran
- The recent cyberattacks that disrupted government systems in NATO member Albania have been linked by threat intelligence giant Mandiant to Iran.
- The Albanian government announced in mid-July that it was forced to shut down some public online services due to a cyberattack. Mandiant has investigated the incident, which led to the discovery of a new piece of ransomware.
- Mandiant researchers came across the ransomware after it had been uploaded from Albania to a public malware repository a few days after the cyberattack was launched. The ransomware has been named Roadsweep.
Hackers leak Spinneys customer data in UAE
- Retailer confirms incident, assures no personal banking information has been compromised.
- In a statement, Spinneys said that the retail chain is aware of unverified emails being sent out from unidentifiable email addresses and that a ransomware group may have leaked data hacked from its internal server.
- “We continue to work closely with the E-Crime Department at Dubai Police to actively investigate the matter, and keep our customers up to date,” the company said.