WEEK OF JANUARY 24, 2022
Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt
- EU data protection authorities have handed out a total of $1.2 billion in fines over breaches of the bloc’s GDPR law since Jan. 28, 2021, according to law firm DLA Piper.
- GDPR, which has been in force since 2018, aims to give consumers in Europe more control over their information.
- DLA Piper says a major “headache” for organizations going forward is legal uncertainty surrounding EU-U.S. data transfers.
Dozens of computers in Ukraine wiped with destructive malware in coordinated attack
- The tool, called WhisperGate, wiped seven workstations at one government agency in Ukraine and wiped a combination of workstations and servers at the second agency.
- The web sites of the same two agencies were also defaced last week in an operation that targeted at least 70 government web sites, and the official says the government now believes the defacements and wiper attack were part of the same multi-pronged operation.
- Last Thursday dozens of government agencies in Ukraine were targeted in a web site defacement campaign in which hackers replaced the main web page at some of the sites with a politically charged message. On the same day the defacements occurred, Microsoft detected destructive wiper malware on dozens of systems belonging to several entities in Ukraine — including some whose web sites were defaced.
- Wipers delete or overwrite important system files, rendering systems unable to boot up or otherwise operate.
Gloucester Council cyber attack linked to Russian hackers
- A cyber attack which has knocked out parts of a council website has been linked to the work of Russian hackers.
- According to the Local Democracy Reporting Service, the malware made its way into the local authority’s system embedded in an email which had been sent to a council officer.
- The harmful software, known as sleeper malware, is understood to have been dormant for some time before it was activated.
- Other local authorities and government agencies are currently blocking the council’s emails. Online application forms used to claim for housing benefit, council tax support, test and trace support payments, discretionary housing payments and several other services have been delayed or are unavailable.
U.S. examining Alibaba’s cloud unit for national security risks – sources
- The focus of the probe is on how the company stores U.S. clients’ data, including personal information and intellectual property, and whether the Chinese government could gain access to it, the people said.
- The potential for Beijing to disrupt access by U.S. users to their information stored on Alibaba cloud is also a concern, one of the people said.
- U.S. regulators could ultimately choose to force the company to take measures to reduce the risks posed by the cloud business or prohibit Americans at home and abroad from using the service altogether. The U.S.-listed shares of Alibaba fell nearly 3% before the market open Tuesday and were last trading down just over 1%.
800,000 passwords, 50,000 targets: A huge Nigerian fraud operation busted
- One of the larger Nigerian cybercrime gangs, known as SilverTerrier, has been hit in a law enforcement operation, with 11 individuals arrested in December, Interpol announced on Wednesday.
- These so-called BEC scams help criminals find a way to intercept emails, either via hacking into accounts or spoofing email addresses, and trick companies into sending funds to the fraudsters rather than business partners with whom they believed they were interacting.
- According to the FBI’s most recent annual cybercrime report, losses totaled $1.8 billion in 2020 alone, with global losses estimated to be close to $5 billion in the years between 2018 and 2020. That makes it a far more financially damaging crime than ransomware, one of the better-known kinds of cyberattack.
Former DHS official charged with stealing govt employees’ PII
- A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII).
- While working at these government agencies, the defendant had access to multiple software systems and sensitive government databases that held sensitive personally-identifying information of DHS and USPS employees.
- The PII was copied from DHS-OIG’s EDS system, DHS-OIG’s EDS source code, including an eSubpoena module, DHS-OIG’s database, and USPS-OIG’s STARS database and PARIS system.
- The conspirators also purportedly misappropriated a key management services code and multiple activation keys associated with various Microsoft software products.