Hello and welcome back to our blog.
We begin this week with a slew of ransomware attacks in Chile, the Dominican Republic and Argentina. Chile is the most recent victim. The country’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi servers. In the Dominican Republic, the country’s national cybersecurity center said on August 24 its Ministry of Agriculture’s Dominican Agrarian Institute (IAD) was targeted. It has, so far, refused to pay the $650,000 ransom. Earlier in August, Argentina’s Judiciary of Córdoba was struck by ransomware, forcing the organization to shut down systems and services.
The Balkan country of Montenegro has also been struck by ransomware, and the hackers are demanding a massive sum of $10 million. The attack, which was directed at its critical infrastructure, struck on August 19. According to Bleeping Computer, several government spokespeople initially blamed the incident on “Russian services”. However, the Cuba ransomware gang has claimed responsibility for the attack.
The Portuguese-state owned airline TAP Air Portugal is the victim of an attack carried out by the Ragner Locker ransomware gang. First disclosed on August 26 the incident appeared to be successfully blocked. The company, at the time, stated it hadn’t found any evidence of improper access to customer data. But, on August 31, the Ragnar Locker ransomware gang boasted on their leaks website that the airline’s systems were, in fact, breached and that customer data was exfiltrated.
In the United Kingdom, a massive cyberattack against its National Health Service (NHS) continues to wreak havoc since the incident was first announced in early August. This week the NHS announced that some services may be offline for another three months. The attacked has impacted key services, including those used for patient check-ins and medical notes. As a result, some staff have had to rely on pen and paper. It’s also likely it will take months to process the increasing amounts of medical paperwork.
NATO is investigating the leak of data reportedly stolen from European missile systems firm, MBDA Missile Systems, which hackers have put up for sale on the Dark Web. According to a recent BBC story the data includes blueprints of weapons being used by NATO allies in the Ukraine War. MBDA Missile Systems has admitted its data was stolen but claims no classified files were part of it. The information was hacked from a compromised external hard drive. The data was leaked for sale on both Russian and English language forums after MBDA refused to pay the ransom of nearly $300,000.
Holders of student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial got some bad news this week about a data breach via Nelnet Servicing. The breach exposed the data of 2.5 million student loan accounts. The data was exposed after hackers breached technology services provider Nelnet Servicing. The company was breached, which began in June, lasted until July 22. The breach was discovered on August 17.
Top Global Security News
Security Week (September 1, 2022) Ransomware Attacks Target Government Agencies in Latin America
Several government agencies in Latin America were targeted in ransomware attacks in the past months, and the latest victims are Chile and the Dominican Republic.
Chile’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi servers. The ransomware encrypted files on compromised systems and renamed them with the extension .crypt.
The targeted agency appears to be Sernac, the country’s National Consumer Service, which ensures the protection of consumer rights. The organization disclosed the incident on August 25.
Chilean authorities have made public some indicators of compromise (IoC) and based on the available information SecurityWeek believes the incident involved the relatively new RedAlert ransomware, which is also known as N13V.
Security Week (September 1, 2022) Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack
The Ragnar Locker ransomware gang says it has exfiltrated customer data in a cyberattack on Portuguese state-owned flag carrier airline TAP Air Portugal.
The incident was initially disclosed on August 26, when TAP announced on Twitter that it managed to foil the cyberattack before the threat actor could access any customer data.
“TAP was the target of a cyberattack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding,” the company said.
On August 31, however, the Ragnar Locker ransomware gang boasted on their leaks website that the airline’s systems were in fact breached and that customer data was exfiltrated.
BBC News (August 31, 2022) Advanced cyber-attack: NHS doctors’ paperwork piles up
Doctors say it could take months to process mounting piles of medical paperwork caused by a continuing cyber-attack on an NHS supplier.
One out-of-hours GP says patient care is being badly affected as staff enter a fourth week of taking care notes with pen and paper.
The ransomware attack against software and services provider Advanced was first spotted on 4 August.
The company says it may take another 12 weeks to get some services back online.
Bleeping Computer (August 29, 2022) Nelnet Servicing breach exposes data of 2.5M student loan accounts
Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing.
Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts.
Sometime in June, unidentified intruders compromised Nelnet Servicing and stayed on its systems until July 22. The hackers compromised the company’s network likely after exploiting a vulnerability.
Dark Reading (August 29, 2022) NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
NATO is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web, according to a published report.
The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.
Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.
Other Top Cybersecurity Stories
Threat Actor Phishing PyPI Users Identified – Dark Reading
UK Imposes Tough New Cybersecurity Rules for Telecom Providers – Infosecurity
Congress presses big crypto exchanges for details on how they’re fighting scams – The Verge
CISA, NSA and npm Release Software Supply Chain Guidance – Infosecurity
Standards Body Publishes Guidelines for IoT Security Testing – InfoSecurity
Neopets says hackers had access to its systems for 18 months – Bleeping Computer
DoorDash data breach leaves important customer details exposed – Mashable
Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil – Cybersecurity Dive
Researchers discover way to impersonate Okta users in popular cloud environments – SC Media