Major Canadian Military Contractor Compromised In Ransomware Attack \/\/TOP\\\\
On September 22, 2021, Debt-IN Consultants, a South African debt collector, was hit by a major ransomware attack, resulting in a significant data breach of consumer and employee personal information.
Major Canadian Military Contractor Compromised in Ransomware Attack
On December 31, 2019, Travelex, a major foreign exchange company, took all its computer systems offline after company systems were infected with Sodinokibi ransomware and the attackers demanded $6 million to remove it.
In June 2019, at least three private Bangladeshi banks were compromised by major cyberattacks, with one, Dutch Bangla Bank Limited (DBBL), losing as much as TK 25 crore (around $3 million). Attackers deployed malware to duplicate DBBL's Switch payment management system, allowing fraudulent financial transactions to be executed undetected. NCC Bank and Prime Bank were also targeted, but both banks reported no financial losses associated with the attack.
In June 2011, bank and retail payment processor Global Payments was hit by a major data breach. The company said unknown attackers had stolen the details of around 1.5 million cards from a handful of servers, with enough information to counterfeit the cards although not customer names or addresses. Details of the intrusion remain scarce, although Vons supermarkets said it detected compromised prepaid credit cards around the same time that appeared related to the Global Payments breach. The incident prompted Mastercard and Visa to warn card-issuing banks about the potential fraud.
An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor\u2019s Uber corporate password on the dark web, after the contractor\u2019s personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractor\u2019s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.
Kaseya said Monday that the breach compromised just 800 to 1,500 of those companies, still making it one of the largest ransomware attacks to date. Hackers thought to be associated with the group REvil requested a $70 million payment in Bitcoin to unlock the compromised data. The attack is not thought to have damaged any U.S. critical infrastructure.
Other cybersecurity professionals, including Luta Security founder & CEO Katie Moussouris, cite the rise of cryptocurrency like Bitcoin as a major reason for the increase in ransomware attacks. The value of Bitcoin, now down from a peak of around $60,000 earlier this year, rose more than 800 percent between April 2020 and April 2021, according to data from CoinDesk. Cryptocurrencies like Bitcoin are less regulated and harder to trace than other forms of payment, making them attractive to hackers.
The majority of incidents in Q2 2022, beginning with access via remote services or CVE exploitation, led to a ransomware attack. This highlights the popularity of compromising external remote services with ransomware threat actor groups, and supports the fact that both ransomware and external remote services, as initial attack vectors, increased this quarter.
Natural gas supplier Superior Plus Corp. confirmed it was the victim of a ransomware attack that occurred on Dec. 12. In a statement on Dec. 14, the Canada-based corporation said it "temporarily disabled certain computer systems and applications" in the wake of an investigation and "is in the process of bringing these systems back online." Independent cybersecurity experts were hired to assist in the investigation. At the time of the statement, Superior Plus said it had "no evidence that the safety or security of any customer or other personal data had been compromised."
Following the May 2021 ransomware attack on a major pipeline, TSA issued several security directives mandating that critical pipeline owners and operators implement several urgently needed cybersecurity measures. In the fourteen months since this attack, the threat posed to this sector has evolved and intensified. Reducing this national security risk requires significant public and private collaboration.
The construction industry is an increasingly appealing target for hackers. Recent examples include Bouygues Construction, a French contractor, falling victim to a ransomware attack in 2020. That same hacker gang, Maze, hit a Canadian construction contractor before its attack on Bouygues.
Cryptocurrency ransomware payments totaled roughly $350 million in 2020, according to Chainanalysis -- an annual increase of over 300% from 2019. And because US companies are legally required to report cyberattacks only if customers' personal information is compromised, that estimate may be far too conservative.
In 2020, 79 ransomware attacks were made on United States government organizations, which added up to $18.8 billion in recovery costs and downtime. Ransomware makes up the majority of all cyberattacks on government agencies; however, only 38% of state and local employees are trained in ransomware prevention.