Ransomware attack forces French hospital to transfer patients

A ransomware attack affecting phone and computer systems of the André-Mignot teaching hospital in the suburbs of Paris forced the institution to shut down. While a ransom of an unspecified amount has been demanded, a spokesperson for the hospital had stated that they have no intention of paying it. The attack has caused the hospital to cancel operations and transfer six patients from its neonatal and intensive care units to other health facilities. The attack is currently being investigated by the French National Authority for Security and Defense of Information Systems (ANSSI).

Spoofing services website causing worldwide loss has been taken down

In an internationally coordinated action led by the UK and supported by Europol and Eurojust, 142 suspects have been arrested for allegedly running a website that offered spoofing services. These services allowed cybercriminals to impersonate trusted corporations such as banks, retail companies, and government institutions and then access sensitive information. Evidence shows that the estimated worldwide loss has been more than EUR 115 million. National authorities from the EU, Australia, and Canada supported the investigation. At the same time, Europol’s European Cybercrime Centre (EC3) provided a secure platform and was thus able to identify additional users of spoofing services.

Singapore-based Group-IB identified 34 Russian cybercrime groups

The Singapore-based research team, Group-IB, has identified 34 Russian cybercrime groups responsible for distributing info-stealing malware under the stealer-as-a-service model. The cybercriminals use this type of malware to target users of Steam, Roblox, and Amazon in 111 countries, obtaining user credentials stored in browsers, bank card details, and crypto wallet information from infected computers and selling them on the dark web. Group-IB estimates that more than 890,000 devices in 111 countries in the first seven months of 2022 have been infected. The five most attacked countries are the USA, Brazil, India, Germany, and Indonesia, while the estimated value of stolen credentials is around $5.8 million.

Australian Children’s charity falls victim to cyberattack

Australian children’s charity The Smith Family suffered a cyberattack, with hackers stealing confidential information about donors including their credit card details. While no evidence points to misuse of donor information as yet, similar breaches in recent times have proven early indications to be unreliable. Supporters have been told not to click on unknown links and to check with the Australian Cyber Security Centre (ACSC) for further advice. The incident has been reported to both the ACSC and the Office of the Australian Information Commissioner.

The European Parliament approves legislation to improve the security of critical digital infrastructure in Europe

The European Parliament has approved a set of rules, previously negotiated with the Council, to make the EU’s critical infrastructure more resilient. The legislation covers critical infrastructure sectors, including the digital infrastructure, creating stricter risk assessment rules and reporting for critical actors. In other words, ‘member states should adopt national resilience strategies, and cross-border communication should happen through designated single points of contact in each member state‘.

Karspersky publishes its advanced threat predictions for 2023

Kaspersky Security, a major security firm, has recently published its advanced threat predictions for 2023, identifying email servers and satellites as major cyberattack targets in the year 2023. The report states that 2023 will be characterised by destructive ‘cyberattacks of unprecedented gravity’ against governments, key industry providers, and high-profile civilian infrastructures. Another point of concern is the safety of underwater cables and fiber distribution hubs against physical attacks.

Support for Partnership for Global Infrastructure and Investment Projects reiterated at G20 Summit in Bali

During the 2022 G20 Summit hosted in Bali, Indonesia, the US President Biden, Indonesian President Widodo, and European Commission President Von der Leyen co-hosted a meeting of a group of G20 leaders to ‘demonstrate their shared commitment to deepen engagement under the Partnership for Global Infrastructure and Investment (PGII) to accelerate investment in quality infrastructure in low and middle income countries around the world and strengthen the global economy’. PGII – formally launched at the G7 in June 2022 – aims to support inclusive and sustainable development and benefit the partner countries’ economic security and global supply chains, among other goals.

During the meeting, President Biden announced a series of new projects, including a Trilateral Support for Digital Infrastructure in the Pacific (United States, Australia, and Japan). The project aims at supporting digital projects that will improve access to digital services and strengthen their security in the Pacific region.

African Union Convention on Cyber Security and Personal Data Protection | African Union

The Malabo Convention was drafted in 2011 and adopted in 2014. By March 2022, 14 African Union member sates signed the convention and 13 ratified it.

The Convention provides 34 definitions including those for child pornography, computer data, cryptology, electronic commerce, interconnection of personal data, and personal data, establishing an effective legal framework addressing electronic transactions, personal data protection, cybersecurity and cybercrime.

 

New Somnia ransomware attacks target corporations in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.

As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.

Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.

According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.