After recent Indonesia’s most severe cyberattack, Samuel Abrijani Pangerapan, the director-general for applications and information at the Ministry of Communications and Information Technology, resigned, citing moral responsibility. The attack, which struck more than 280 government agencies, resulted in significant data loss and disrupted essential services ranging from airport operations to scholarship management. The hacker group responsible initially demanded a ransom of $8 million, which the government refused to pay. The hackers later apologised and provided a decryption key to unlock the stolen data.
Despite the decryption key’s release, the recovery process has been challenging. The Ministry of Communications and Information Technology reported that only 2% of the data had been saved by early efforts, with the rest presumed lost. President Joko Widodo responded by ordering an immediate cybersecurity audit and the implementation of robust backup strategies across all national data centres. The goal is to prevent similar incidents in the future, emphasising the need for comprehensive security measures.
Public dissatisfaction has grown in response to the government’s handling of the cyberattack. The attack impacted administrative services and caused significant disruptions at airports in Indonesia, where immigration systems were forced to operate manually due to the cyberattack’s effects on automated processes. The scale of the breach underscored existing vulnerabilities across government data management systems managed by PT Telkom Indonesia, whose subsidiary operated the compromised data centre.
The US auto industry faces challenges in the second quarter as Ford and General Motors report slower sales growth following the cyberattack that disrupted a critical software system used by dealerships nationwide. The outage at CDK in late June impacted over 15,000 retail locations during a crucial selling period, adding to the hurdles already faced by automakers due to supply chain disruptions. Despite hopes for a post-pandemic surge in vehicle demand as more people returned to work, high borrowing costs and economic uncertainties flattened these expectations.
Ford’s quarterly sales saw a modest 1% increase to 536,050 vehicles, a significant slowdown compared to the 10% growth in the previous year. Similarly, Toyota Motor’s local unit and Honda also experienced decelerated sales growth in the second quarter. Analysts anticipate automakers to recover lost sales. CDK reported progress in restoring the dealer management system, with most dealer connections already operational.
Ford attributed its growth in the quarter to the success of hybrid and electric models, with sales of gas-powered vehicles declining by 5%. In comparison, EV and hybrid vehicle sales rose by approximately 61% and 55%, respectively. In June, US new vehicle sales reached around 1.32 million units, translating to a seasonally adjusted annual rate of 15.29 million units per data from Wards Intelligence released on Tuesday.
The recent decision by the US Supreme Court to overturn the long-standing ‘Chevron deference’ doctrine will have significant implications for the Biden administration’s cybersecurity agenda, particularly regarding the protection of critical infrastructure. The ruling shifts the power to interpret and enforce laws related to cybersecurity from executive agencies to Congress and the courts, marking a departure from the previous approach that relied on agency-led initiatives to enhance cybersecurity practices.
One key takeaway from this development is how it has revealed the inadequacies in the cybersecurity practices of critical infrastructure organisations. Despite the rise in cyber threats targeting these entities, many have failed to implement baseline security measures like multifactor authentication, making them vulnerable to attacks. The absence of stringent regulations mandating such practices has exacerbated these organisations’ cybersecurity challenges.
The Biden administration’s strategy of leveraging existing agency rules to bolster cybersecurity measures is now facing a regulatory overhaul. The government must implement a more comprehensive legislative approach to address cybersecurity gaps.
Looking ahead, the repeal of the Chevron deference doctrine is set to usher in a new era of cybersecurity regulation, with a stronger emphasis on congressional involvement in shaping cybersecurity policies. The increased engagement of legislative affairs staffers, lobbyists, and advocates in the regulatory process shows a shift towards a more collaborative and evidence-based approach to cybersecurity governance.
Why does it matter?
As the landscape of cybersecurity regulation evolves in response to this landmark decision, critical infrastructure sectors are expected to face renewed scrutiny regarding their cybersecurity preparedness. The need for robust cybersecurity frameworks and proactive measures to safeguard vital infrastructure assets has never been more pressing. Therefore, the implementation of comprehensive and effective cybersecurity regulations is becoming imperative.
The Fédération Internationale de l’Automobile (FIA), the governing body of auto racing since the 1950s, revealed that attackers managed to access personal data by compromising several FIA email accounts through a phishing attack. Established in 1904 as the Association Internationale des Automobile Clubs Reconnus (AIACR), the FIA is a non-profit international association that oversees various auto racing championships, including Formula 1 and the World Rally Championship (WRC). With 242 member organisations spanning 147 countries across five continents, the FIA also governs the FIA Foundation, which supports and finances road safety research.
To prevent similar incidents in the future, the FIA implemented enhanced security measures and expressed regret for any concerns raised among the affected individuals. Emphasising its commitment to data protection and information security, the FIA continuously evaluates and strengthens its systems to combat evolving cyber threats. However, details such as the breach detection timeline, the extent of personal information accessed, and the nature of the exposed or stolen sensitive data remain undisclosed by the organisation.
According to research conducted by Proofpoint, the volume of mobile political spam ahead of the 2024 election has tripled compared to the 2022 midterms. The study indicates a growing trend among US voters to seek information through digital platforms, which can increase their vulnerability to cybercriminal activities.
With 60% of American adults favouring digital media for news consumption and 86% using smartphones, tablets, or computers, there is a notable reliance on digital channels. Nearly all US voters (97%) have access to mobile messaging services. Despite the widespread trust in mobile messaging, Proofpoint warns that the surge in smishing, impersonation, and unwanted spam messages is nowadays eroding this confidence.
While many voters are cautious about fake news on social media, fewer recognise the significant risks associated with mobile messaging and email impersonation tactics. Notably, incidents of election-related smishing attacks have risen by over 7% in the past nine months compared to the previous period.
The increase in mobile political messaging, commonly used by campaigns and interest groups, has coincided with a rise in malicious activities. For instance, following former President Donald J. Trump’s guilty verdict in his ‘hush money’ trial, there was a notable 240% increase in unwanted political messaging within 48 hours, with reported volumes reaching tens of millions.
Why does it matter?
Proofpoint emphasised the importance of voters proactively defending themselves against impersonation attacks during this election season. They advise voters to be cautious with unsolicited messages, particularly those urging immediate action. The company also called on mobile operators to prioritise the protection of their users. Maintaining a healthy level of scepticism is crucial for all parties involved.
To mitigate the risks associated with malicious mobile messaging, voters are advised to refrain from opening attachments or clicking on links in such messages. Instead, it is recommended that you enter known URLs into web browsers directly. Thoroughly scrutinising all election-related digital communications is essential to verify their authenticity.
Last year, a cyberattack on Infosys McCamish Systems affected over six million customers, as revealed in a new filing with data protection authorities. The breach, first reported in February, was traced back to November 2023, with unauthorised activity occurring between 29 October and 2 November 2023.
The compromised data includes Social Security Numbers, birth dates, medical records, biometric data, email addresses, usernames and passwords, driver’s license or state ID numbers, financial account details, payment card information, passport numbers, tribal ID numbers, and US military ID numbers.
Infosys McCamish Systems, an outsourcing service provider for financial and insurance companies, began notifying affected customers on 27 June, several months after the incident. With the help of third-party eDiscovery experts, the company conducted a thorough review to identify the compromised personal information and its owners.
The company has informed impacted organisations and offers 24 months of credit monitoring to affected individuals, although there has yet to be evidence of stolen information being used fraudulently. The LockBit ransomware group is believed to be behind the attack, which encrypted over 2,000 computers. The stolen data is expected to be used for phishing and identity fraud.
The University Hospital Centre in Zagreb, Croatia, was hit by a cyberattack on 27 June, claimed by the LockBit ransomware group. The attack crippled the hospital’s networks, forcing emergency patients to be redirected to other facilities. Despite the disruption, hospital officials assured that patient safety was never compromised. Over 100 experts worked tirelessly to restore the IT systems, bringing the hospital back online within 24 hours.
LockBit, a Russian-affiliated ransomware group, posted on its dark leak site that it had stolen a large cache of sensitive data from the hospital in Croatia, including medical records and employee information. The hospital has not confirmed the specifics of the stolen data but has involved the authorities, and a criminal investigation is underway. LockBit, operating since 2019, has been linked to over 1,400 attacks globally and continues to evade law enforcement despite setbacks like the FBI and Interpol’s Operation Cronos.
The attack on KBC Zagreb coincided with multiple cyberattacks on Croatian government agencies by another Russian-linked group, NoName057(16). Known for targeting the critical infrastructure of nations supporting Ukraine, NoName denied responsibility for the hospital attack, emphasising their principle of not targeting medical facilities. NoName has been responsible for numerous cyberattacks across Europe, affecting several countries’ banking systems and critical infrastructure.
Wise, a well-known money transfer and fintech company, stated that the personal data of some customers had been compromised in the recent Evolve Bank and Trust data breach. There is uncertainty about the extent of the breach and its impact on third-party companies, their customers, and users, as an increasing number of companies have come forward in recent days to disclose that they have been affected.
In an official statement, Wise states it had worked with Evolve from 2020 to 2023 and shared with the latter USD account details. This personal data included names, addresses, dates of birth, contact information, and Social Security numbers or Employer Identification Numbers. The statement suggests that due to the breach, there is a potential risk that customers’ personal information might be exposed. The extent of the impact on Wise customers remains undisclosed as the company continues its investigation. Yet the company assured that affected Wise customers would be notified via email. Despite the breach at Evolve, Wise assured that their systems remained integral and facilitated customers’ secure access to their accounts.
Evolve highlighted its ongoing efforts to address the cybersecurity incident following the ransomware attack by the LockBit cybercrime group by noting there was limited data loss and minimal operational disruptions due to available backups. Evolve ensured that it would individually notify all persons affected by the breach. Affirm, EarnIn, Marqeta, Melio, and Mercury, among other Evolve partners, are investigating the impact on their customers.
Australia’s Federal Police (AFP) have pressed charges against an Australian man for allegedly carrying out an ‘evil twin’ WiFi attack on multiple domestic flights and airports in Perth, Melbourne, and Adelaide with the aim of stealing email and social media credentials from unsuspecting passengers. The investigation by the police in Australia was initiated following reports from airline staff in April 2024. This led to the seizure of the man’s devices at the airport and discovery of incriminating evidence on them.
In an evil twin WiFi attack, a deceptive wireless access point is set up with the same SSID (WiFi network name) as a legitimate network in the vicinity. For instance, many flights provide in-flight WiFi services that require passengers to connect to the airline’s WiFi network. In this attack, cybercriminals create a fake network with the same name, tricking users into connecting to it. Once connected users are directed to a counterfeit login page or captive portal asking them to enter their login credentials.
The Australian individual apprehended by the AFP reportedly used a portable device to establish free WiFi access points at various locations making users log in using their email or social media accounts. The stolen information could potentially be exploited to gain access to sensitive data, take over social media accounts, extort victims, or sell the data to other cybercriminals. The charges brought against the suspect include unauthorised impairment of electronic communication, possession of data with intent to commit a serious offence, unauthorised access or modification of restricted data, dishonestly obtaining or dealing in personal financial information, and possession of identification information with intent to commit an offence, each carrying significant prison sentences.
While coming across malicious WiFi access points in public spaces is rare, individuals should exercise caution when sharing login credentials on such networks. It is advisable to disable file sharing on untrusted WiFi networks and use a VPN to encrypt internet traffic and safeguard sensitive information. While ‘even twin’ attacks are known in the cybersecurity world, they are not usually encountered outside of controlled environments like hacker conferences or when used by GRU operatives. Apart from a 2018 GRU case, where hackers employed evil twin attacks to surveil the internet traffic of targets from a wide range of organisations, no other incidents of this type have been reported to date.
On 8 June, Kadokawa, a Japanese media conglomerate, reported a data security incident on its website, stating that multiple servers within the Kadokawa Group had become inaccessible. In response, the company promptly shut down the affected systems and investigated to determine the incident’s nature and scope.
The ongoing investigation revealed various services, including Niconico, Kadokawa’s official website, and the e-commerce site ‘ebten,’ were impacted. Kadokawa is also looking into potential information leaks resulting from the incident.
Subsequent updates from Kadokawa confirmed that the disruption was caused by a large-scale cyberattack involving ransomware. Emergency measures were taken, such as shutting down servers and forming a task force to assess the damage, identify the cause, and restore operations. The ransomware attack primarily targeted Niconico’s systems, Japan’s popular video-sharing service, as well as affected the company’s payment system, leading to payment delays for some business partners.
The BlackSuit ransomware group claimed responsibility for the attack on Kadokawa and listed the company as a victim on its data leak site. The group alleges to have stolen over 1.5TB of confidential data and threatened to publish it on 1 July unless ransom demands were met.
Kadokawa acknowledged the hacker group’s claims and stated that they are investigating the possibility of data leakage with external cybersecurity experts. The company reassured stakeholders that no credit card information of customers, including Niconico users, is stored in their systems, ensuring that such data remains secure.
