In October 2022, Amnesty International Canada detected and investigated a sophisticated digital security breach. The organisation announced that, according to forensic experts at the cybersecurity firm Secureworks, the attack was likely orchestrated by ‘a threat group sponsored or tasked by the Chinese state’. The conclusion was based ‘on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups’. China’s embassy in Ottawa denied the allegations.
Cybersecurity
Ransomware attack forces French hospital to transfer patients
A ransomware attack affecting phone and computer systems of the André-Mignot teaching hospital in the suburbs of Paris forced the institution to shut down. While a ransom of an unspecified amount has been demanded, a spokesperson for the hospital had stated that they have no intention of paying it. The attack has caused the hospital to cancel operations and transfer six patients from its neonatal and intensive care units to other health facilities. The attack is currently being investigated by the French National Authority for Security and Defense of Information Systems (ANSSI).
Italian Agency for Cybersecurity warns against Russian cyberattacks against Italian Critical Infrastructure
CSIRT Italia, the Italian Computer Security Incident Response Team, has identified an increase in Distributed Denial of Service (DDoS) against the information infrastructure of key Italian critical infrastructure. Attacks seem to be launched by a group of Russian hackers but have not breached the integrity and confidentiality of information so far.
Microsoft warns of Russian cyber operations during upcoming winter
Microsoft has warned that Russian cyberattacks are likely to continue to target Ukrainian critical infrastructure, and may also target countries and companies that are providing Ukraine with vital supply chains of aid and weaponry. The company also noted that ‘cyber-enabled influence operations’ that target Europe are likely to be conducted in parallel with cyberthreat activity.
Microsoft also announced that its AI for Good Lab has created a Russian Propaganda Index (RPI) ‘to monitor the consumption of news from Russian state-controlled and sponsored news outlets and amplifiers’. Compared to other Western Europe countries, Germans read and watch significantly more Russian propaganda, the AI for Good Lab found.
Switzerland proposes mandatory reporting of cyberattacks against critical infrastructure
The Swiss government has advanced a proposal for legislation that would impose mandatory notification of cyberattacks against critical infrastructures to the National Cybersecurity Center (NCSC). According to the government, ‘successful cyberattacks can have far-reaching consequences for the availability and security of the Swiss economy’; therefore a mandatory reporting scheme would provide a clearer picture of attacks and attackers and better inform cybersecurity measures.
NATO held annual cyber defence exercise
Between 28 November and 2 December 2022, NATO held its Cyber Coalition 2022 cyber defence exercise with the goal of boosting member countries’ cyber resilience.
The exercise involved 1000 cyber defenders from 26 NATO allies, Finland, Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as well as experts from business and academia.
Cyber Coalition 2022 was used to test and validate concepts, capture requirements, or explore disruptive technologies, in support of military operators and commanders. It included experiments on the use of artificial intelligence to help counter cyber threats, on the standardisation of cyber messages to foster information sharing, and on the exploitation of cyber threat intelligence to inform cyberspace situational awareness.
Cybercrime-as-a-service, ransomware still on the rise
Cybercrime-as-a-service is expanding, given its lucrative business model that requires basic technical skills. This is among the key findings highlighted in the 2023 Threat Report issued by cybersecurity company Sophos.
The report also notes that, in addition to the usual malware, scamming and phishing kits, cybercriminals are now selling tools and capabilities that were once reserved for the most skilled and sophisticated attackers. Ransomware-as-a-service has gotten particularly popular among threat actors, leading to a lower entry barrier for would-be criminals. As a mitigation tool, IT managers are looking at Managed Detection and Response (MDR) services to spearhead early detection and interception of attacks.
New guidance note by Council of Europe’s Cybercrime Convention Committee (T-CY) on ransomware
The Council of Europe’s Cybercrime Convention Committee (T-CY) has adopted a guidance note (GN) on ransomware, which outlines how the Budapest Convention and its Second Additional Protocol could be used to criminalise, investigate, and prosecute ransomware-related offences. The GN follows statements from the Convention’s Parties and Observers regarding the surge of major ransomware attacks in recent months.
Belgian police faced with major data leak
The RagnarLocker ransomware has been linked to an incident in which a ransomware organisation began leaking highly sensitive data stolen from a Belgian police force in Antwerp, in what is being characterised as one of the country’s largest breaches.
‘This is a case of human error, and this is how crime reports and fine notices, but also photographs of child abuse have been leaked’, stated Chief Commissioner of Police Zwijndrecht, Marc Snels.
The number of citizens affected by the breach is unknown, but they include victims, perpetrators, witnesses, and those under surveillance, with potentially serious implications if their identities are revealed.
Spoofing services website causing worldwide loss has been taken down
In an internationally coordinated action led by the UK and supported by Europol and Eurojust, 142 suspects have been arrested for allegedly running a website that offered spoofing services. These services allowed cybercriminals to impersonate trusted corporations such as banks, retail companies, and government institutions and then access sensitive information. Evidence shows that the estimated worldwide loss has been more than EUR 115 million. National authorities from the EU, Australia, and Canada supported the investigation. At the same time, Europol’s European Cybercrime Centre (EC3) provided a secure platform and was thus able to identify additional users of spoofing services.