Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT system. Show all posts
SafePay ransomware
Cyber Attacks Cyber Outage Global IT Outage IT system Palo Alto Palo Alto Networks Ransomware attack Ransomwares SafePay ransomware

Ingram Micro Confirms SafePay Ransomware Attack and Global IT System Outage

 

Ingram Micro, one of the world’s largest IT distribution and services companies, has confirmed it was targeted in a ransomware attack by the SafePay group, causing major operational disruptions across its global network. The cyberattack, which began early on July 4, 2025, forced the company to take critical internal systems offline and suspend access to platforms such as its AI-powered Xvantage distribution system and the Impulse license provisioning platform. 

The attack came to light after employees discovered ransom notes on their devices. According to cybersecurity outlet BleepingComputer, the notes were linked to the SafePay ransomware operation—an increasingly active threat actor that has claimed over 220 victims since emerging in late 2024. Although the extent of data encryption remains unclear, sources suggest that the attackers likely accessed Ingram Micro’s network via compromised credentials on the company’s GlobalProtect VPN gateway. Initially, 

Ingram Micro refrained from publicly acknowledging the attack, stating only that it was experiencing “IT issues.” Employees in some regions were instructed to work from home, and the company advised against using the VPN service believed to be involved in the breach. 

On July 6, Ingram Micro officially confirmed the ransomware incident. In a statement, the company said it took immediate steps to secure affected systems, brought in cybersecurity experts to investigate, and notified law enforcement agencies. It also assured customers and partners that it was working urgently to restore operations and minimize further disruption. 

By July 8, the company had made significant progress in recovery. Subscription orders—including renewals and modifications—were once again being processed globally, with additional support for phone and email orders reinstated in key markets such as the UK, Germany, Brazil, India, and China. However, some hardware order functions remain limited. 

Palo Alto Network issued a clarification stating that none of its products were the source of the breach. The company emphasized that attackers likely exploited misconfigurations or stolen credentials, not any inherent flaws in the VPN software. 

This breach highlights the increasing sophistication of ransomware groups like SafePay and the risks faced by large IT infrastructure providers. Ingram Micro’s swift containment and recovery response may help mitigate long-term impacts, but the incident serves as a critical reminder of the importance of proactive cybersecurity measures, especially in environments reliant on remote access technologies.
Read more »
Ransomware
American Water Works Cyber Attacks Data HMI IT system Ransomware

American Water Works faces Cyberattack





American Water Works, the country's largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within the company are not affected. As reported by Bloomberg, the company disclosed to shareholders in a filing with the U.S. Securities and Exchange Commission which forced the company to temporarily suspend billing and limit customer support.

On its website, the American Water Works explained its statement in announcing that certain systems were turned off in an attempt to prevent more damages on its customers' information. Its MyWater online service has been temporarily halted, thus stopping billing processes until the systems can be brought back online. The company assured that water quality is not affected and safe for drinking. Whether the customers' information was accessed remains a determination to be made.

Response to the Incident

The company cannot yet fully assess the impact of the incident but confirms that its water and wastewater operations are unaffected. American Water Works first detected unauthorised activity in its networks on October 3. Upon discovery, the company activated its cybersecurity response protocols and sought the assistance of third-party cybersecurity specialists to help contain and investigate the incident. Law enforcement was notified promptly and are actively involved in ongoing inquiries.

The company's IT teams are scrambling to protect data by isolating some systems that might prevent any possible damage. The exact nature of the attack is still unknown, but such cases of ransomware attacks scare cybersecurity experts, who have noted recent instances in which hackers carried out ransomware attacks. The separation of the IT network from the OT networks by the company, a critical step in cybersecurity for critical infrastructures, may have allowed it to contain the spread of the attack that did not penetrate the core operations.


Cyber Threats Against Water Utilities

The incident is part of a worrying trend of cyberattacks on water utilities. Just two weeks back, a Kansas water utility fell under similar attacks, reviving the renewed debate on protection of critical services. According to a report by Cyble, a cybersecurity firm, groups such as Russia-linked People's Cyber Army are increasingly threatening the water sector through cyber attacks. The report has identified significant vulnerabilities and pointed out that many US water utilities are using outdated systems and those lacking in their cybersecurity practices.

Notably, a similar alarm is sounded by the latest GAO report against the Environmental Protection Agency, which presses for better cybersecurity requirements in water utility providers. A review of the water utilities through inspections reported that almost 70% of them don't comply with basic cybersecurity guidelines, which puts it at the risk of a potential disruption in its operations or even contamination. Cyble's research calls out for contemporary security measures such as network segmentation and strengthening of controls over control systems, among others.


Experts recommend network segmentation for water utilities to separate IT from OT systems; also HMIs that can lock down their monitoring systems. As more and more water utilities bring their systems onto the internet, the chance of cyber threats increases continually. Even as American Water Works works through its recent cyber incident, pressure is growing throughout the industry to harden its defences and protect critical infrastructure in a manner that ultimately protects public health.

Recently, the American Water Works was attacked via a cyber attack that portrays a need for stronger cybersecurity practices in the water industry. As attacks increase in terms of frequency and complexity, companies must implement strong security measures to protect the essentials and assure the public regarding the safety of delivering water.


Read more »
Software
CrowdStrike Cyber Security Global Airlines IT system Microsoft 365 Software

Global IT Outage Disrupts Airlines, Hospitals, and Financial Institutions

 



A major IT outage has affected a wide array of global institutions, including hospitals, major banks, media outlets, and airlines. The disruption has hindered their ability to offer services, causing widespread inconvenience and operational challenges.

International airports across India, Hong Kong, the UK, and the US have reported significant issues, with numerous airlines grounding flights and experiencing delays. In the US, major airlines such as United, Delta, and American Airlines implemented a "global ground stop" on all flights, while Australian carriers Virgin and Jetstar faced delays and cancellations. According to aviation analytics firm Cirium, over 1,000 flights worldwide have been cancelled due to the outages.

At Indira Gandhi International Airport in Delhi, passengers experienced "absolute chaos," with manual processes replacing automated systems. Similar situations were reported in airports in Tokyo, Berlin, Prague, and Zurich, where operations were significantly hampered.

Emergency services and hospitals have also been severely impacted. In the US state of Alaska, officials warned that the 911 system might be unavailable, and some hospitals have had to cancel surgeries. In Australia, however, authorities confirmed that triple-0 call centres were unaffected.

Hospitals in Germany and Israel reported service disruptions, while GP services in the UK were also affected. These interruptions have raised concerns about the ability of medical facilities to provide timely care.

The media sector did not escape the impact, with many broadcast networks in Australia experiencing on-air difficulties. Sky News UK went off air for a period but has since resumed broadcasting. Retail operations were also disrupted, with supermarkets like Coles in Australia facing payment system failures, forcing the closure of self-checkout tills.

Cybersecurity firm CrowdStrike has confirmed that a defective software update for its Microsoft Windows hosts caused the outage. In a statement, CrowdStrike assured that the issue had been identified, isolated, and a fix deployed, emphasising that the incident was not a cyberattack. They advised organisations to communicate with CrowdStrike representatives through official channels to ensure proper coordination.

Earlier in the day, a Microsoft 365 service update had noted an issue impacting users' ability to access various Microsoft 365 apps and services. Microsoft later reported that most services were restored within a few hours.

The outage has highlighted the vulnerabilities of global IT systems and the widespread reliance on third-party software. A spokesperson for Australia's home affairs ministry attributed the issues to a technical problem with a third-party software platform used by the affected companies. The country's cybersecurity watchdog confirmed that there was no evidence of a malicious attack.

As companies scramble to resolve the issues, the incident serves as a stark reminder of the critical need for robust IT infrastructure and effective crisis management strategies. The global scale of the disruption underscores the interconnected nature of modern technology and the potential for widespread impact when systems fail.

This incident will likely prompt a reevaluation of cybersecurity measures and disaster recovery plans across various sectors, emphasising the importance of resilience and preparedness in the digital age.


Read more »
IT system
Crown Employee Cyber Attacks CyberCrime Cybersecurity CyberThreat Forklift IT system

Cyberattack Cripples Forklift Giant Crown Equipment's Production

 


In a recent report to the company's employees, Ohio-based Crown Equipment, which is one of the world's largest industrial and forklift truck manufacturers, confirmed that it had been attacked by a cybercriminal organization. After a cyberattack, the company has had to shut down its operating systems due to a cyberattack on one of its biggest forklift manufacturing companies. The Crown Equipment Group reported a cyberattack on Wednesday and is investigating the incident, announcing that the attack was the result of a successful social engineering attack against an unidentified “international cybercriminal organization. 

There have been suspicions at BornCity that this attack was the result of a social engineering attack against a Crown employee. However, no further details were provided regarding the nature of the incident by the company, except the fact that it was perpetrated by an international cybercriminal organization, leading some to believe the firm might have been the victim of a ransomware attack. As part of the investigation into the cyberattack, the Federal Bureau of Investigation has also been engaged. 

In addition to the incident catching the attention of the Information Technology (IT) community, Chief Executive Officer Bryan Hornung of Xact IT and Cybersecurity has been involved in the attack as well. Since he started Xact IT and Cybersecurity twenty years ago, Hornung has spent twenty-five years in the industry. One of the largest forklift manufacturers in the world, Crown employs 19,600 people across 24 production plants situated in 14 locations around the world. Crown is a company with more than 20 years of experience.  

Approximately six days ago, Crown employees started reporting that the company had been compromised and that all IT systems had been shut down. Employees were advised that they should not accept MFA requests or be wary of phishing emails and to stop accepting MFA requests. The company has been experiencing problems with its IT systems, causing employees to not be able to clock in their hours, access service manuals, or, in some cases, deliver machinery. Initially, employees were told that if they wanted to get paid for those days they missed, they would have to file for unemployment or use their banked paid time off (PTO) and vacation days. 

In an attempt to rectify this, BleepingComputer was informed that employees would be given their regular salaries in advance as a way of making up for the unused hours. Earlier today, Crown was forced to publicly confirm its involvement in the cyberattack for the first time, saying that its ongoing security measures had a direct impact on limiting the damage caused by the cyberattack. According to the company, it is still working on recovering from the disruption caused by the attack and is still making progress towards returning to normal business operations. 

Additionally, Crown is working closely with its customers to reduce the impact of the incident on their businesses," according to a statement released by the company. While manufacturing continues to be disrupted, the company is slowly resuming operations. However, systems are gradually coming online again. As of right now, Crown has not been able to provide any information on what type of cyberattack they suffered, but they have acknowledged that the incident was likely caused by an "international cybercriminal organization," which would indicate that the company was targeted by ransomware. 

There are unfortunately several dangers associated with the use of ransomware in the computing industry, one of which is that it can also expose corporate data as a result of the cyber attack if it is not paid a ransom. The company has not acknowledged reports of a ransomware attack. But rumours have it that it was caused by ransomware. In the end, it remains to be seen exactly the extent of the compromise: it is possible that it was limited, and that the disruption was mainly caused by Crown's quick response to cut off the network before the malware had a chance to infect the system. 

As an alternative explanation, one may also be able to attribute the long recovery time to the fact that systems have been cleaned before re-installing them and that the backups are not encrypted, rather than having been encrypted from the start. While this is going on, it's quite evident that the reputation of the company with its employees has been damaged, since the employees have been left hanging for days without any or an inadequate explanation as to what exactly their paychecks would look like in consequence of this downtime. In addition to the manufacturing stoppage having an impact on the company's profits, it will also have an impact on businesses that are dependent on Crown becoming fully operational to do their work daily.
Read more »
Technology
Credit Report CyberCrime Data Breachs Federal Trade Commission FTC Gulf Coast Health System HHS IT system Ransomware Rhysida Singing River SSN Technology

Singing River Health System Suffers Major Data Breach, 895,000 Impacted

 


A ransomware attack that took place in August 2023 is now estimated to have affected 895,204 people within the Singing River Health System. The Singing River Health System operates three hospitals in Mississippi, one in Pascagoula, one in Ocean Springs, and one in Gulfport, which collectively provide over 700 beds to its patients. It is one of the largest healthcare providers in Mississippi. It employs a total of 3,500 people, and it also operates two hospices, four pharmacies, six imaging centres, ten speciality centres, and twelve medical clinics throughout the Gulf Coast region. 

The impacted hospitals were experiencing major IT system outages for several services, including laboratory testing and radiology testing. At the time, Singing River said it was working to process all paper-ordered lab tests and radiology exams as quickly as possible, depending on the priority of the exam. It was revealed by the healthcare organization on September 13, 2023, that a data breach had taken place, and in December 2023 the organization announced that 252,890 individuals were affected by the incident. 

According to a new update shared by the Maine Attorney General, the company reported that 895,204 people were affected by the incident. An August 31, 2023, disclosure from the healthcare system was the first time it reported the breach. As of the time of this writing, the US Department of Health and Human Services (HHS) Office for Civil Rights has been informed of the breach as impacting at least 501 individuals. 

The number will be determined once internal and external investigations have been completed. It has been confirmed that the data exposed to the public is a combination of full names, dates of birth, physical addresses, Social Security Numbers (SSNs), medical information, and health information, according to the latest information in the data breach report and on the organization's website. Singing River assured everyone that despite these issues, they have yet to find evidence that the threat actors were using the data to commit identity fraud or theft. 

It is also worth noting that the company also offers two-year credit monitoring services and identity restoration services to those who may be affected by this. A ransomware group known as Rhysida has been reported as responsible for the attack, making it one of the most serious cybercriminals groups targeting healthcare providers. Approximately 80% of the data that the threat actors claim to have gained from the Singing River has been exposed thus far, which includes 420,766 files totalling 754 GB in size, which comes with a catalogue of 420,766 files that they claim have gained from the Singing River. 

Threat actors will no doubt take advantage of these opportunities to generate other illicit activities, such as phishing if the stolen data includes details that can provide additional information. Due to this, recipients of the free identity restoration and monitoring services provided by the Federal Trade Commission are recommended to immediately apply for them to avoid becoming victims of such campaigns. 

A ransomware gang known as Rhysida was responsible for the attack, as well as other healthcare systems including Prospect Medical Holdings and Lurie Children's Hospital. According to the Health Sector Cybersecurity Coordination Center at HHS, the group has targeted educational institutions, the manufacturing industry, as well as the Chilean army in the past, as well as numerous other institutions.   
The IDX recommendation is that impacted individuals enrol in IDX's services as soon as possible, act with caution when responding to unsolicited communications, monitor all accounts for suspicious activity, and consider placing a security freeze on their credit reports to protect themselves. Threat actors are becoming increasingly attracted to the healthcare sector due to its data holdings and the importance of these data for a community or country, thus making it a highly attractive target for data breach attacks. 

In a cyberattack that occurred last week, DocGo, a provider of mobile medical services, was compromised. For individuals who have been impacted by the SRHS, IDX identity theft protection is offering a free twelve months of credit monitoring services provided by IDX for twenty-four hours a day. Moreover, the company offers guidance on how to prevent identity theft and fraud, which includes steps to report suspicious incidences, as well as placing fraud alerts or security freezes on the credit record to protect the information. 

As well as that, they will be providing information on how users can protect themselves from tax fraud, how to contact consumer reporting agencies, and how to get a free credit report. A report by the Singing River Health System has reviewed the account statements of individuals impacted by the breach and recommended that they monitor their credit reports and account statements closely. 

In the wake of a recent ransomware attack on the Singing River Health System, which resulted in the theft of data belonging to 895,000 individuals, authorities are urging affected persons to take immediate action. It is strongly recommended that anyone who suspects they may be a victim of identity theft or fraud report these incidents to the appropriate authorities without delay. 

Key organizations to contact include the Federal Trade Commission (FTC), which handles consumer complaints and can guide users in protecting their identity. Additionally, individuals should reach out to their state's Attorney General's office, which often has resources and support for victims of identity theft. Reporting the incident to local law enforcement is also crucial, as it helps authorities track and investigate such crimes. By taking these steps, individuals can not only protect themselves from further harm but also assist in the broader effort to combat cybercrime and bring those responsible to justice.
Read more »
Patient Data
Cybersecurity Data Breach Data Safety data security Hacker attack Healthcare Breach IT system Patient Data

DocGo Confirms Cyberattack: Patient Health Data Breach

 

In a recent turn of events, DocGo, a prominent mobile medical care firm providing healthcare services across the United States and the United Kingdom, has fallen victim to a cyberattack. The breach, confirmed by the company in a filing with the U.S. Securities and Exchange Commission (SEC), has raised concerns about the security of patient health data and the impact on DocGo's operations. 

Here's what we know so far: According to the SEC filing, DocGo discovered unauthorized activity within its systems and promptly initiated an investigation with the assistance of third-party cybersecurity experts. While the company has not disclosed the specific nature of the cyberattack, it is common practice for organizations to shut down affected IT systems to prevent further compromise. 

As part of their investigation, DocGo determined that the hackers gained access to a "limited number of healthcare records" belonging to the company's U.S.-based ambulance transportation business. This breach has raised serious concerns about the security of patient health information and the potential impact on individuals affected by the attack. In response to the breach, DocGo is actively reaching out to individuals whose data may have been compromised. The company assures that no other business units have been affected, and they have not found evidence of continued unauthorized access. 

Despite the breach, DocGo believes that the incident will not have a significant impact on its operations and finances. One of the key concerns following a cyberattack of this nature is the possibility of ransomware involvement. If the attackers deployed ransomware and a ransom demand is not met, there is a risk that the stolen data could be used as leverage for future extortion attempts against DocGo. However, as of now, no threat actors have claimed responsibility for the breach. The breach at DocGo underscores the importance of robust cybersecurity measures in protecting sensitive medical data. 

Healthcare organizations must remain vigilant against evolving cyber threats and prioritize the security of patient information. Additionally, swift and transparent communication with affected individuals is crucial in mitigating the potential impact of a data breach. As the investigation into the cyberattack continues, DocGo is likely to implement additional security measures to prevent future incidents and safeguard patient health data. 

However, the full extent of the breach and its implications for affected individuals remain to be seen. The cyberattack on DocGo serves as a stark reminder of the persistent threat posed by cybercriminals to organizations across all sectors, including healthcare. It highlights the need for continuous monitoring, robust cybersecurity protocols, and proactive response strategies to mitigate the risks associated with data breaches
Read more »
VF Crop
Breach Unveils Cyberattacks CyberCrime Cyberhackers Cybersecurity Data Breach Data Disaster IT system Ransomware VF Crop

Data Disaster: 35M Customers in Peril as VF's Breach Unveils

 


With its 13 brands, VF Corporation is one of the largest global apparel and footwear companies in the world. They own JanSport, Dickies, Eastpak, Timberland, Smartwool, Vans, The North Face, and The North Face brands that accounted for 55% of the backpack market in 2015. It has been reported that VF Corp has been the victim of a ransomware attack in December 2023. 

As a result of the ransomware attack, some of the company's systems were taken out of operation and were forced to contain the threat. There has been a cyber attack on VF Corp's customer data, reported TechCrunch. VF Corp, the parent company of popular brands like Vans, Supreme, and The North Face, claims it stole data from 35.5 million customers in a December attack, according to a regulatory filing. Nevertheless, the company has not provided any information on what type of personal information was compromised. 

Even though the report says that the filing does not explicitly state what personal information was stolen, the company stated that, for its consumer businesses, it does not retain Social Security numbers, bank account information, or credit card numbers. 

A Denver, Colorado-based company, VF Corp, reported its data breach to regulators on Thursday and did not have any evidence that hackers had stolen customer passwords. The Denver-based company did not have any evidence that the hackers had stolen customer passwords. There is no specific information in the filing about what kind of personal data was taken, or if the company has yet been aware of what has been stolen. 

The VF Corp spokesperson did not respond to TechCrunch's email requesting additional information. In addition to the fact that VF Corp does not collect any information about a consumer's Social Security number, bank account number, or credit card, nor does it have any evidence that hackers have stolen any of the company's customer passwords, the company says it does not maintain this information. 

Social Security number and financial information are not stored by VF Corp in its systems, according to the company. Furthermore, VF Corp says that it has not found any evidence that customer passwords have been stolen. As a result of the shutdown of certain systems, VF encountered disruptions in its operations. 

As a result of the incident, retail stores were interrupted in replenishing inventory and orders were delayed. Several and varied issues have resulted in cancellations of orders on the part of customers and consumers, reduced demand on e-commerce sites of some brands, and delayed shipments of some wholesale products. 

The company has managed to restore all of the impacted systems, although minor issues are still being encountered. A VF spokesperson said on Thursday that the company has not disclosed what information was stolen from its IT systems, but it did indicate certain data that was not stolen and that it is still investigating. 

In addition, there has been no evidence to suggest that the company has stolen the passwords of its customers and that Social Security numbers, bank account details, or credit card numbers are stored in its computer system. 

VF, as a co-founder and chief innovation officer for CyberSaint, is providing a certain level of assurance to the SEC and their investors that the 35 million records were not tampered with with highly sensitive [personally identifiable information] PII. Padraic O'Reilly, co-founder and chief innovation officer for CyberSaint, explained that what was not taken. 

According to his view, based on this information, we can presume that consumer names, addresses, demographic information, and information regarding their purchases may be included in the investigation. 8-Ks are usually released in stages as investigations progress, so stay tuned in this situation.
Read more »
United Kingdom
Cyber Security IT system NCSC security measures United Kingdom

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.
Read more »
United Kingdom
Cyber Attacks IT system Nation-State Attacks United Kingdom

Attack on UK's Defence Academy Compelled a Rebuild of the IT System

 

According to a former senior officer, a probable nation-state attack on the UK's primary defense training facility last year compelled the academy to replace its IT infrastructure. Air Marshal Edward Stringer recently retired as the director-general of joint force development and the UK Defence Academy. 

Every year, the academy teaches roughly 30,000 UK armed forces personnel, as well as civil officials and military personnel from foreign countries. However, it was caught off guard by a cyber-attack in March of last year, which had "significant" operational ramifications, according to Stringer. 

IT team had to find backup ways to use regular internet, etc, to keep the courses running, which they did - but not as smoothly as before, to be fair, added Stringer.

He claimed he didn't know whether the hackers were criminals or a hostile state, but his main concern was whether the hackers sought to use the Defence Academy as a "backdoor" into much more secret portions of the MOD's IT systems. When asked if the cyberspies were effective, Air Marshal Stringer replied, "No, I was quite confident, that there hadn't been any other breaches beyond the Defence Academy." 

Despite the fact that no important information is believed to have been stolen, teaching was disrupted when courses were shifted online owing to the pandemic. “It doesn’t look like a violent attack, but there were costs. There were costs to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” Stringer said. “What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are no bodies in the streets, but there’s still been some damage done.” 

The MOD's digital branch launched an inquiry into the cyber-attack, but no findings - such as who was behind it - have been made public. The incident was also reported to the National Cyber Security Centre, a part of GCHQ. 

That rebuilding looks to be ongoing, with a note on the present Defence Academy website stating: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.” 

Serco, an outsourcing contractor, is purportedly in charge of the academy's IT systems, including website maintenance. While China, Russia, and other adversaries would surely have been motivated to undertake an attack, Stringer stopped short of attributing it to state-sponsored operatives.
Read more »
Vestas
Cyber Attacks Data Compromise IT system Security Vestas

Vestas Shuts IT Systems in Response to Cyber Security Incident

 

Vestas Wind Systems, a global leader in wind turbine manufacture, has shut down its IT systems after a cyberattack. 

Vestas is a prominent North American wind turbine producer, installer, and service provider, with 40,000 MW installed and 36,000+ MW in under service in the United States and Canada. 

The company stated that on Friday, November 19th, they were attacked, compelling them to shut down IT systems across numerous business divisions and locations in order to prevent the attack from spreading. Customers, staff, and other stakeholders may be impacted as a result of the interruption, and some Vestas facilities have been compelled to reduce output. 

Vestas stated it's still trying to restore the integrity of its IT systems in a blog post published on the company's website, but it doesn't have a timeline for doing so. Vestas also admitted that some data had been breached, implying that the hackers had been able to steal data from the hacked systems. 

Vesta disclosed in a new statement, "The company's preliminary findings indicate that the incident has impacted parts of Vestas' internal IT infrastructure and that data has been compromised. At this stage, the work and investigation are still ongoing." 

The corporation also stated that the impact on manufacturing, construction, and service has been limited. While Vestas hasn't specified what kind of hack they were hit with, the description seems like a ransomware attack. 

The firm has been contacted by BleepingComputer for further information regarding the event and whether the hackers are seeking a ransom, but they are yet to get a response. 

Rising attacks on critical infrastructure 

Vestas employs 25,000 people and has production sites in 16 countries, with a revenue of over a billion USD each year. As countries accelerate the adoption of pollution-reduction policies and roll out renewable energy investment programs, Vestas has a crucial role in fulfilling such services. 

As a result, interrupting the manufacturing, installation, and maintenance processes might have a severe impact on regions that rely on wind turbines for power. Vestas was already dealing with supply chain challenges and rising material prices, so this cyberattack comes at an especially inconvenient moment. 

As ransomware gangs ramp up their operations in search of higher payments, critical infrastructure has become increasingly vulnerable to cyberattacks. Ireland's Health Service Executive, meat manufacturer JBS, and US gasoline pipeline Colonial Pipeline have all been targets of previous attacks on key infrastructure.
Read more »
Tech Companies
BlackMatter Cyber Attacks IT system Medical Sector Ransom Notes Ransomware Tech Companies

Olympus Suffers Second Cyberattack in 2021

 

Olympus, a Japanese tech giant, disclosed that it was hit by a cyberattack that forced it to take down its IT systems in the United States, Canada, and Latin America. 

Olympus is a company founded in 1919 being a technology leader in the medical sector that develops cutting-edge opto-digital products, life science, and consumer electronics products. On October 12, Olympus announced on its website that it is investigating a potential cybersecurity incident discovered on October 10 and currently working with the utmost priority to fix this issue.  

The company stated, "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue." 

"As part of the investigation and containment, we have suspended affected systems and have informed the relevant external partners. The current results of our investigation indicate the incident was contained to the Americas with no known impact to other regions." 

The firm did not state whether or not the customer or corporate data was obtained or stolen as a result of the "potential cybersecurity incident," but added that it would share updated information on the assault as soon as it becomes available. 

Olympus added, "We are working with appropriate third parties on this situation and will continue to take all necessary measures to serve our customers and business partners in a secure way. Protecting our customers and partners and maintaining their trust in us is our highest priority." 

According to an Olympus spokesman, the firm discovered no indication of data loss during an ongoing investigation into this occurrence. 

This incident comes after the ransomware assault on Olympus' EMEA (Europe, Middle East, and Africa) IT infrastructure in early September. Although Olympus did not disclose the identities of the attackers, ransom notes discovered on damaged computers showed that BlackMatter ransomware operators orchestrated the attack. 

The identical ransom notes directed victims to a Tor website previously used by the BlackMatter group to connect with its victims. Although Olympus did not provide many specifics about the nature of the attack that impacted its Americas IT systems, ransomware groups are notorious for carrying out their operations on weekends and holidays in order to minimize detection. 

In an August joint alert, the FBI and CISA stated that they had "observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021."
Read more »
USA
Cyber Attacks Healthcare IT system OSF Healthcare Outage USA

Cyber Attacker had Prior Access to the IT Systems of OSF Healthcare Before Outage

 

The Journal Star reported that OSF HealthCare's computer systems were back up on April 25 following a two-day outage that forced the Peoria, Ill.-based health institution to implement downtime processes and policies. The outage occurred around 3:45 a.m. on April 23, as per the report. 

OSF HealthCare, based in Peoria, Ill.- started informing patients on October 1 that their personal health information had been exposed for more than six weeks as a result of a cyberattack on its IT systems earlier this year. At numerous OSF HealthCare hospitals and sites, the computer systems included patient information and records.

OSF HealthCare is a non-profit Catholic healthcare organization based in Illinois and Michigan that administers a medical group, hospital system, and other healthcare facilities. OSF HealthCare is owned and run by the Sisters of the Third Order of St. Francis and is headquartered in Peoria, Illinois. 

"During the outage, downtime procedures and protocols were closely followed, which included rescheduling some appointments and procedures," an OSF HealthCare spokesperson informed. "Patient safety is at the forefront of everything we do, and any decision to delay an appointment or procedure was made with safety in mind." 

OSF HealthCare announced on its website on Oct. 1 that the outage was caused by a data security problem. After conducting an investigation, the health system learned that an unauthorized entity obtained access to its networks from March 7 to April 23. The hacker gained access to various files relating to OSF Little Company of Mary and OSF Saint Paul patients. 

The compromised data include personally identifiable information, name, birthdates, Social Security numbers, treatment information, medication information, and health insurance information. As per the warning, financial information from a "smaller subset of patients" was also compromised. 

Patients whose Social Security numbers or driver's license information were disclosed will receive free credit and identity monitoring services from the health system. OSF HealthCare further stated that new precautions and technical security procedures have been adopted to safeguard its network infrastructure. 

OSF HealthCare operates 14 hospitals and a variety of other institutions throughout Illinois and Michigan. All institutions and facilities continued to operate and also admitted new patients during the April outage.
Read more »
Singapore
Cyber Attacks Exposed Patient Records IT system MOH Ransomware attack Singapore

73,500 Patients Data was Compromised in a Ransomware Attack on a Singapore Eye Clinic

 

The personal data and clinical information of roughly 73,500 patients of a private eye clinic were hit by a ransomware attack earlier this month, the third such occurrence in a month. Names, addresses, identity card numbers, contact information, and clinical information such as patients' clinical notes and eye scans were among the data, according to Eye & Retina Surgeons (ERS) on Wednesday. 

The clinic, however, stated that no ransom has been paid and that no credit card or bank account information has been obtained or compromised. The compromised IT systems at the clinic are not connected to the ministry's IT systems, such as the National Electronic Health Record, and there have been no similar cyber-attacks on MOH's IT systems, according to the Ministry of Health. 

The ministry also requested ERS to look into the issue, conduct a thorough evaluation of its systems, and collaborate with the Cyber Security Agency (CSA) to "take prompt mitigation efforts to enhance its cyber defences."

"Following this incident, MOH will be reminding all its licensed healthcare institutions to remain vigilant, strengthen their cybersecurity posture, and ensure the security and integrity of their IT assets, systems, and patient data. It is only through the disciplined maintenance of a safe and secure data and IT system that healthcare professionals will be able to deliver accurate and appropriate care, and uphold patient safety," the MOH said. 

The clinic's IT system has recently been restored "securely," with IT experts performing "thorough" system checks, reformatting servers, and running anti-virus scans on all computer terminals. The ERS stated that it had taken steps to avoid the situation from happening again. It is currently telling patients about the cyber-attack. 

Following the ERS ransomware incident, identical problems occurred at insurer Tokio Marine Insurance Singapore and IT firm Pine Labs. According to a recent study from Singapore's Cyber Security Agency (CSA), there were 89 ransomware cases reported to the agency last year, up from 35 cases in 2019. The assaults mostly targeted small and medium-sized businesses in the manufacturing, retail, and healthcare sectors. 

To encourage all licensed healthcare providers to set up and continually assess their security protections, impose new measures, and apply best practices to secure their IT systems and endpoints, the MOH issued the Healthcare Cybersecurity Essentials guidelines in August.
Read more »
Ransomware
Canada Cyber Attacks IT system Montreal Network Security Ransomware

Following a Ransomware Cyberattack, D-BOX Stated it is Gradually Restarting Operations

 

After a ransomware cyberattack on its internal information-technology systems, D-BOX Technologies Inc. says it is progressively resuming operations, with restoration work likely to be completed in the coming weeks. Production was never entirely disrupted by the cyberattack, according to the Montreal-based entertainment company, and rehabilitation of its different internal IT systems has begun. 

D-BOX creates and redefines realistic, immersive entertainment experiences by using elements such as motion, vibration, and texture to move the body and stimulate the imagination. D-BOX has partnered with some of the world's most innovative firms to provide new ways to improve amazing stories. 

The company has postponed the release of its interim financial statements and analysis for the three months ending June 30. The incident had a limited impact on internal systems, and services to studios and theatre operators were unaffected, according to the statement. The company expects a 40% increase in revenue in the first quarter, reaching roughly 3.1 million Canadian dollars ($2.5 million). It stated that its management was attempting to file the financial report as quickly as possible, but that a delay of two to four weeks was probable. 

Analysis suggests that the systems of its clients were neither hacked nor impacted during the cyberattack, according to a report by an external firm specializing in cyber incidents. As a result of the incident, D-BOX does not expect any security patches to its services or software updates to be necessary for its partners. In addition, as a precaution, the company has provided all of its employees and directors a 12-month subscription to Equifax's identity theft and fraud protection service. 

“Security is a top priority and D-BOX is committed to continuing to take all appropriate measures to ensure the highest integrity of all our systems,” said Sebastien Mailhot, President, and CEO of D-BOX. “I’m proud of the efforts of our IT team and external advisors, as they mitigated the attack and accomplished an enormous amount of work in order to resume activities. D-BOX is committed to continuing to communicate directly with all of its clients and partners, whom we thank for their patience as we resolve this situation. The Corporation believes that the financial impact of this cyberattack on the results should be negligible.”
Read more »
USA
Australia cyber attack IT networks hacked IT system JBS USA

World’s Biggest Meat Supplier JBS Suffered a Cyber Attack

 

An advanced cyber attack was carried out at the largest meat processing enterprise in the world. 

JBS, the largest beef supplier in the world, stated that its systems returned online late on Tuesday, following a severe cyberattack that took down certain activities of the USA and Australia. 

The attack damaged servers in North America and Australia that were supporting their IT systems, the corporation said in a press release. 

"The company is not aware of any evidence at this time that any customer, supplier, or employee data has been compromised or misused as a result of the situation," JBS said. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers." 

JBS USA, the food giant, is part of JBS Foods. According to its website, it operates in 15 countries and has clients in around 100 nations. Pilgrim's, Great Southern, and Aberdeen Black are among its brands. JBS said that it is working with an incident response company to restore its systems as quickly as possible. 

During a press conference on Tuesday, the White House acknowledged the attack. Principal Deputy Secretary of Press, Karine Jean-Pierre, briefed reporters that JBS has been a victim of a ransomware attack "from a criminal organization likely based in Russia." The FBI investigates the attack, the White House confirms. 

President Biden has also instructed his government, to assess the impact on the supplies of beef in the country that may be mitigated, alongside the United States Dollars. 

According to Union officials, JBS stopped slaughtering cattle in every U.S. plant on Tuesday. The incident on Monday brought Australian activities to a halt. JBS controls approximately 20% of the US livestock slaughter capability with North American operations based in Greeley, Colorado. 

Australia's Agriculture, Drought, and Emergency Management Minister David Littleproud tweeted regarding the JBS cyber-attack on Tuesday, stating that the company works tightly with law enforcement authorities and in Australia and abroad, to get operational activities back and forth and "to bring those responsible to account." 

The attack happened a few weeks after a cyberattack that prompted a six-day shutdown from one of the largest gas pipelines in the United States: Colonial Pipeline. Since then, the pipeline has returned to normal working. 

"If the Colonial Pipeline cyberattack didn't impact enough consumers to spur response by the international community, the JBS meat supplier incident likely will," Meg King, the director of the science and technology innovation program at The Wilson Center, told CNN Business. "Now is the time for a global agreement to break the business model of ransomware," she added. 

However, "The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," Jean-Pierre said. 

In the past, the US government has suggested that firms do not compensate offenders for ransomware attacks if they encourage such hacking in the future.
Read more »
User Security
cyber attack IT system User Data User Privacy User Security

Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach

Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached its company's systems. Short for Lactalis group, the company has around 85,000 employees working throughout 81 countries, with dairy exports to more than 100 countries across the globe. 

Lactalis group also owns few top global brands which include Galbani, Lactel, Parmalat, Santal, and Président.  In a press release issued last Friday, the company said that merely a few computers in the network were affected in the attack. Lactalis had identified malicious access in its computer network, upon finding the intrusion, the company immediately contained the attack and informed the investigative agencies later. 

Further investigations revealed that a third party tried breaking into the company networks.  Luckily, there was no data breach, says Lactalis after an ongoing investigation that confirmed the incident. The press release reads, "The Lactalis Group has detected an intrusion on part of its computer network. We immediately took steps to contain this attack and have notified the competent authorities. The results of our investigations establish that a malicious third party is seeking to break into our servers.  For the sake of transparency, we are making public this information. Our IT teams are fully mobilized and supported by experts recognized in cybersecurity. Our investigation with them revealed no data breach at this point." 

The company has currently taken down its IT systems across all the company websites that were affected by the attack. The company further adds, "Lactalis teams are working to protect the interests of our customers, our partners, and our employees. This is why we have restricted, at our initiative to as a preventive measure, our access to the public internet network." As of now, Lactalis says that it didn't suffer any data breach during the attack, however, in most cases, threat actors usually steal personal information and data when spreading throughout a breached network. Attacks like these often lead to extortion and threat actors may expose information on data leak sites if the party fails to pay the ransom.
Read more »
Parliament
Cyber Attacks Finland Hackers IT system Parliament

Finland MP’s Faces Dire Cyber Intrusion

 

The parliament of Finland verified on Monday that some hackers had procured entry into the internal IT system of Finland and have also retrieved some personal as well as confidential information by accessing into the email accounts of some of the Member of the Parliament (MPs).

In a statement the government officials confirmed that the incident took place in the autumn season of 2020 and was turned up in the month of December by the IT staff of the Parliament after they felt that something suspicious is happening. This occurrence is being investigated under the examination of the Finnish Central Criminal Police (KRP) .

Although the Crime Commissioner Tero Muurman in an official statement said that “The act is not accidental”, on the other hand the police in investigation are not unveiling any detail about the case. Instead they quoted that they are investigating the security breach as a “suspected gross hacking and espionage” incident. Though after flicking through all the recorded statement one thing is clear that the intrusion did no harm to the internal IT System of the Parliament.

 “At this stage , one alternative is that unknown factors have been able to obtain Information through the hacking, either for the benefit of a foreign state or to harm Finland” , Muurman further added. The larceny of the hackers has affected a lot of individuals of the country though obviously the number is unsure. 

The thing that requires the maximal gravity here is that, during the same time, in the fall, some Russian hackers have also accessed the emails of various Parliamentary personnel and representative of Norway to acquire some information. Both the hacks were quite indistinguishable in nature and can be thought to be linked as well. 

The officials in command stated, “This case is exceptional in Finland serious due to the quality of the target and unfortunate for the victims”. Proffering a sense of placidity to the victims the KRP Tero Muurman also made a statement claiming that “International cooperation has taken place in the investigation” and the drudges would be behind the bars for the felony. 
Read more »
Subscribe to: Posts (Atom)