placeholder
Ransomware attack forces London hospitals to cancel operations
Several of London’s largest hospitals were forced to cancel operations and declare critical incident emergency status after Synnovis, a third-party provider, experienced a ransomware attack. A spokesperson for the region said the attack left multiple hospitals without access to pathology services, with “blood transfusion being particularly affected.” According to The Register, all of Synnovis’s IT systems are believed to be impacted, and as of this recording, there is no timeline for when operations are expected to be back online.
(Infosecurity Magazine), (The Register), (The Record)
Christie’s stolen data sold to highest bidder
Going once, going twice, Christie’s stolen data has been sold. The world-renowned auction house fell victim to a second ransomware attack this year in early May, resulting in the theft of personal information from their high-profile clients. The ransomware group RansomHub set a June 3rd deadline for Christie’s to pay the ransom. When Christie’s failed to comply, the group announced on their website that the stolen data had been sold to an anonymous third party for an undisclosed amount. RansomHub claims to have stolen information from at least 500,000 of Christie’s clients, including full names, passport details, and home addresses, though this number has not been confirmed.
RansomHub claims responsibility for Frontier breach
It seems the RansomHub gang has been busy over the last few months. The group is now claiming responsibility for the attack on Frontier Communications back in April. The RansomHub gang posted on their leak site that they stole 5GB of data and the information of over 2 million customers from the telecom giant. An SEC filing from May confirms Frontier experienced a breach and that the attackers were able to gain access to personal information but did not disclose how many people were potentially impacted. RansomHub claims they will publish the stolen data within the next week unless someone wishes to buy the data, which they can do so by contacting the ransomware group’s blog support.
(The Register), (Security Week)
Cyber-attack takes down Russian supermarket chain
A popular Russian discount retail chain, Verny, was hit by a cyberattack over the weekend, disrupting services and preventing the processing of bank cards and online orders. The attack took down the company’s website and mobile app, forcing stores to accept cash only. A representative from the company says they suspect the goal was extortion, though no ransom demand has been confirmed. It’s estimated the company’s losses could exceed 500 million rubles ($5.6 million) if operations are not restored soon.
Thanks to today’s episode sponsor, Conveyor
Teams like Lucid Software are finding in a free proof of concept that our AI is more accurate than the rest. Learn more at www.conveyor.com.
Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Impact of collection agency data breach escalates significantly
It was already bad when the debt collection agency Financial Business and Consumer Solutions (FBCS) reported that 1.9 million people were impacted in a breach back in April. Turns out that number was off by over a million. The agency now reports that over 3.2 million people were impacted in a breach that compromised information including names, social security numbers, and driver’s license numbers. FBCS handles debt collection from consumer credit, healthcare, commercial, auto, loans, and utilities.
New phishing kit hits the market
Cybercriminals have launched a new phishing kit named ‘V3B’ on Telegram, targeting customers of 54 major financial institutions across Europe. According to Bleeping Computer the phishing kit is available for $130-$450 per month with features including localization options, OTP/TAN/2FA support, live chat with victims, and various evasion mechanisms. V3B uses heavily obfuscated JavaScript and a custom CMS to evade detection, with professionally translated pages in multiple languages to allow for multi-country phishing campaigns.
New ransomware operation focuses on education sector
There’s no need to recreate the ransomware wheel. Researchers from Arctic Wolf discovered a new ransomware operation they are referring to as “Fog” that has been spotted performing old-fashioned ransomware attacks primarily targeted against the education sector. According to Dark Reading, throughout the month of May, “Fog” performed relatively standard-fare ransomware attacks: quickly infiltrating through a stolen virtual private network (VPN), encrypting data stored in virtualization environments, leaving a ransom note, but not exfiltrating anything and not performing any double or triple extortion attempts as we have seen in recent attacks.
EU Probes Microsoft 365 Education Over Privacy Concerns
The European Union is investigating Microsoft’s education-focused suite after a non-profit privacy rights group filed two complaints over concerns about how the data from the Microsoft 365 Education platform was being used. The privacy campaign group, noyb, alleges that minors’ data is being processed unlawfully and the company is being “consistently vague” about how the children’s information is being used. Noyb also claims Microsoft installs cookies without consent to track user behavior, affecting thousands of EU and EEA students. Noyb argues schools are not in a position to comply with EU law’s transparency requirements or data access rights. In a statement to TechCrunch, Microsoft said, “M365 for E ducation complies with GDPR and other applicable privacy laws.”