In today’s cybersecurity news…
CMC officially points finger at Scattered Spider for Marks & Spencer and Co-op attacks
Following up on our coverage of the attacks on British retailers Marks & Spencer, Co-op and Harrods, the U.K.-based Cyber Monitoring Centre (CMC), has now classified the attacks on Marks & Spencer and Co-op as a “single combined cyber event.” They attribute this appellation to the close timing and similar TTPs, including social engineering attacks on IT help desks. They have labeled it a “Category 2 systemic event,” with an anticipated financial impact of between $363 million and $592 million dollars. The Harrods attack has not yet been included in this assessment due to a current lack of adequate information about it.
Aflac investigating suspicious activity on its U.S. network
The largest provider of supplemental insurance in the United States is announcing this discovery, warning of its potential impact on Social Security numbers, information on claims and customer health, and PII related to “customers, beneficiaries, employees, agents, and other individuals in its U.S. business.” The company attributes the attack to the ongoing cybercrime campaign against the insurance industry and points out that the intrusion was stopped within hours. Its review is, of course, currently ongoing.
Russian dairy producers suffer cyberattack
The attack impacted the Mercury platform, part of Russia’s Federal State Information System for Veterinary Surveillance, and the country’s digital system for certifying animal-based products. It was taken offline earlier this week in what is being described as the most severe to date, compared to two previous attacks. This has forced producers and suppliers to revert to paper-based veterinary certificates. Under Russian law, “all businesses handling meat, dairy, eggs, and other animal products must register with Mercury and issue veterinary documents electronically. Without them, processors are legally barred from accepting raw milk, as digital certification is required to verify product authenticity and safety.”
Tonga’s Ministry of Health suffers cyberattack
A ransomware attack has affected the National Health Information System of this south Pacific island nation. The attack, which was discovered on June 15 impacts the system used to record and register hospital patients and contains full patient histories. It contains the history of all our patients, including their medical records, prescriptions, health risks and future plans for patients,” a spokesperon told reporters. “Cybersecurity experts from Australia arrived on Thursday to help the government resolve the issue.”
Huge thanks to our sponsor, ThreatLocker
Microsoft investigates OneDrive file search bug
This issue causes searches within OneDrive to appear blank or return no results in locations where files have been uploaded. The issue affects a subset of Windows, Android, iOS, and web users, says Microsoft, adding that there is no known workaround for those affected and no estimated timeline for a fix.
Cloudflare blocks record DDoS attack against hosting provider
The company mitigated this attack on hosting provider in May. Its peak was 7.3 TBps, which is 12% larger than the previous record. The attack used more than 122,000 source IP addresses spread across 161 countries, the majority based in Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. Cloudflare says it was able to mitigate the attack without human intervention, using a network-layer protection service called Magic Transit.
Qilin ransomware adds “Call Lawyer” feature to pressure for larger ransoms
In the face of increasing resistance and non-cooperation from ransomware victims generally, the Qilin ransomware-as-a-service (RaaS) group is now offering legal counsel for its affiliates to “help them put more pressure on victims to pay up.” According to Israeli cybersecurity company Cybereason, this new feature “takes the form of a ‘Call Lawyer’ button on the affiliate panel. This feature allows an affiliate ransomware group to bring a lawyer into the negotiations with its victims, taking advantage of the fact that many companies wish to avoid legal proceedings, and will therefore comply more readily.
German table napkin manufacturer closes due to ransomware
Fasana, a company based in Stotzheim in Germany, and which manufactures a range of table napkin products, has filed for insolvency following a May 19 ransomware attack that left the company unable to print delivery notes, which subsequently paralyzed business operations. No group has yet been publicly identified, and production has since resumed, but this has not been enough to save the company, which lost millions of euros in lost business plus the cost of recovery. They now have eight weeks to find a buyer.