It was a Bad Week for Cyber Attacks

From Costa Rica, to Romania to Germany to Ontario to New Zealand, this week’s cyber weekly includes cyber attacks from around the world.

Thanks to all 1555 subscribers! If you like receiving the cyber news every week, be sure to show your support by sharing the weekly posts. It helps a lot!

Ontario County Hit with Ransomware Attack. Could be by Russian Cyber Criminals.

Elgin county, located in the province on Ontario, Canada, was the victim of a cyber attack that has left their website down since the beginning of April. And apparently 10% of their data was exposed online. Global News learned that the county is one of many victims of Russian-based ransomware syndicate.

“When groups delist stolen data, as appears to have happened here, it can mean a number of things, including that the target organization’s paid, or that it has agreed to come to the negotiating table,” said Brett Callow, a Vancouver Island-based threat analyst. (GlobalNews)

My thoughts: We may not be physically involved in fighting the current war, but cyber attacks are going to be on the rise. Russian-based cyber groups are working endlessly to target businesses in the virtual world.

New Zealand’s New Website Immediately Taken Out by DDoS Attack

New Zealand is worried about increasing sea levels. At some parts of the island, the sea levels are expected to increase 1.2 meters by year 2100. They’re worried about cities being covered in water years earlier than expected. They will also need to pick and choose what they rebuild and what they don’t due to limited resources. They decided to create a website to keep track of the rising sea levels. The website went live yesterday at 5am. It was immediately hit with 10,000 visits per second and killed the website. (RNZ)

Thoughts: This is what’s called a Denial-of-Service attack (DDoS) where the criminals send an inordinate amount of traffic to a website in an effort to “break it” or take it offline. We are going to see a lot of these attacks in the near future.

Romanian Websites Attacked by Pro-Russian Hacking Group

Last Friday, hacker group Killnet, attacked Romanian websites and institutions with a denial-of service attack (DDoS).

“The cyber assault hit the websites of the country’s defense ministry, border police, railway company CFR Calatori and a financial institution, which were not functional for several hours. Killnet had previously targeted institutions in the U.S, Estonia, Poland, the Czech Republic and NATO,” (Bloomberg)

My thoughts: DDoS is on the rise. Two things to help protect against it is 1) firewalls that are sophisticated enough to help prevent DDoS and 2) traffic scanning to alert you when traffic becomes abnormal.

Trinidad Supermarket Chain had to Shut all of it’s 21 Stores

Supermarket chain, Massy, were forced to close last Friday when they were hit with a ransomware attack that affected all their technical outputs. It was not possible to purchase anything with cards. They immediately shut off the customer facing technology and got to work. Their backups were not affected and they started to restore the systems immediately. There was no evidence of lost customer data and they didn’t comment on any financial losses. Normal operations resumed yesterday. (TrininadExpress)

My thoughts: Backups save the day! It seems like this company had solid IT personnel, infrastructure and processes in place to help recover their operations. This is one of the only stories I talk about that seems to have a relatively happy ending.

Over 4 Million Attacks on Costa Rica within a 24-Hour Period

The director of Digital Governance, Jorge Mora, the Ministry of Science, Innovation, Technology and Telecommunications said that there were more than 4 million attacks attempted on Costa Rica’s public institutions in a 24-hour period.

Here is the breakdown:

• 2.7 Million of Malware
• 800,000 Phishing
• 84,000 Crypto Mining
• 1.2 million of Command and Control Activities (Conti style)

He also explained during the call that “There were attempts of communication by means of control commands. They were mitigated and blocked. This weekend the Internet has been disconnected and the revision has begun”.

He went on to explain that these attempts were detected thanks to the protection systems recently installed by the institutions.” (TicoTimes)

My thoughts: We just spoke about Costa Rica last week. They immediately took action to protect themselves after the initial attack which saved them from this week’s 4 million attacks. This is the most ridiculous cyber news we spoke about, but thankfully, they protected themselves right away.

German Library Service Struggling to Get Back Up and Running After Cyber Attack

The attack on the German library service happened earlier in April and they’re still trying to get services back to normal. Apparently attacked by Lockbit ransomware group, they targeted the library’s service provider. The platform have over 200 libraries across Europe offering e-books, electronic newspapers, magazines, audio books and music. (TheRecord)

My thoughts: There are no shortages of cyber security stories, where a third party gets attacked, breached and wipes out their clients services or temporarily causes havoc.

‍