Let’s travel together.

Cybersecurity News Round-Up: Week of January 24, 2022

Hello and welcome back to the GlobalSign blog. Fortunately there have not been any new major incidents, but of course, there’s still plenty of news to cover! Let’s dig in.

The LockBit ransomware gang is claiming to have hit France’s Ministry of Justice as part of its recent spree of ransomware attacks, such as Linux servers. According to the group’s official website the Ministry has 13 days to meet its demands or sensitive data of it will be published on February 10th. Targets of the attack supposedly extend beyond the Ministry, and includes entities in Spain, Italy, France, Germany and the United Kingdom.

Canada’s federal government confirmed this week it was responding to a “cyber incident” that was first detected on Jan. 19 targeting Global Affairs Canada (GAC). While mitigation actions were taken on the same day, the attacks continued to cause disruptions to numerous departmental systems on Monday and would take “days” to address, sources told National Post.

The Belarusian hacktivist group, known as The Belarusian Cyber-Partisans allegedly launched a ransomware attack against Belarus’s railway system. The hacktivist organization revealed the details on Twitter, claiming it encrypted the Belarusian Railways’ networks, which crippled the system and disrupted their ticket sales. They say they implemented the attack in protest of the government of President Alexander Lukashenko and the surge in Russian troops movements across Belarus. The hacktivists criticized the policies of Lukashenko, referring to him as a “terrorist,” and posted a list of demands to provide encryption keys to unlock the system.

Germany’s domestic intelligence services, known as the BfV, is warning of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. The latest campaign targets German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) to backdoor their networks. The agency said the threat group’s goal is to steal sensitive information and may also attempt to target their victims’ customers in supply chain attacks. A year ago, APT27 was thought to be behind some attacks on major videogame companies.

Another week, another warning from Microsoft. This time, the software giant is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails. The attackers are sending emails to “hundreds” of Office 365 customers. A potentially malicious app, dubbed ‘Upgrade’, asks users to grant it OAuth permissions that would allow attackers to create inbox rules, read and write emails and calendar items, and read contacts, according to Microsoft Security Intelligence.

NewsRoundUp_Jan24_Busted.pngIn a piece of actual positive news (imagine that), officials this week with the Canadian Radio-television and Telecommunications Commission (CRTC) shut down CanadianHQ. The CRTC claims Canadian HQ has become one of the largest Dark Web marketplaces in the world. In a statement, CRTC chief compliance and enforcement officer Steven Harroun said Canadian HeadQuarters, also known and Canadian HQ, was “…significantly contributed to harmful cyber activity in Canada.”

Finally, U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler is exploring an expansion of the SEC’s core cybersecurity rules to cover a broader swath of entities and require public companies to improve disclosure of breaches and risks. In a speech on Monday, Gensler said that SEC staff may update the commission’s “Regulation Systems Compliance and Integrity,” or Reg SCI, which the SEC adopted in 2014. SEC staff is considering recommendations on bolstering the financial sector’s cybersecurity hygiene and incident reporting, how customers and clients receive notifications of financial sector breaches and how public companies disclose cybersecurity practices and risks. And he wants staff to examine how to better address cyber risk that comes from service providers.

That’s a wrap for this week. Thanks for stopping by our blog and have a great weekend!

Amy

Top Global Industry News

HackRead (January 27, 2022) LockBit ransomware hits French Ministry of Justice & European firms

The infamous LockBit ransomware gang is claiming to have hit the Ministry of Justice of France (justice.fr) as part of its recent spree of ransomware attacks. Although the details of the attack are limited, according to the group’s official website the Ministry has 13 days to meet its demands or sensitive data of it will be published on February 10th, 2022.

Hackread.com can exclusively confirm that the ransomware attack was not limited to the French Ministry of Justice. In fact, the group is claiming responsibility for hitting several top companies and businesses in several European countries including Spain, Italy, France, Germany, and United Kingdom.

The full list of recent alleged victims of the LockBit ransomware gang are:

  • Izo Group, Spain (Izo.es)
  • ESTPM, France (Estpm.fr)
  • City of Saint Cloud, France (Saintcloud.fr)
  • Joda, Germany (Joda.de)
  • Heubeck AG, Germany (Heubeck.de)
  • Isnardi, Italy (Isnardi.it)
  • La Ponte Marmi Srl, Italy (laponte.it)
  • AMBAU Personalservice, Germany (Ambau-team.de)
  • Girlguiding Charity, United Kingdom (Girlguidinglaser.org.uk)

READ MORE

ZDNet (January 27, 2022) $300,000 in fines issued as Canadian officials take down dark web marketplace

Officials said they shut down CanadianHQ, which they claimed was one of the largest Dark Web marketplaces in the world.

Officials with the Canadian Radio-television and Telecommunications Commission (CRTC) said they took down dark web marketplace Canadian HeadQuarters on Wednesday and fined four of those involved in the platform.

In a statement, CRTC chief compliance and enforcement officer Steven Harroun said Canadian HeadQuarters, also known and Canadian HQ, was “one of the largest Dark Web marketplaces in the world and significantly contributed to harmful cyber activity in Canada.”

CRTC staff executed warrants in the greater Montreal area through 2020 and 2021 that led to the marketplace being taken offline. They also issued fines to Chris Tyrone Dracos, Marc Anthony Younes, Souial Amarak and Moustapha Sabir. Dracos was given a $150,000 fine, and the other three were given $50,000 fines.

READ MORE

Bleeping Computer (January 26, 2022) German govt warns of APT27 hackers backdooring business networks

The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.

This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) to backdoor their networks.

HyperBro helps the threat actors maintain persistence on the victims’ networks by acting as an in-memory backdoor with remote administration capabilities.

The agency said the threat group’s goal is to steal sensitive information and may also attempt to target their victims’ customers in supply chain attacks.

READ MORE

HackRead (January 25, 2022) Cyber-Partisans hackers hit Belarus railroad system with ransomware attack

Belarusian hacktivist group, known as The Belarusian Cyber-Partisans allegedly launched a ransomware attack against Belarus’s railway system to protest against the government of President Alexander Lukashenko and the surge in Russian troops movements across Belarus.

The hacktivist group took to Twitter to reveal details of the hack. The group claimed it encrypted the Belarusian Railways’ networks, which crippled the system and disrupted their ticket sales.

The hacktivists criticized the policies of Lukashenko, referring to him as a “terrorist,” and posted a list of demands to provide encryption keys to unlock the system.

READ MORE

ZDNet (January 25, 2022) Microsoft warns about this phishing attack that wants to read your emails

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.

Microsoft’s Security Intelligence team warned this week that attackers are sending the OAuth phishing emails to “hundreds” of Office 365 customers.

The potentially malicious app, dubbed ‘Upgrade’, asks users to grant it OAuth permissions that would allow attackers to create inbox rules, read and write emails and calendar items, and read contacts, according to Microsoft Security Intelligence.

READ MORE

Cyberscoop (January 25, 2022) SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector

U.S. Securities and Exchange Commission Chairman Gary Gensler is exploring an expansion of the SEC’s core cybersecurity rules to cover a broader swath of entities and require public companies to improve disclosure of breaches and risks.

Gensler said in a speech on Monday that he instructed staff to look into an update of the commission’s “Regulation Systems Compliance and Integrity,” or Reg SCI, which the SEC adopted in 2014. Staff will examine whether the regulation — under which trading organizations and others must take security steps like backing up data — should extend to include the largest market-makers and broker-dealers.

Gensler also said he asked staff to consider recommendations on bolstering the financial sector’s cybersecurity hygiene and incident reporting, how customers and clients receive notifications of financial sector breaches and how public companies disclose cybersecurity practices and risks. And he wants staff to examine how to better address cyber risk that comes from service providers.

READ MORE

National Post (January 24, 2022) Canada’s foreign affairs department targeted in ‘significant’ cyber attack

The federal government confirmed on Monday that it was responding to a “cyber incident” that was first detected on Jan. 19 targeting Global Affairs Canada (GAC).

Mitigation actions were taken on the same day, but the attacks continued to cause disruptions to a host of departmental systems on Monday and would take “days” to address, sources told National Post. For example, many said they were barred from browsing the Internet, but could still use their work email.

“Critical services for Canadians through Global Affairs Canada are currently functioning. Some access to Internet and internet-based services are not currently available as part of the mitigation measures and work is underway to restore them,” read a statement from the Treasury Board of Canada Secretariat.

READ MORE

Other Top Industry News

Malicious PowerPoint files used to push remote access trojans – Bleeping Computer

Merck wins cyber-insurance lawsuit related to NotPetya attack – The Record by Recorded Future

Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans – Portswigger

Pennsylvania approves ransomware bill – InfoSecurity

Push to Explain What Software Contains Gains Steam After Log4j Flaw – Wall Street Journal (requires subscription)

Outpatient Facilities Continue To Be Targeted In Healthcare Cyberattacks – HealthITSecurity

Segway store hacked to steal customers’ credit cards – Bleeping Computer

FCC Proposes Stricter Regulations for Data Breach Disclosure – Security Boulevard

Analyst Insights on the key issues facing the IoT Industrial Sector in Q1 2022 – IoT Now News & Reports

New rules on security of connected devices – Lexology

Comments are closed.