Weekly Cyber News Roundup

February 10th to February 16th 2024

Content 

01. News Bites
  • France hit by largest ever cyber security breach with 33 million people impacted.
  • UN Probes North Korea's $3 Billion Cyber Heists Funding WMD Development Amid Sanctions Defiance.
  • Ransomware Attack Hits Over 100 Romanian Hospitals, Forcing Return to Pen and Paper.
  • Up to 10% of Southern Water Customer Data Compromised in Cyber Attack.
  • Hacktivist Group Targets Iranian Parliament Servers Ahead of Elections, Claims Major Cyberattack.
02. Conclusion

Quick News Bites

France hit by largest ever cyber security breach with 33 million people impacted

Last week France witnessed its largest ever data breach that affected 33 million individuals, nearly half its population.

The breach targeted two service providers for medical insurance companies, Viamedis and Almerys, exposing a vast amount of personal data to potential hacker exploitation. The event marked a significant moment, described by cyber security experts, as unprecedented in scale. Occurring within days of each other at the start of February, the cyberattacks have raised concerns over the security of the "tiers payant" payment system, which allows patients to receive medical services without upfront payment.

The French data protection authority, CNIL, issued warnings about increased phishing risks, urging the public to verify the authenticity of communications from official sources. Affected individuals are to be notified by their health insurance providers in accordance with GDPR regulations. Viamedis revealed that the breach was due to phishing attacks that compromised health professionals' logins. Almerys meanwhile reported an intrusion into a health professional portal without compromising its central system. Both entities have since filed legal complaints, initiating an investigation.

The leaked data encompasses sensitive personal information, including marital status, dates of birth, social security numbers, health insurer names, and coverage details, though it reassuringly excludes bank, medical, address, and contact information.

UN Probes North Korea's $3 Billion Cyber Heists Funding WMD Development Amid Sanctions Defiance

UN sanctions monitors announced that they are investigating 58 suspected cyber-attacks by North Korea that targeted cryptocurrency-related companies between 2017 and 2023 with the aim of amassing approximately $3 billion. A sum that is reportedly aiding the further development of North Korea's weapons of mass destruction (WMD) programs. These findings, part of an unpublished UN report obtained by Reuters, underscore North Korea's persistent defiance of Security Council sanctions. Despite previous denials from Pyongyang regarding its involvement in cyber-attacks, the report highlights the sophisticated nature of these operations, often linked to Pyongyang's primary foreign intelligence agency.

The activities include targeting defence companies and their supply chains, sharing infrastructure and tools among hackers, and engaging in illicit financial operations to bypass sanctions. These efforts contribute to North Korea's continued development and production of nuclear materials and ballistic missile launches, despite a halt of nuclear tests since 2017.

The report also notes North Korea's deepening military relations with Russia and attempts to circumvent sanctions through the export of conventional arms and munitions, as well as the employment of DPRK nationals overseas in violation of UN mandates.

Ransomware Attack Hits Over 100 Romanian Hospitals, Forcing Return to Pen and Paper

Romania's healthcare system was hit by a significant ransomware attack earlier this week with it impacting over a hundred facilities, including children's and emergency hospitals.

Attackers demanded 3.5 Bitcoin (over £130,000) to decrypt vital files. Fortunately, recent backups have minimized the damage.

The attack, targeted a key medical information system, overnight on Monday and is under investigation by Romania's National Cyber Security Directorate (DNSC) and IT specialists. While 25 hospitals were directly affected, starting with The Pitesti Paediatric Hospital, 79 additional facilities went offline as a precaution. The malware type has been identified as Backmydata ransomware, but the perpetrators remain unknown.

Despite the challenges, most hospitals are expected to recover quickly due to the existing data backups, though the incident has disrupted patient services and could potentially affect critical medical equipment.

Up to 10% of Southern Water Customer Data Compromised in Cyber Attack

Southern Water announced a cyber attack on Tuesday that compromised data for 5-10% of its customers, potentially affecting personal and financial details.

The utility, serving areas including Kent, Sussex, Hampshire, and the Isle of Wight, alerted customers and regulators and enlisted cyber security experts for assistance. The breach might involve names, birth dates, national insurance numbers, and bank details. The incident, revealed after Southern Water detected suspicious IT activity and a cybercrime website mention, is under forensic review. While services remain unaffected, the company is notifying impacted customers and employees, and monitoring the dark web for stolen data. The Information Commissioner's Office is investigating the breach, advising concerned individuals to contact them.

Hacktivist Group Targets Iranian Parliament Servers Ahead of Elections, Claims Major Cyberattack

The hacktivist group Uprising till Overthrow has claimed responsibility for a significant cyberattack on Iran's Khaneh Mellat News Agency, affecting 600 parliamentary servers including commission, main chamber, and banking systems.

Affiliated with the Albania-based opposition Mujahideen-e Khalq (MEK) organization the group's action targets the Iranian Parliament's media arm amidst concerns over the integrity of the March 1st parliamentary elections, following candidate disqualifications.

This attack is part of a broader pattern of cyber operations against the Iranian government and infrastructure by various groups, highlighting ongoing digital resistance efforts.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.