Weekly Cyber News Roundup

March 9th to March 15th 2024

Content 

01. News Bites
  • French Government Institutions Targeted in Massive Cyberattack.
  • Belgian Beer Giant Duvel Hit by Ransomware Attack, Halting Production at Four Breweries.
  • Leicester City Council Battles Cyber Attack, IT Recovery Expected to Take Days.
  • Estonia hit by unprecedented DDoS Cyber Attacks targeting state institutions.
  • EquiLend confirms customer data theft in January 2024 Ransomware attack.
02. Conclusion

Quick News Bites

French Government Institutions Targeted in Massive Cyberattack

Several French government agencies have become the targets of cyberattacks of "unprecedented intensity”. The French Prime Minister's office confirmed the attacks, highlighting the efforts to mitigate their impact through the activation of a crisis cell and the deployment of countermeasures, effectively restoring access to most state websites. The attacks, which utilized well-known techniques but on a scale not seen before, were particularly alarming given their timing before the Paris Olympics and the European Parliament elections, underscoring the vulnerability of significant events to digital threats.

Despite speculation, these cyber offensives have not been directly linked to Russia, a notable consideration given France's backing of Ukraine amidst the ongoing conflict. Instead, Anonymous Sudan has claimed responsibility for launching a massive distributed denial of service (DDoS) attack on French government network infrastructure.

This incident sheds light on the ever-present cyber threats from various groups, with motives ranging from political to ideological, highlighting the complex landscape of cyber security and the imperative need for vigilance and robust protective measure

Belgian Beer Giant Duvel Hit by Ransomware Attack, Halting Production at Four Breweries

Duvel, a renowned Belgian brewery, experienced a significant disruption in its operations due to a cyber-attack, presumed to be ransomware, that targeted its production facilities. The attack, which occurred overnight between Tuesday and Wednesday, initially forced the shutdown of five breweries, with one in Belgium and another in Kansas City among those affected.

The company's IT systems' built-in alarms and controls allowed for a swift response, leading to the immediate shutdown of servers to mitigate the attack's impact. As a result, production was halted at four of the Belgian sites. However, the Puurs-Sint-Amands brewery in Belgium has since resumed operations, while the status of the remaining sites and the potential impact on Duvel's beer supply, including popular brands like Chouffe, Vedett, and Liefmans, remains uncertain.

With a history dating back to 1871 and revenues of over €580 million from producing around 230 million litres of beer, the company is currently investigating the breach and has informed the media of the ransomware nature of the attack.

Leicester City Council Battles Cyber Attack, IT Recovery Expected to Take Days

Leicester City Council is grappling with the aftermath of a cyber-attack that disrupted its IT systems and phone lines, highlighting the growing threat to UK public services.

The attack, which occurred last Thursday, has seen the National Cyber Security Centre (NCSC) investigate and address the breach. Efforts over the weekend involved learning from similar incidents at other councils to formulate a recovery plan, aiming to begin restoration of critical services by mid-week. This incident underscores a broader trend of cyber vulnerabilities within local governments, as demonstrated by recent attacks on councils in Kent and Gloucester, which have sparked debate over national cyber security preparedness.

The UK's Joint Committee on the National Security Strategy has criticised the government's response to the escalating cyber threat facing local authorities, pointing out a dire need for enhanced support and resources to safeguard essential local services against such attacks.

Estonia hit by unprecedented DDoS Cyber Attacks targeting state institutions

Over the weekend, Estonia experienced its most significant wave of distributed denial of service (DDoS) attacks yet, targeting numerous state institutions.

Despite the scale of the assaults, the impact on the affected websites and services was largely contained thanks to effective mitigation strategies. The Information System Authority (RIA) disclosed that the attacks impacted several public sector websites, including the Police and Border Guard Board, the Tax and Customs Board, and the Ministry of Justice, causing brief disruptions and slower operational speeds, particularly on Saturday afternoon.

Thanks to the implementation of technical countermeasures in recent years, covering major public sector websites and extending support to the private sector, the RIA's CERT-EE incident response team was able to quickly reduce the attacks' effects. Over three billion malicious requests were reported on Saturday alone.

Pro-Kremlin hacktivist groups, seeking to demonstrate their capability to disrupt life in Western countries and create instability, have mostly claimed responsibility for these attacks, in line with Russia's broader objectives amidst its invasion of Ukraine.

EquiLend Confirms Customer Data Theft in January 2024 Ransomware Attack

Back in January 2024, EquiLend, a leading financial technology and analytics firm, confirmed it was the victim of a significant data breach involving customer information due to a ransomware attack. This breach was initially identified as a technical issue on January 22, which prompted a swift investigation by EquiLend, revealing unauthorized access by cybercriminals.

Although initial assessments found no evidence of data exfiltration, the LockBit ransomware group later claimed responsibility. Following a detailed investigation, EquiLend has now informed its customers that personally identifiable information (PII), including names, birth dates, and Social Security numbers, was indeed stolen.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.