ERPScan PR team

Week 45 Cyberattack Digest 2019 – Boardriders Inc., InterMed, Kudankulam nuclear power plant and others

As the time passes by, the new attacks take place. And here is a new compilation of the recent cyber incidents in our cyberattack digest week 45.

Not the best time for purchasing surfing equipment 

by SiliconANGLE – 7 November, 2019 

Well, surfing equipment manufacturer are not frequent victims of hackers. Nonetheless, Boardriders Inc., the owner of the worldwide renowned brands, Billabong and Quicksilver, has recently suffered a cyber incident — just before the beginning of the holiday shopping season.

About two weeks ago, the manufacturer experienced a breach performed by a third party. The malware that was used by a hacker disabled international operations, information technology systems, communications, and sales and distribution networks of the company.

“Recently, Boardriders Inc. was exposed to an increasingly common computer virus that impacted some of our systems in some regions. Our IT teams have been working to quickly restore our systems to support our operations, which are now largely transacting and shipping normally,” the officials commented. 

According to Ilia Kolochenko, chief executive officer of web security company ImmuniWeb, there is nothing surprising in attacks against retailers and e-commerces that take place during pre-holiday season. What is more, these are likely the increase by the end of the year.

Details of 30,000 InterMed patients might have been exposed 

by Washington Times – 7 November, 2019 

A health care provider from Portland, Maine, was targeted in a hack. According to the experts’ estimations, the cyber incident might have compromised the records of some 30,000 patients. InterMed officials revealed that an unauthorized malefactor managed to get access to the email account of an employee back in the beginning of September.

The Portland Press Herald informs that the hacked account may have stored patients’ names, birth dates, health insurance information and the Social Security numbers for 155 people.

According to InterMed spokesperson John Lamb, all the affected patients were warned about the recent security issue after a “manual review of all potentially impacted files” was conducted by an independent forensics team. 

InterMed CEO Dan McCormack commented that the attacked organization is currently “accelerating plans already underway to strengthen our security.”

Indian government confirms the attack on Kudankulam nuclear power plant 

by SC Media – 5 November, 2019

Last week, is was officially confirmed that Indian Kudankulam nuclear power plant became a victim of cyberattackers.

The attack was reported by threat analyst Pukhraj Singh on September 3, but the incident was not confirmed by the government until last week.

North Korea is believed to stand behind the incident. During the investigation, Avast conducted an interview with Sing. The expert revealed that he did not actually discover the attack, but communicated with those who disclosed the malicious actions.

Currently, there are few details of the incident are available, but according to Singh, extremely mission critical targets were involved. Still, the Indian government said that the control systems of the plant were not affected by the incident.

Healthcare sector has always been especially vulnerable to cyberattacks due to the potential risks that can be caused by security incidents. Never forget to care about your personal data and follow us on Twitter, Facebook, and LinkedIn.

Week 44 Cyberattack Digest 2019 – Spanish radio, the City of Joburg, 15,000 Georgian websites

Welcome to the cyberattack digest week 44. This time we will talk not only about some particular incidents, but even cyberattack floods descending on different countries.

Ransomware virus affects Spanish radio 

by Reuters – 4 November, 2019

Spain has fallen victim of a series of cyber incidents, that affected a number of companies including Cadena SER radio. The security issues were caused by a ransomware virus that impacted Cadena Ser’s local broadcasts. Still, according to the owner of a chain of local and countryside stations, the national output was not involved in the attack. “We have been recommended not to work on our computers in a network environment,” a source at the station commented. The rest of the victims were not named by The National Security Department.

Malefactors demanding a ransomware from Joburg

by Hashed Out – 29 October, 2019 

Spain was not the only country that experienced a series of cyber incidents recently as several major South African organizations have been involved in security incidents as well. 

Last Thursday, Oct. 24th, the City of Joburg revealed that the city network had been hit by a cyberattack. The breach was caused by a ransomware attack with hackers demanding a ransom of four Bitcoins (about R500,000 South African Rand or $37,000 USD). The malefactor or malefactors claimed to have obtained backdoors into the city systems and threatened to upload the stolen records online. Following the cyber incident, the main city systems were shut down, online services and bill payments were disabled al well. According to the city officials, the breach was accurately “timed to coincide with all City month end processes affecting both supplier payments and customer payments.”

The investigation is currently ongoing, but it’s no surprise that the incident has impacted the city and its citizens a lot.

Meanwhile, several DDoS attacks were performed on a number of websites of large South African banks. These included Standard Bank and ABSA. Despite the fact that the attack related to a different type, the attacker’s goal was the same: the malefactor wanted to get a ransom. As a result of the incident, several transactions were delayed and some services went down.

The CEO of the South African Banking Risk Information Centre (SABRIC), Susan Potgieter, commented: “We must emphasize that DDoS attacks like this one do not involve hacking or a data breach and therefore no customer data is at risk. It does however, involve increased traffic on networks necessary to access public facing services. This may cause minor disruptions.”

15,000 Georgian websites are affected by a wave of cyberattacks

by BBC – 28 October, 2019 

Finally, a wave of cyberattacks affected Georgia as well. Many website experienced a cyberattack that is also called defacement, as a result of which home pages are replaced with some images. This time the malefactors placed there an image of former President Mikheil Saakashvili and the caption “I’ll be back”.

While the real origin of the attack remains unknown, BBC Caucasus correspondent Rayhan Demytrie commented that people on social media were presuming that Russia might be behind the malicious actions. Over 15,000 pages were touched by the flood of cyberattacks. Among the affected websites, there were the presidential website, non-government organisations and private companies. According to cyber security experts, government websites of Georgia were “poorly protected and vulnerable to attack”.

“The scale of this attack is something we haven’t seen before,” commented Prof Alan Woodward, cyber security expert at Surrey University. 

That is all for today. Never forget to care about your security in advance and follow us on TwitterFacebook, and LinkedIn.