Cybersécurité dans l'espace: comment Thales relève les défis à venir
On 21 November 2022, the Spanish Ministry of Economy and Digital Transformation has suffered a cyber attack. Indeed, employees reportedly found that their computer equipment was acting independently of their will. This suggests that attackers were able to carry out an intrusion attack, possibly using phishing as the initial entry point, and then drop a malicious payload allowing them to control the compromised computer remotely via the SARA network. The SARA network is the internal network of public institutions that allows for the rapid exchange of data between different departments. This type of network is often easy to use and considered by employees as a safe tool that they do not need to be wary of. Therefore, it is the perfect interface for an attacker to spread a malicious payload: fast, discreet and affecting all branches of public organisations. This attack was possibly aimed at espionage or data theft, as according to the media investigating the attack, the targeted sector was the analysis department, where all economic forecasts are produced and distributed. For the moment it is not yet possible to know whether data was stolen, or who was behind the attack. Nevertheless, it is likely that the attackers were not careful in their operation, as being detected by using live interfaces of a computer in use by employees crystallises a lack of professionalism. In parallel, it is noted that during October 2022, the General Council of the Judiciary detected a cyber attack that affected the Judicial Neutral Point (JNP), the telecommunications network that connects the judicial bodies to other state institutions. Read more about it : here
On 4 November 2022, the cybercriminal group LockBit 3.0 ransomware revealed a second wave of attack claims targeting three European companies and organisations, among others. This second wave of claims follows the first one on 29 October. The companies affected are as follows: Hettich, a manufacturing company from Netherland Continental, an IT provider company from Germany Tekniplex, an industrial of advanced plastic & rubber polymer technology company, from Belgium. These four companies were added to the victims at the same time, and each has between 1 and 9 days to meet LockBit's requirements. The impact of this attack could be significant for businesses and have a high financial cost if they agree to pay the ransom. The data stolen or the status of the companies' platforms has not been disclosed, but it is assumed that some of the victims' connected work features will be unusable. Read more about it : here, here, here and here
On November 11, 2022, the cyber criminal group ViceSociety claimed responsibility for a ransomware attack against Rhein-Pfalz-Kreis, a German district in Rhineland-Palatinate. According to an official statement from the district, the attack took place on October 24, 2022. The district's website "https://www.rhein-pfalz-kreis.de/" is currently still inaccessible and indicates that it is unreachable following a cyber attack. Read more about it : here
On 8 November 2022, the departmental council of Seine et Marne in France announced that its IT infrastructure was unusable and blocked. Despite the intervention of a crisis unit, the department announced that it would not be able to resume normal activity for at least 6 weeks. IT staff were forced to shut down the servers that were attacked to prevent further damage. Departmental staff are unable to receive or send emails or access their internal files, which puts the administration in difficulty in providing social services to citizens. Read more about it : here
On 22 November 2022, a cybercriminal identified as "Diana" posted the database of the German company schutznetze24 on a leaky forum. The company is a manufacturer of wire mesh for a variety of uses, from hanging livestock feed to securing construction sites. It claims to have 266,000 user records, including user ID, name, email address, password, etc. Read more about it : here
On 3 November 2022, the ransomware cybercrime group Hive Ransomware posted the Italian company Landi Renzo as a victim on its "HiveLeak" website. The attack is believed to have taken place on 18 October. Some of the company's servers were reportedly rendered unavailable by the attack and Landi Renzo was forced to call in a task force of cyber experts to investigate the damage. It is believed that although the damage temporarily halted production lines, automatic data backups worked and allowed IT staff to get the systems up and running again. Curtrently Landi Renzo is the world leader in the design and integration of fleet and passenger vehicle systems powered by eco-friendly fuel. The impact of this attack is significant. Although the teams have the capacity to repair the computer damage, production lines have been shut down as a result of the attack, likely resulting in financial losses and delays in customer contracts. These delays and security problems may result in a loss of reputation with partners and potential future customers. Read more about it : here
On November 11, 2022, the threat actor "0x_dump" claimed to have hacked the multinational investment bank "Deutsche Bank" and allegedly offered access to its network for sale online. The attacker claims to have access to about 21,000 machines on the bank's network, most of which are Windows systems, and says he has gained access to chat services used for internal communications. It also allegedly stole 16 terabytes of data. The access is for sale for 7.5 bitcoins which is approximately $156,274. Read more about it : here
On 8 November 2022, the telecommunications company Orange informed its Spanish customers that one of its suppliers had suffered a cyber security breach. One of the affected subcontractors is believed to be a debt collection service and has had data exfiltrated about some of the company's buyers. Although the number of customers affected is unknown at this time, all affected customers have reportedly been notified of the leak via email or SMS. The data stolen from the subcontractor is said to contain the full name, postal address, telephone number, email, DNI/NIE numbers, delivery date, nationality and IBAN code of the current account of some buyers. Read more about it : here
On 22 November 2022, the pro-Russian hacktivist group KillNet announced that it had launched a series of DDoS attacks against several official websites in Britain. The sites affected were: the Royal Family website, the London Stock Exchange website, the BacsUK website and the British Army website. During the attack, all sites were accessible from the US, but the British Army site appeared to be under maintenance. Read more about it : here
On october 31, 2022, the French city of Brunoy suffered a cyber attack, probably of the ransomware type, in view of the communication made by the town hall. The latter also said that the administration's entire work network had been blocked in order to stop the spread of the malware while the extent of the attack was assessed. Despite the fact that administrative work is affected, municipal facilities such as the Town Hall, leisure centres, nurseries and the municipal police remain open. The impact of this attack on the town hall of Brunoy is probably minor. Indeed, most essential basic services remain active for the moment and only purely administrative matters should be stopped and delayed until the crisis is resolved. Read more about it : here