Australian and New Zealand Critical Infrastructure services impacted by cyber attack
Critical infrastructure services provider Ventia reported a cyberattack over the weekend, leading to certain systems being taken offline as a precaution. Ventia offers long-term management and maintenance services for critical infrastructure entities across defence, electricity, gas, environmental services, and water sectors. The firm operates over 400 sites in Australia and New Zealand with a workforce exceeding 35,000.
Ventia confirmed it had isolated some key systems in reaction to the cyberattack. The company is currently working with external experts and law enforcement to investigate the incident. Ventia's primary concerns during this process are ensuring the safety of its people, customers, and stakeholders.
Ventia stated that its operations were continuing under careful network monitoring for any irregular activity. The company anticipates a return to normal operations within the next few days. While specific details about the incident haven't been revealed, file-encrypting ransomware may have been involved, as system isolation is a common response strategy. Ventia has yet to disclose whether any data was compromised during the cyberattack.
Trinidad and Tobago government agency disrupted by cyberattack
The Trinidad and Tobago Ministry of Legal Affairs (AGLA) is managing the fallout from a recent cyberattack, disrupting their operations. With a population of 1.4 million, the island nation revealed last Friday that the Ministry of Digital Transformation had detected a cyberattack targeting the AGLA.
The specific date of the attack is unknown, but AGLA has reported outages and service disruptions from June 30 onwards, with electronic court documents served after that date going unread. The ministry admitted that the breach has significantly affected its operations and associated divisions.
Following initial threat minimisation actions, an ongoing investigation in conjunction with cyber security experts commenced. Some services were temporarily unavailable due to the cyberattack.
AGLA did not comment on when full services might resume. Government lawyers have reported being unable to access critical documents and emails for upcoming trials. Trinidad and Tobago's Cyber Security Incident Response Team (TT-CSIRT) issued an advisory, urging organisations to prepare against rising ransomware attacks.
Recent months have seen numerous cyberattacks on government agencies and infrastructure in island nations worldwide, including Martinique, Guadeloupe, Vanuatu, and Tonga. Trinidad also fell victim to an attack on its largest supermarket chain last year.
University of West Scotland impacted by cyber incident
The University of the West of Scotland (UWS) was dealing with a cyber incident that caused their website to be offline for several days. The university is working with the National Cyber Security Centre, Police Scotland, and the Scottish Government to manage the situation.
Despite the disruption, the university reassured that the upcoming graduations would proceed as planned. Police Scotland confirmed that an investigation is underway.
The National Cyber Security Centre provided support to UWS during the incident. The university, which has campuses in Paisley, Ayr, Dumfries, Blantyre, and London, is making steady progress towards resolution through a controlled process in consultation with external support.. The university continues to take all necessary precautions to restore its digital systems.
Fan Fiction Archive AO3 recovers from DDoS attack
The fanfiction platform Archive of Our Own (AO3) has recovered from a series of distributed-denial-of-service (DDoS) attacks that had the website offline for over a day. The company confirmed via its Twitter account that the DDoS caused its servers to crash.
AO3 declared it was back online on Tuesday, though it acknowledged further optimisation work was necessary for their newly implemented Cloudflare setup. Despite minor loading delays, the site was accessible.
A group purporting to be Anonymous Sudan took credit for the attack, demanding a ransom to halt the operation. Yet, AO3 reassured users that such attacks don't compromise personal data, eliminating the need for password changes.
AO3 cautioned users to view the group's claims sceptically, citing cybersecurity experts who question the group's affiliations and motives. Although the group threatened a sustained attack and demanded a Bitcoin ransom equivalent to $30k, AO3, a volunteer-run platform reliant on user donations, is unlikely to afford such a ransom, even if the threat proves legitimate.
Hackers stole $20 million from financial technology company, Revolut
Cybercriminals stole over $20 million from fintech firm Revolut, exploiting a software loophole within its US payment system.
According to a report by the Financial Times (FT), the cyber security breach persisted undetected for several months in 2022. The issue is yet to be publicly addressed by Revolut.
According to the FT's sources, the software flaw caused communication issues between Revolut's European and US payment systems. Transactions declined were mistakenly reimbursed by the bank rather than from the account holder's funds, a loophole unscrupulously leveraged by cybercriminals to steal about $23 million.
Although the refund issue was flagged intermittently in 2021, organised criminals purposefully made hefty purchases they knew would be declined in 2022, then withdrew the wrongly refunded sums via ATMs.
When Revolut's US partner bank noticed dwindling funds, the company was alerted and the software vulnerability was rectified in spring 2022. Despite some stolen money being recovered, the company endured an overall loss of approximately $20 million. This incident highlights how cyberattacks, can often lurk undiscovered for extended periods of time.
