Russian Ransomware group targets Australia’s Fortescue Metals
Fortescue Metals, an Australian iron ore mining firm, has been subject to a cyber-attack with Russian ransomware collective C10pm allegedly responsible. The mining firm confirmed that a breach, labelling it a “low-impact cyber incident” had transpired on May 28th .
According to a Fortescue statement, the data revealed was not of a confidential nature, leading to the exposure of a minor segment of data from their networks. The authenticity of C10p’s assertions regarding the breach's nature remains unverified.
Following the gangs usual modus operandi the ransomware group chastised the firm, stating: “The company doesn’t care about its customers, it ignored their security!!!” A phrase they regularly use following their claimed cyber-attacks.
So far no Fortescue files or data have been disclosed yet, providing the world’s fourth-largest iron ore exporter an opportunity to discuss a potential ransom.
Number of recorded cyber-attacks hits a two year high due to ransomware resurgence
According to a study by Check Point Research (CPR) The number of recorded cyber-attacks reached a two year high peak in Q2 2023, propelled by increased hacktivist and ransomware group activity. The report showed an 8% surge in attack frequency, with organisations worldwide enduring an average of 1,258 strikes weekly.
The education and research sector, despite experiencing fewer attacks compared to the previous year, remained the most targeted in Q2. UK academic institutions have been particularly affected in 2023, with the University of Manchester experiencing a major breach in June that compromised research data of over 1.1 million NHS patients.
The healthcare sector, a consistent target for cybercriminals, witnessed a substantial year-on-year attack surge in Q2, averaging 1,744 attacks per week - a 30% YoY increase. The ALPHV ransomware group recently targeted Barts NHS Trust, claiming to have stolen over 70 terabytes of data, constituting the largest healthcare data breach in the UK to date.
High-profile ransomware groups have also made a resurgence with alternative analysis from FlashPoint suggests that LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks in June, targeting almost half of US-based organisations.
Cl0p claimed responsibility for the MOVEit supply chain attack, which had a domino effect on organisations worldwide, including British Airways, Boots, and the BBC. Meanwhile, LockBit continues its aggressive streak, including an attack on Taiwanese chipmaker, TSMC's third-party supplier.
Overlooked or missing vulnerability disclosures present another concern, with 395 out of 1,828 new vulnerabilities in June missed by the Common Vulnerabilities and Exposures (CVE) program. Over one-third of these missed disclosures are rated as high or critical vulnerabilities, posing a significant risk to organisations.
Norwegian Mining Firm Tomra impacted by cyber attack
On Monday, Tomra, a Norwegian firm operating in the recycling, mining and food sectors, announced that it was the victim of a widespread cyberattack.
The firm's data systems have been directly impacted by the cyber attack. Tomra confirmed that relevant authorities had been informed, and efforts are underway internally and externally to manage and neutralise the situation. The intrusion was detected on the morning of July 16, and immediate steps were taken to halt the attack and minimise its consequences.
In a statement the company said that certain systems were swiftly disconnected to curtail the cyber attack's spread. The company is currently assessing whether the stability of its services offered to customers and employees might be affected.
While Tomra did not comment on whether it was a ransomware attack, the company's primary objective is to swiftly restore all systems. So far no cybercriminal group had claimed responsibility for the attack.
Tomra is renowned for its automated tools, especially its machines that collect metal, plastic, and glass beverage containers for recycling. The company also significantly contributes to waste and metal recycling, mining and food production.
If the incident is indeed a ransomware attack, it adds to a growing list of similar attacks targeting mining and food industries. Over the past year, companies like Copper Mountain Mining, Dole, Sysco, Mondelez, Americold, Maple Leaf Foods, and various fast-food chains have been attacked. There were 52 ransomware attacks on the food and beverage supply chain sector in 2022.
Estée Lauder hit by Cyber Attack
On Tuesday, cosmetics company Estée Lauder (EL.N) disclosed that a cybercriminal had accessed some of its data, causing ongoing disruptions to portions of the company's business operations.
Estée Lauder said it was taking necessary measures to restore the affected systems and fortify its operations. As part of its immediate response, it had to take certain systems offline to limit the impact of the cyber incident. The nature and extent of the compromised data are currently under investigation, but no additional details concerning the operational impact have been shared.
This cyber breach emerges at a critical juncture for the company, which had previously projected lower-than-expected sales and profit for the year in May, citing sluggish recovery in duty-free and travel locations, particularly in Asia.
In its official statement, it confirmed that it had engaged with law enforcement agencies and cyber security specialists in response to the incident. Both the BlackCat and Clop ransomware gangs have claimed responsibility. Clop listed the company on its dark web leak site after claiming Estee Lauder failed to negotiate. Later on the same day BlackCat listed the company on its own leak site.
