Capita cyber attack fallout continues as 90 organisations report data breaches to watchdog
US city of Augusta held hostage by BlackByte ransomware gang
60% spike in attempted cyberattacks on Irish hospitals and healthcare settings
The fallout from the Capita cyber attack continues as the UK-based outsourcing company was reported by 90 companies for personal data breaches to the Information Commissioner's Office (ICO). The cyber-attack in March (now confirmed as a ransomware attack) hit the headlines but worse was to come as it was later revealed that Capita had left a considerable volume of data unprotected online.
Warnings about potential exposure are currently being issued to hundreds of thousands of individuals. Capita assured that remedial actions are underway to secure the data, but the scale of the breach is immense, impacting numerous public and private organisations that rely on Capita's services. This includes a myriad of corporate pension schemes and local authorities.
Despite concerns from local councils about possible personal data exposure, Capita originally downplayed the risk. Nonetheless, the ICO is urging all organisations to assess the potential impact on their data.
One example of the far-reaching effects is the Universities Superannuation Scheme (USS) pension fund, which is currently informing its 500,000 members that their personal data might be at risk. The breach possibly includes personal details such as names, dates of birth, National Insurance numbers, and retirement dates.
The ransomware group, BlackByte, has claimed accountability for a cyber attack on the US city of Augusta, Georgia, revealing 10GB of sample data and stating they have more to offer. The group warned, "We have a wealth of sensitive data," in a screenshot shared by threat analysts. BlackByte threatened that much more data would soon be freely available to all.
The group also posted on a hacker forum about having additional data for sale. Augusta authorities confirmed encountering technical issues from May 21 due to unauthorised system access.
Analysis of the released 10GB sample revealed it contained payroll information, contact details, personally identifiable information (PII), addresses, contacts, and city budget allocation data, however, the origin and authenticity of the leaked data could not be confirmed.
BlackByte, a Russia-based ransomware group, has been targeting businesses globally since July 2021, using double extortion to coerce payments from victims. Both the FBI and US Secret Service have previously issued warnings about the group. The ransom demanded for data deletion is $400,000, but BlackByte is willing to sell the data to third parties for $300,000.
Irish hospitals and healthcare environments are experiencing a surge in cyberattacks, with a 60% increase over the past eight weeks. The rise poses grave threats to patient care and data security.
This surge comes two years after a significant ransomware attack on the Health Service Executive (HSE), which led to significant disruption and illicit access and duplication of information stored on computer systems. The HSE estimated the immediate cost of the cyberattack at around €100m, with long-term costs possibly reaching €500m.
According to a report from the Comptroller and Auditor General (C&AG) last September, the HSE needs to spend almost €657m over seven years to improve cybersecurity in the aftermath of the breach.
The healthcare sector is a prime target for cybercriminals due to the vast amounts of sensitive patient data stored and the critical nature of health services, which can increase the likelihood of paying ransoms to restore operations swiftly.
Anonymous Sudan", a hacker group, has surprised Scandinavian Airlines (SAS) by demanding a hefty $3 million to cease the distributed denial-of-service attacks (DDoS) that have been targeting the airline's online platforms since February. Originally claiming political motivations, the group now appears to be adopting extortion tactics for financial gain.
The group shared a ransom note via its Telegram channel, suggesting that SAS services have been immobilised for over five days. They warned that the company risks further alienating its already disgruntled clientele if no action is taken. Despite these claims, the company's website is functioning.
SAS has acknowledged the website issue in response to customer complaints on Facebook and promised a swift resolution. However, SAS has remained silent regarding inquiries from The Record.
Simultaneously, Anonymous Sudan has been escalating their demands, increasing from a modest $3,500 to an eye-watering $3 million.
The threat posed by hacktivist groups to businesses is significant, especially given their ability to leverage both political and financial motivations. With the skills to launch destructive cyber-attacks, they can disrupt business operations, compromise sensitive data, and inflict severe reputational damage, ultimately leading to significant financial losses. Anonymous Sudan's actions against SAS perfectly illustrate these threats.
The UK's National Cyber Security Centre (NCSC), a division of GCHQ, has advised operators of critical national infrastructure, including energy and telecom networks, to protect their systems from potential Chinese state-backed hackers. This warning follows the revelation that a Chinese hacking group, Volt Typhoon, targeted a US military outpost in the Pacific.
The Five Eyes intelligence alliance—consisting of the US, the UK, Australia, Canada, and New Zealand—issued a collective notice about the Volt Typhoon threat and provided guidance on its mitigation. Microsoft noted that the group, active since mid-2021, had targeted telecom infrastructure in Guam and various organisations across sectors in the US.
Paul Chichester, NCSC's Director of Operations, emphasised the importance of preventive measures against attackers infiltrating their systems and urged providers of vital UK services to adhere to the provided guidance.
One of Volt Typhoon's principal tactics involved exploiting their target's existing IT infrastructure, leaving detectable traces within the system.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.