Cyber Weekly Digest - 2022 Week #24


Take a look at this week’s Cyber Weekly Digest and read about the biggest cyber security news including an extortion ransomware attack on Africa’s largest supermarket chain and the Hacktivist group targeting the Indian Government. Keep reading to stay up to date on the latest news from around the world.


1. The largest supermarket chain in Africa has been hit by a ransomware attack.

Shoprite, Africa's largest supermarket chain which operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. The company disclosed that they suffered a security incident, warning customers in Eswatini, Namibia, and Zambia, that their personal information might have been compromised due to a cyberattack. The threat actor RansomHouse has claimed responsibility for the attack after posting an evidence sample of 600GB of data it claims it stole from the retailer during the attack. RansomHouse states they attack their victims due to poor security practices and inadequate protection.


2. A Hacktivist group has launched a wave of attacks on the Indian Government.

DragonForce Malaysia, a hacktivist group supporting the Palestinian cause, has launched a wave of attacks on India. The attacks are in response to a controversial comment made by a Hindu political spokesperson about the Prophet Mohammed. The group claims to have used DDoS to perform “numerous defacements across India”. The group also “claimed to have breached and leaked data from various government agencies, financial institutions, universities, service providers, and several other Indian databases.” Researchers also noted that other hacktivist groups have been defacing multiple websites across India.


3. Cloudflare says it mitigated a record-breaking HTTPS DDoS attack.

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. The threat actor behind the attack likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker IoT devices from compromised Residential Internet Service Providers. The botnet used in this month's record-high 26 million rps DDoS attack generated over 212 million HTTPS requests within 30 seconds via requests from more than 1,500 networks in 121 countries worldwide.


4. The BlackCat ransomware gang are targeting unpatched Microsoft Exchange servers.

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. In at least one incident Microsoft observed, the attackers slowly moved through the victim's network, stealing credentials and exfiltrating information to be used for double extortion. Microsoft has not stated which Exchange vulnerability is being used for initial access. The BlackCat ransomware group also announced this week that they had created a dedicated website that allows the customers and employees of their victims to check if their data was stolen in an attack, to increase the pressure on victims.


5. Kaiser Permanente exposes nearly 70K medical records in a data breach.

Kaiser Permanente announced this week they had suffered a data breach due to an email compromise in April that potentially exposed the medical records of nearly 70,000 patients. Attackers gained access to the emails of an employee and maintained access for several hours until Kaiser terminated the activity and prompted an investigation. Kaiser has said it has no evidence of “identity theft or misuse of protected health information” as a result of the breach.



19 views