In the third Cyber Weekly Digest of 2022, we dive into some of the biggest ransomware stories, including the attacks on Moncler and Bank Indonesia which came to light earlier this week. Keep reading to stay up to date on the latest cyber security stories from around the world.
Italian luxury fashion giant, Moncler, confirmed that they suffered a data breach after files were stolen by the AlphaV (BlackCat) ransomware operation in December. Data relating to Moncler employees, former employees, suppliers, consultants, business partners, and customers was leaked by AlphaV on Thursday. Moncler said they rejected to pay any ransom demand as it goes against its founding principles. Moncler Group is one of the first AlphaV (BlackCat) ransomware victims, a new Ransomware-as-a-Service (RaaS) operation which launched at the beginning of December 2021.
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Earlier in the week, SolarWinds patched the Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. Threat actors have previously abused Serv-U vulnerabilities to perform Conti ransomware attacks and other undisclosed attacks.
Crypto.com's CEO Kris Marszalek acknowledged that around 400 customer accounts were compromised following a recent attack suffered by the platform. Crypto.com had first detected the cyber incident via its risk monitoring systems on January 17th and quickly suspended withdrawals for 14 hours to initiate an investigation. In a Crypto.com statement, the total amount of unauthorized withdrawals across different cryptocurrencies appears to be approximately $34 million.
The International Committee of the Red Cross (ICRC) said it was hit with a cyberattack this week, which compromised the personal data of "more than 515,000 highly vulnerable people.". The ICRC has said the attack targeted servers hosting the information of people who have been separated from their families due to conflict, migration, and disaster as well as missing persons, their families, and people in detention. The threat actors targeted a Swiss company that the ICRC hires to store its data. The attack could put vulnerable people at further risk.
Bank Indonesia, the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. During the attack, threat actors stole "non-critical data" belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank's network. The Conti ransomware operation has claimed the attack after leaking some files allegedly stolen from Bank Indonesia's network.