In the third Cyber Weekly Digest of 2022, we dive into some of the biggest ransomware stories, including the attacks on Moncler and Bank Indonesia which came to light earlier this week. Keep reading to stay up to date on the latest cyber security stories from around the world.
Italian luxury fashion giant, Moncler, confirmed that they suffered a data breach after files were stolen by the AlphaV (BlackCat) ransomware operation in December. Data relating to Moncler employees, former employees, suppliers, consultants, business partners, and customers was leaked by AlphaV on Thursday. Moncler said they rejected to pay any ransom demand as it goes against its founding principles. Moncler Group is one of the first AlphaV (BlackCat) ransomware victims, a new Ransomware-as-a-Service (RaaS) operation which launched at the beginning of December 2021.
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Earlier in the week, SolarWinds patched the Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. Threat actors have previously abused Serv-U vulnerabilities to perform Conti ransomware attacks and other undisclosed attacks.