Cyber Weekly Digest - Week #21
This week in cyber security showed that ransomware attacks are not slowing down, with a major attack on Ireland’s healthcare and an attack on insurance giant AXA. Keep reading to find out about the latest and biggest cyber security stories.
This week saw another disruptive ransomware attack, this time on Ireland’s Health Service Executive (HSE). The HSE took the precaution of shutting down its IT systems following the attack. The attackers responsible were the Conti gang, who were first spotted in 2019. This was the second time in the space of a week Irish healthcare had been attacked; last Thursday, the Irish Department of Health was hit by a similar attack. The HSE national clinical adviser said the attack is “affecting every aspect of patient care”, and the incident was a “major disaster”. Since then, the High Court of Ireland has issued an injunction against the Conti ransomware gang, demanding the stolen data be returned and not published or sold.
Another big ransomware story this week as AXA was hit by an Avaddon ransomware attack. AXA’s global websites also suffered a Distributed Denial of Service (DDoS) attack as a part of the incident. Interestingly the attack comes just a week after AXA announced they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France. The attack affected branches in Thailand, Malaysia, Hong Kong and the Philippines. However, AXA believes that only data from the Thailand branch was accessed.
Security researchers discovered that more than 100 million Android users are at risk after 23 mobile apps were found to leak personal data. The exposed data was the result of various cloud misconfigurations. Of the 23 apps analysed, almost half have over 10 million installations on Google Play. The data includes names, email addresses, dates of birth, chat messages, location, gender, passwords, photos, payment details, phone numbers, push notifications.
This week Monday.com announced that they were impacted by the Codecov supply-chain attack. Monday.com is an online workflow management platform with customers including Uber, Adobe and Coca-Cola. Monday.com found that unauthorised actors had gained access to a read-only copy of their source code. However, there is no evidence that the source code was tampered with, nor were any of its products affected.
The chief executive of Colonial Pipeline, Joseph Blount, has defended paying the ransomware gang who launched the attack on the company, calling it the “right thing to do for the country.”. Colonial Pipeline says it provides approximately 45% of the East Coast’s fuel, including gasoline, diesel, and military supplies. The public disclosure of the incident led to panic-buying in some cities across the US and a rise in gas prices. Paying ransoms is highly controversial; however, the chief executive authorised the payment due to the energy implications the attack could have on the US.
To Pay Or Not To Pay?
Read SentinelOne's whitepaper on paying ransoms and what your next steps should be.