Cyber Weekly Digest - Week #21

This week in cyber security showed that ransomware attacks are not slowing down, with a major attack on Ireland’s healthcare and an attack on insurance giant AXA. Keep reading to find out about the latest and biggest cyber security stories.

1. Ireland’s health services severely disrupted following a ransomware attack.

This week saw another disruptive ransomware attack, this time on Ireland’s Health Service Executive (HSE). The HSE took the precaution of shutting down its IT systems following the attack. The attackers responsible were the Conti gang, who were first spotted in 2019. This was the second time in the space of a week Irish healthcare had been attacked; last Thursday, the Irish Department of Health was hit by a similar attack. The HSE national clinical adviser said the attack is “affecting every aspect of patient care”, and the incident was a “major disaster”. Since then, the High Court of Ireland has issued an injunction against the Conti ransomware gang, demanding the stolen data be returned and not published or sold.

2. Insurer AXA suffered a ransomware attack affecting its branches in Asia.

Another big ransomware story this week as AXA was hit by an Avaddon ransomware attack. AXA’s global websites also suffered a Distributed Denial of Service (DDoS) attack as a part of the incident. Interestingly the attack comes just a week after AXA announced they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France. The attack affected branches in Thailand, Malaysia, Hong Kong and the Philippines. However, AXA believes that only data from the Thailand branch was accessed.

3. Data of more than 100 million Android users has been exposed due to misconfigurations in cloud services.

Security researchers discovered that more than 100 million Android users are at risk after 23 mobile apps were found to leak personal data. The exposed data was the result of various cloud misconfigurations. Of the 23 apps analysed, almost half have over 10 million installations on Google Play. The data includes names, email addresses, dates of birth, chat messages, location, gender, passwords, photos, payment details, phone numbers, push notifications.