Cyber Weekly Digest - Week #22
In this week’s digest, we dive into the biggest cyber security stories, including a ransomware attack on audio giant Bose and the group behind the SolarWinds hack’s latest attack. Keep reading to find out the latest and biggest cyber security stories.
High-end audio maker Bose announced that they suffered a ransomware attack, which began in March. Bose has claimed they were able to conduct a successful incident response without paying the ransom demand. However, the attackers were able to access company data, including employee files. Dark Web monitoring had not shown any indication that the impacted employee’s data has been leaked or sold online yet.
On Wednesday, officials announced that attackers accessed the data of several Japanese agencies via Fujitsu’s “ProjectWEB” information sharing tool. By gaining unauthorized access to government systems via the tool, attackers could obtain at least 76,000 email addresses and proprietary information, including the email system settings. Since Wednesday, Fujitsu suspended its ProjectWEB portal while the attack is investigated. It is not yet clear if the incident is the result of a vulnerability exploit or a targeted supply-chain attack.
This week Canada Post confirms a data breach following a third-party supplier ransomware attack. Canada Post is the primary postal operator in Canada, serving 16.5 million Canadian residential and business addresses. Canada Post disclosed that a third-party supplier named Commport Communications suffered a ransomware attack, affecting 44 Canada Post commercial customers and 950,000 receiving customers. They do not believe that any financial information was breached.
Authorities seized “The Parallel World” marketplace this week in an operation conducted by the French National Directorate of Intelligence and Customs Investigations. This is the third dark web marketplace dismantled over the past four years. The site administrators were arrested, and the marketplace’s activities were disrupted. According to French investigators, threat actors used the site to sell carding data, narcotics, forged documents, and weapons. Authorities intend to investigate the seized data and charge the site’s users.
This week Microsoft has released a warning of Russian-backed group, Nobelium, who conducted a phishing campaign impersonating USAID. Nobelium is best known for the SolarWinds supply-chain hack. The Nobelium group have been able to take control of the account used by USAID on the email marketing platform “Constant Contact”. The attackers conducted a phishing campaign targeting 3,000 accounts, including government agencies and think tanks.