Weekly Cybersecurity Report | Week 38, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 38, 2024

Information security updates and events from the past week 

1 – Music from backups – The German radio station Geretsried suffers from a ransomware attack during which the attackers viewed all the music files on the station. 

Following the attack, they claimed on the radio that they are forced to play music from tapes/discs that were kept as backups and that the current situation will continue in the coming days. 

According to them, this is a Russian attack group 

2 – A Cybersecurity DDoS attack briefly disrupted the activity of the stock exchange and a large bank in Taiwan. 

A group of Russian hackers briefly disrupted the operations of important financial platforms in Taiwan, including the stock exchange and the website of Mega Financial Holding Bank, an attack that exposed Taiwan’s vulnerability to foreign cyberattacks. 

Two organizations referred to in Telegram as “NoName057” and “RipperSec” attacked the sites in a distributed denial of service (DDoS) attack. The attack caused problems connecting to the platforms yesterday (Thursday) afternoon, according to a statement published by the Ministry of Digital Affairs in Taiwan. During the attack, the operator of the stock exchange noticed requests from internet protocol addresses abroad in a quantity several times greater than usual, according to what the stock exchange provided to Bloomberg. Today, the sites were operating as usual. 

3 – RansomHub ransomware group released 487 gigabytes of data it allegedly stole from motorcycle manufacturer Kawasaki Motors Europe (KME). 

The company says it has been able to restore over 90% of server functionality and resume normal business “for merchants, business administration and third-party providers such as logistics companies.” 

While the motorcycle maker did not say what type of cyber-attack it fell victim to, the RansomHub ransomware gang has already added Kawasaki to the leak site. 

The group claimed to have extracted 487 gigabytes of data from KME and threatened to release the allegedly stolen information publicly if the ransom was not paid. 

The RansomHub ransomware gang has claimed over 210 victims since the beginning of the year. 

https://therecord.media/kawasaki-europe-cyberattack-operations-restored 

4 – The Hunters Ransomware group announces that it hacked the London branch of ICBC, the Industrial and Commercial Bank of China and stole 6.6 terabytes of data. 

It is about a little more than 5.2 million files, and a very big danger for the bank’s customers 

The group threatens to publish data if their demands are not met by September 13, 2024 

5 – The Port of Seattle was hit by Rhysida ransomware in the August cybersecurity attack 

The United States government agency that oversees the Seattle Seaport and Airport confirmed Friday that the Rhysida ransomware operation was behind a cyber-attack that affected the Port of Seattle over the past three weeks. 

The agency disclosed on August 24 that the attack forced it to isolate some of its critical systems to contain the impact. The resulting IT outage disrupted reservation check-in systems and delayed flights at Seattle-Tacoma International Airport. 

Today, three weeks after the initial disclosure, the port officially confirmed that the August hack was a ransomware attack coordinated by Rhysida. 

 

The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.