As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a comprehensive overview of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 52, 2023
1 – Kyivstar, the largest mobile and internet provider in Ukraine, provides mobile services to 26 million citizens and internet services to 1.1 million subscribers, in addition to businesses and government services.
An attack group called Solntsepyok, whose name has been linked to the government in Russia, claimed responsibility for the cyber attack, posting on Telegram photos from Kyivstar’s network and claiming to have destroyed 10,000 computers and 4,000 servers.
The CEO of the Kyivstar company claims that the attack was successful after accessing the identification data of one of the employees.
Following the attack, the company’s services were widely shut down, most Ukrainian citizens were cut off from cellular services, including making calls and sending messages. Internet services were shut down for hundreds of thousands of households and businesses. In parts of the country, the alarm systems against air attacks stopped working. Many stores did not accept credit card transactions. ATMs stopped working. Street lighting shutdown in parts of the country.
2 – The attack group Rhysida Toent that broke into the game development company Insomniac Games and demands a ransom of 50 bitcoins (~2 million dollars)
It is about the person who is responsible for the development of the Spider-Man game and other games.
The Rhysida Group publishes examples of sensitive documents it stole from the company’s network and sets a deadline of another 5 days for the payment of the ransom.
3 – Due to an anti-Israeli cyber attack, the water supply in Erris in Ireland was stopped for a day.
In this case too, like the water, the attack was carried out in code against the controllers of the Israeli Unitronics company. The local water company uses these controllers as the water pumps.
The attack on the water supply of about 180 families who remained without water during the day.
4 – The GRTC company, which provides public transportation services in Virginia, reports that it suffered a cyber attack.
The company claims that the decision was made about two weeks ago and as a result some of the company’s systems were shut down.
The Play attack group took responsibility for the attack this week.
5 – US nuclear research lab data breach affects 45,000 people
Ido National Laboratory (INL) confirmed that attackers stole personal information of more than 45,000 people after hacking its cloud-based Oracle HCM human resources management platform last week.
INL is one of 17 national laboratories of the Department of Energy (DOE), offering 6,100 research and support staff engaged in national security and nuclear research.
On Nov. 20, it confirmed a “cybersecurity data breach” that affected its off-site Oracle HCM system a day earlier. CISA and the FBI are examining its impact as part of an ongoing joint investigation.
6 – 10,000 people’s data was stolen in the leak of the genetic testing company Asper Biogene
Personal and health data belonging to about 10,000 people were illegally downloaded from the Asper Biogene genetic testing database, the regulator’s office said Thursday.
An investigation by the Southern District Criminal Bureau found no evidence at the time. The Safety Inspection (Andmekaitse Inspektsioon) also started an inspection procedure against a laboratory.
Asper Biogene, which specializes in the diagnosis of hereditary drugs, alerted the police, the State Systems Agency (Riigi Infosüsteimi Amet), and the data protection supervision on November 11.
7 – The Swiss District Court “Victim of a Cyber Attack”
The Swiss District Court declared on Tuesday that he was a “victim of a cyber attack”.
The court, in the German-speaking district of March in central Switzerland, serves a population of about 45,000 people.
The nature of the gift was not revealed, although the limited description on the court’s website indicates that it may be a ransom attack.
It is not clear when IT will be available again, but it could take a few days,” the website said.
Court phone lines are currently disconnected, however scheduled court hearings are expected to go ahead as scheduled.
https://therecord.media/district-court-switzerland-cyberattack?&web_view=true
8 – The largest taxi application in Dubai reveals more than 220 thousand users
The Dubai Taxi Company (DTC) app, which provides taxi, limousine and other transportation services, has left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of the Dubai Roads and Transport Authority, leaked more than 197,000 app users and nearly 23,000 drivers were exposed.
The company claims to command 44% of Dubai’s market share by the size of its taxi fleet, making it the largest service provider in the UAE’s most populous city. DTC says it operates over 7,000 vehicles and has an active workforce of 14,000 driver associates.
The exposed data was stored in an open MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large chunks of information. The DTC app has more than 100,000 downloads on the Google Play Store.
https://securityaffairs.com/155695/security/dubai-taxi-company-data-leak.html
9 – Toyota warns customers against a data breach that exposes personal and financial information
Toyota Financial Services (TFS) is warning customers that it has suffered a data breach, stating that sensitive personal and financial data was exposed in the attack.
Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing vehicle financing to its customers.
Last month, the company confirmed that it had detected unauthorized access to some of its systems in Europe and Africa, following a Medusa ransomware claim for successfully breaching a division of the Japanese automaker.
10 – Cold storage giant Americold discloses a data breach after a malware attack in April
Cold storage and logistics giant Americold confirmed that over 129,000 employees had their personal information stolen in an attack in April that was later claimed by Cactus ransomware.
Americold employs 17,000 people worldwide and operates more than 24 temperature-controlled warehouses throughout North America, Europe, Asia-Pacific and South America.
The April network breach led to an outage that affected the company’s operations after Americold forced it to shut down its IT network to contain the breach and “rebuild the affected systems.”
11 – Virginia’s Central Transportation System is affected by a cyber incident
The organization that manages the transportation system for central Virginia faced computer network disruption due to a cyber attack around Thanksgiving.
The Greater Richmond Transit Company (GRTC) provides bus and specialty transit services to millions of people throughout Richmond, Chesterfield, and Henrico counties.
According to the spokesperson, around Thanksgiving they experienced a network outage that “temporarily affected certain applications and portions of the GRTC network.”
“In response, our IT team quickly discovered and restored our computer network. GRTC also engaged third-party computer experts to investigate the nature and scope of the incident,” the spokesperson said.
“All services are now operating as planned and GRTC does not expect any further disruptions to riders at this time.”
The spokesperson refused to answer further questions about whether this was a ransomware attack or whether data was stolen during the incident.
12 – The Play ransomware gang took credit for the attack, publicizing the organization on its leak site on Thursday.
The group gave GRTC until December 13 to pay the as-yet-unknown ransom.
https://therecord.media/central-va-transit-system-cyberattack?&web_view=true
The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.