[Security Weekly] Cyberattack at Red Cross Compromises Personal Record of 515,000 Vulnerable People
February 2022, Issue I
1. Cyberattack at Red Cross compromises personal record of 515,000 vulnerable people
The International Committee of the Red Cross (ICRC) disclosed on January 19 that the personal information of 515,000 “highly vulnerable” people was exposed in a cyberattack at a third-party data storage vendor in Switzerland.
The third-party vendor stores data collected from ICRC bodies in over 60 countries. It appeared that the hackers specifically targeted ICRC data, and in particular, those from a program called “Restoring Family Links”, which helps reconnect families separated from political and civil unrest, forced migration, and natural disasters. Compromised data contained the names, locations, and contact details of these individuals, as well as the personal information of over 2,000 employees.
The ICRC said that it was forced to shut off its IT systems for the program. Even though it was not a ransomware attack, the ICRC said it was willing to talk to the attackers to prevent the data from getting into the hands of nation states and criminals.
Sources: Threatpost, Infosecurity, CNN
2. British snack producer KP Snacks halts operations after hit by Conti ransomware
KP Snacks, a British-based producer of potato chips and nut-based snacks, suffered a serious attack by the Conti ransomware gang on January 28, causing it to shut down operations across the UK.
KP Snacks’ internal network was compromised, which contained the personal data of employees and confidential business files. Soon after the attack, the Conti ransomware operators posted samples of the stolen data on its leak site, threatening to leak the rest of the data if no settlement is made by February 6.
It is unclear whether negotiations are being made at this point. However, KP Snacks told retailers that it is currently unable to process orders and dispatch products. New orders will not be accepted for at least a few weeks, possibly into the end of March. Current orders will be evenly distributed throughout the country.
The Conti ransomware gang has been highly active recently, compromising a number of high-profile targets including Indonesia’s central bank.
Sources: ZDNet, Bleeping Computer
3. Global Affairs Canada faces service disruptions after cyberattack
Global Affairs Canada (GAC), Canada’s federal agency for foreign relations and international trade, reported a cyberattack on January 19.
Although most critical services remained functional, some internet-based services faced disruptions. Many embassies abroad were unable to access their IT network and business emails for several hours.
A day after the attack, the government issued an advisory to critical infrastructure operators on potential cyberattacks from Russia. However, it was later clarified that the advisory was unrelated to this incident and that GAC was not yet able to attribute the attack to any particular attacker or nation state.
Sources: Infosecurity, CBC, National Post
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security