Menu Close

Cyber Monitoring #4 (September 2022)

Ransomware cyberattack at Corbière-Essonne Hospital claimed by the Lockbit ransomware group

On August 22, the Centre Hospitalier Sud Francilien located in Essonne (91) in France was targeted by a ransomware cyberattack that blocked the hospital’s computer network, encrypting and stealing part of the data and requesting a ransom of 10 million euros in exchange for the decryption key. France maintained its doctrine and refused to pay the ransom. Lockbit, the russian-speaking cyber criminal group which claimed to be behind the attack, published on September 23 a file containing patient data and confidential documents from the hospital’s computer system. Unfortunately, this data could now be resold and reused in phishing campaigns to mislead individuals. Lockbit belongs to the most dangerous/active ransomware operators of the moment, having claimed over 203 victims on its leaksite available on the Dark Web.
The Minister of Health denounced this act that he described as “terrorist” since unstable patients had to be transfered to other hospitals. He announced that a budget of almost 200 million euros will soon be allocated to strengthen the security of hospital information systems.

Insurance reimbursement of ransom paid to hackers to be implemented 

On September 7, the French Ministry of Economy declared to be in favor of allowing insurance companies to compensate ransom payments to hackers in the event of ransomware attacks. This decision was a surprise for many, since the French government appears to be breaking with its dictum not to pay ransoms. Some fear that the number of ransomware cyberattacks will now multiply and that financial investments on the securitisation of the companies’ and institutions’ computer systems will be reduced. On the other hand, the Ministry of Economy said that the ambiguity surrounding this issue needed clarification and that this decision is aimed to protect small companies that contribute to the dynamism of the French economy : without regaining access to their data, 60% of SMEs have to stop their activity in the months following a cyberattack. 

Albania suffers a second cyber-attack days after cutting diplomatic ties with Tehran 

Since late July, politically motivated disruptive operations emanating from Iranian threat actors have targeted Albania. These tensions come from the ambiguous positioning of the Albanian government towards exiled opposition members from Iran willing to overthrow the Iranian Islamic Republic. Since the begining of September, Albania severed diplomatic ties with Iran, after Microsoft researchers discoveredmore than 15 different cyberattacks launched by Iranian proxy groups against government websites and infrastructure. US authorities have also confirmed the attacks and the attribution to Iran, adding that they were helping Albania to recover from this latest attack. Iran denied any involvement and declared the measures baseless.

Iranian governmental websites’ taken down by Anonymous after the death of Mahsa Amini

Following the wave of protests arouse after the death of a Kurdish woman by the morality police, Anonymous launched Oplran, an operation that involves the hack of several governmental websites, including those belonging to the intelligence and police. The group’s war on Iran implies strategic DDoS attacks against the governmental website to steal and leak data. In reaction to the Internet shut down imposed by the Iranian government on September 21, Anonymous replied in a Tweeter post: “Dear Iran, you shut down internet. We’ll shut you down.”

A new law to access encrypted messages has been proposed by the Indian Government

New Delhi’s government has deposed a draft for a new law allowing the interception of encrypted messages on apps such WhatsApp, Signal and Telegram. If the law passes, end-to-end encryption on internet-based communication services (including OTT ones) will be limited, posing serious privacy concerns

Montenegro government targeted by Russian ransomware group

The Montenegrin government was targeted by a cyberattack on the 20th of August, impacting many online government services as well as Montenegro’s vital infrastructures such as banking, water, and electricity power systems.  This attack is unprecedented in its intensity as well as its length (20 days).
Montenegro has been the target of regular cyberattacks following Russia’s invasion of Ukraine in the last months. According to local news, Montenegro’s National Security Agency, with the help of the US government, has linked the attack to Russia and a specific criminal group using Cuba ransomware and which reportedly created a malware (Zerodate) in order to infect the government services and infrastructures. It is still difficult to obtain precise information on the extent of the data theft, however, no request for ransom has been publicized.

New type of ransomware attack against the Chilean government

Sernac, Chile’s National Consumer Service dealing with the protection of consumer rights has fallen victim of a ransomware at the end of August. This attack targeted Windows and WMware ESXi servers and thus encrypting files on compromised systems. It appears as a completely new strain of ransomware targeting servers running Linux. The ransomware operators used double extortion by encrypting the victim’s files (changing them to “.crypt”) as well as threatening to release stolen data if money wasn’t provided in the next three days. This incident comes in a context of a growing number of cyberattacks against Latin American governments such as Argentina, Costa Rica and the Dominican Republic.

Apple’s new security feature makes passwords obsolete

Apple introduced a new security feature for its phone users – passkeys. This technology made its way into iOS 16 in mid-September, after being first announced in June 2022. It will also be introduced in MacOS Ventura, coming out next month. Instead of using a combination of characters, a passkey prompts the device to perform a biometric check, be it via Touch ID or Face ID. To log in on another device, one needs to use their primary device to authenticate the login attempt – performing a two-step authentication, just without any ****** or SMS codes. 
This login technology is considered a more secure alternative to easily-cracked passwords created by the user themselves. It technically renders any credential leaks or phishing attempts – at least in the form that we know them – impossible. While the world without passwords does sound promising, questions remain as to the passkeys’ utility. Until more companies introduce the technology into their products and websites, crosskeys will have limited use outside the Apple environment. This poses a problem of cross-platform authentication, as it might be difficult to log in on a Windows device on a site that we signed up on using our iPhone.

European Commission proposes its Cyber Resilience Act

On September 15th, 2022, the European Commission proposed a legislation called the Cyber Resilience Act. The act regulates digital devices, while enforcing stricter standards for devices that could formulate a threat to cybersecurity. If the legislation is passed in front of the Parliament, all digital products that are sold in European markets will have to meet a range of standards regarding their design and production. The manufacturers of digital products will be held responsible, and would be subject to pay fines if standards are not met. The Cyber Resilience Act signifies the rising importance of cybersecurity as it aims to protect Europe from cyber threats. As the issue of cybersecurity becomes more salient than ever, the Cyber Resilience Act is a sign that governments around the world are actively forming normative rules in the field.