Tuesday, August 23, 2022

Greek Natural Gas Operator Suffers Data Breach

Another critical infrastructure, another cyber attack. This time Greece.

Greece's largest natural gas distributor is attacked on August 20th, 2022.


It was a limited attack but some files and data was allegedly possibly leaked. And the company rejected to pay any ransom payment. (Brave behaviour.)


Yes. It was Greece this time but it can be another EU country next time. Winter is coming. So more attention is needed.


Critical infrastructures are really critical.


https://www.bleepingcomputer.com/news/security/greek-natural-gas-operator-suffers-ransomware-related-data-breach/


"Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack.


In a public statement shared with local news outlets on Saturday, DESFA explained that hackers attempted to infiltrate its network but were thwarted by the quick response of its IT team.


However, some files and data were accessed and possibly 'leaked,' so there was a network intrusion, even if limited."


"Finally, DESFA declares an unwavering stance against communicating with cyber criminals, so there will be no negotiation of a ransom payment."


"The confirmation of the attack comes after data was leaked on Friday by the Ragnar Locker ransomware operation, a threat actor that began operations over two years ago and has had numerous high-profile attacks in 2021.


Ragnar Locker remains active in 2022, even if its volumes have dropped compared to the past. A recent FBI report linked Ragnar Locker to 52 network intrusions in critical U.S. infrastructure entities as of January 2022."


"This attack comes at a tough time for gas suppliers in Europe, as all countries in the continent decided to abruptly cut their dependence on Russian natural gas, which inevitably created problems."

Saturday, August 20, 2022

Ransomware Attack on UK Water Company by Cl0p

Another ransomware attack, another critical infrastructure. The victim is from UK this time and it doesn't mean that the next victim won't be in the country you are living in.

A water company in UK was compromised by a ransomware gang.


It seems that ransomware attacks on critical infrastructures will continue increasingly until it is understood that critical infrastructures are really CRITICAL.


https://www.theregister.com/2022/08/18/clop_ransomware_uk_water/


https://www.thameswater.co.uk/network-latest/cyber-hoax

https://www.south-staffs-water.co.uk/news/important-statement

https://threatpost.com/water-supplier-hit-clop-ransomware/180422/


"A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.


Clop, a prolific Russian-speaking gang known for extorting industrial organizations, claimed on its website that it had broken into and stolen data from Thames Water – which supplies water to about 15 million people, including those in the capital, London.


The cybercriminals said that after negotiations with the water company broke down, they published a raft of stolen documents, from passport scans and driver's licenses to screenshots of software user interfaces. They claimed to have more than 5TB of data taken from the victim organization, as well as access to some SCADA systems.


They also taunted Thames Water, writing they had spent months inside the company's network and that it had 'very bad holes in their systems.'"


"The company admitted that its corporate IT network was disrupted and that it is working with government and regulatory agencies to investigate the intrusion.


Within a couple of days, Clop updated its website, saying it was South Staffordshire that it attacked, and not Thames."


"Chris Vaughan, area vice president of technical account management for EMEA for Tanium, noted the increasing attacks on utilities and other critical infrastructure.


"'This is a trend which, unfortunately, I expect to continue,' Vaughn told The Register in an email. 'It's also a worrying reflection of the rapidly growing ransomware market, with major incidents being reported regularly. These attacks are growing in sophistication, and criminal gangs are becoming more targeted in their approach and increasing the huge sums of money that they are demanding.'


Clop has been an active ransomware group over the past several years. According to a report earlier this year by Trend Micro, the malware evolved from a variant of the CryptoMix ransomware family and was first tagged with the Cl0p name in 2019..."


"A year ago, six suspected members of the gang were arrested in Ukraine. Trend Micro noted reports that only parts of the ransomware group's operations were disrupted, including the server infrastructure used by affiliates and channels needed for laundering cryptocurrency-based ransom payments.


The cybersecurity firm estimated that through November 2021, the Clop group had pulled in $500 million."