Greek Natural Gas Operator Suffers Data Breach

Another critical infrastructure, another cyber attack. This time Greece.

Greece's largest natural gas distributor is attacked on August 20th, 2022.

It was a limited attack but some files and data was allegedly possibly leaked. And the company rejected to pay any ransom payment. (Brave behaviour.)

Yes. It was Greece this time but it can be another EU country next time. Winter is coming. So more attention is needed.

Critical infrastructures are really critical.

https://www.bleepingcomputer.com/news/security/greek-natural-gas-operator-suffers-ransomware-related-data-breach/

"Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack.

In a public statement shared with local news outlets on Saturday, DESFA explained that hackers attempted to infiltrate its network but were thwarted by the quick response of its IT team.

However, some files and data were accessed and possibly 'leaked,' so there was a network intrusion, even if limited."

"Finally, DESFA declares an unwavering stance against communicating with cyber criminals, so there will be no negotiation of a ransom payment."

"The confirmation of the attack comes after data was leaked on Friday by the Ragnar Locker ransomware operation, a threat actor that began operations over two years ago and has had numerous high-profile attacks in 2021.

Ragnar Locker remains active in 2022, even if its volumes have dropped compared to the past. A recent FBI report linked Ragnar Locker to 52 network intrusions in critical U.S. infrastructure entities as of January 2022."

"This attack comes at a tough time for gas suppliers in Europe, as all countries in the continent decided to abruptly cut their dependence on Russian natural gas, which inevitably created problems."

Ransomware Attack on UK Water Company by Cl0p

Another ransomware attack, another critical infrastructure. The victim is from UK this time and it doesn't mean that the next victim won't be in the country you are living in.

A water company in UK was compromised by a ransomware gang.

It seems that ransomware attacks on critical infrastructures will continue increasingly until it is understood that critical infrastructures are really CRITICAL.

https://www.theregister.com/2022/08/18/clop_ransomware_uk_water/

https://www.thameswater.co.uk/network-latest/cyber-hoax

https://www.south-staffs-water.co.uk/news/important-statement

https://threatpost.com/water-supplier-hit-clop-ransomware/180422/

"A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim.

Clop, a prolific Russian-speaking gang known for extorting industrial organizations, claimed on its website that it had broken into and stolen data from Thames Water – which supplies water to about 15 million people, including those in the capital, London.

The cybercriminals said that after negotiations with the water company broke down, they published a raft of stolen documents, from passport scans and driver's licenses to screenshots of software user interfaces. They claimed to have more than 5TB of data taken from the victim organization, as well as access to some SCADA systems.

They also taunted Thames Water, writing they had spent months inside the company's network and that it had 'very bad holes in their systems.'"

"The company admitted that its corporate IT network was disrupted and that it is working with government and regulatory agencies to investigate the intrusion.

Within a couple of days, Clop updated its website, saying it was South Staffordshire that it attacked, and not Thames."

"Chris Vaughan, area vice president of technical account management for EMEA for Tanium, noted the increasing attacks on utilities and other critical infrastructure.

"'This is a trend which, unfortunately, I expect to continue,' Vaughn told The Register in an email. 'It's also a worrying reflection of the rapidly growing ransomware market, with major incidents being reported regularly. These attacks are growing in sophistication, and criminal gangs are becoming more targeted in their approach and increasing the huge sums of money that they are demanding.'

Clop has been an active ransomware group over the past several years. According to a report earlier this year by Trend Micro, the malware evolved from a variant of the CryptoMix ransomware family and was first tagged with the Cl0p name in 2019..."

"A year ago, six suspected members of the gang were arrested in Ukraine. Trend Micro noted reports that only parts of the ransomware group's operations were disrupted, including the server infrastructure used by affiliates and channels needed for laundering cryptocurrency-based ransom payments.

The cybersecurity firm estimated that through November 2021, the Clop group had pulled in $500 million."

Amazon Ring Gave Video Footage to Cops Without Consent or Warrant

What would you think if a company would access your door camera footages without your consent? But (allegedly) for good purposes of course. i.e. to save a life or catch a criminal or, or...

Well this is not a fictional scenario from a movie or a series but a reality which happened in the real life. Amazon shared the door camera footages with the police without a judge refarral or without the consent of the owners 11 times in 2022. For good(!) of course. (Well they claimed so.)

Yeah. Big brother can watch us (or is still watching us) but no worries. It's for your good(!)

Here, another unending "privacy vs. security" story. This time from real life.

https://www.theregister.com/2022/07/14/amazon_gave_police_unauthorized_doorbell/

#privacy #ring #amazon

"Amazon's home security wing Ring turned over footage to US law enforcement without permission from the devices' owners and seemingly without a warrant 11 times so far in 2022.

Though the internet giant has a policy that police generally cannot view recordings without owners' consent, that safeguard can be overridden with court orders and emergency requests – and it was through 11 emergency requests that Amazon gave the cops people's video data, without permission and no indication of a warrant. What constitutes an emergency request is left up to Ring itself, too.

'In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay,' Amazon's vice president of public policy Brian Huseman told Senator Ed Markey (D-MA) in a written response to a list of surveillance-practice related questions submitted in June (2022)."

(Here is the PDF: https://www.markey.senate.gov/imo/media/doc/amazon_response_to_senator_markey-july_13_2022.pdf)

"'Recent research indicates that in addition to capturing troves of video recordings, Ring products also surveil the public by capturing vast amounts of audio recordings,' said Markey in a letter to Amazon CEO Andrew Jassy, who in turn noted that Ring did not currently offer voice recognition.

Ring doorbells are motion activated and do record audio up to 20 feet (about 6 meters) away, a distance which could potentially encroach into a neighbor's property or the street. Other doorbells can detect audio even further.

Markey's concerns include where the technology is eventually going. He offered the following tweet after publishing Amazon's letter online:

https://twitter.com/SenMarkey/status/1547276418425536519?s=20&t=0PILEVc5PN2ne7UILHGJkQ "

"According to Markey, who helped introduce the bill, it 'responds to reports that hundreds of local, state, and federal entities, including law enforcement agencies, have used unregulated facial recognition technologies and research showing that that roughly half of US adults are already in facial recognition databases.'"

Ransomware by Maastricht University

DO take actions against ransomware. Otherwise you will lose money or maybe more.

Cybersecurity is not a game. Cyber attacks are for REAL. They can really hurt you and they can cost you too much.

https://www.bleepingcomputer.com/news/security/maastricht-university-wound-up-earning-money-from-its-ransom-payment/

"Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it had recovered the ransom paid after a ransomware attack that hit its network in December 2019.

After a thorough investigation of the incident, the attack was linked by cybersecurity company Fox-IT with a financially motivated hacker group tracked as TA505 (or SectorJ04), known for primarily targeting retail and financial organizations since at least Q3 2014.

The hackers infiltrated the university's systems via phishing e-mails in mid-October and deployed Clop ransomware payloads on 267 Windows systems on December 23, after moving laterally through the network.

One week later, on December 30, the university decided to pay the ransom to have its files decrypted after deciding that rebuilding all infected systems from scratch or creating a decryptor were not viable options.

UM said at the time that it paid a 30 bitcoin ransom (roughly €200,000 at the time) for the ransomware decryptor, which allowed the university to avoid delaying exams and losing all the research, educational, and staff data, as well as info on salary payments for approximately 4,500 employees."

"However, as UM recently revealed, in a 'remarkable development,' the Netherlands Public Prosecution Service traced and seized a wallet containing the cryptocurrency paid by the university as ransom in 2019."

North Korean Ransomware: Maui

If they attack the HPH (Health and Public health) organizations in USA then it is for sure that they attack the HPH organizations in EU too.

Actions have to be taken against.

CISA (Cybersecurity & Infrastructure Security Agency) publishes some warnings and guidelines against this threat in their websites. But what about EU?

https://www.bleepingcomputer.com/news/security/us-govt-warns-of-maui-ransomware-attacks-against-healthcare-orgs/

https://www.cisa.gov/uscert/ncas/alerts/aa22-187a

"The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations.

Starting in May 2021, the FBI has responded to and detected multiple Maui ransomware attacks impacting HPH Sector orgs across the U.S.

'North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services,' the federal agencies revealed."

"Maui also stands out compared to other ransomware strains by not dropping a ransom note on encrypted systems to provide victims with data recovery instructions."