Cyber Attacks and Data Breaches in Review: April 2022

Welcome to our latest monthly review of cyber attacks and data breaches. In April 2022, we found   80 publicly disclosed security incidents accounting for 14,329,785 breached records.

As ever, you can find the full list of security incidents on our sister site . In this blog, we take a closer look at the cyber threat landscape in Europe.

Finland’s Ministry of Defence targeted by criminal hackers

The Finnish government confirmed that it was targeted by cyber criminals on 4 April, as Ukrainian President Volodymyr Zelensky was speaking to the country’s parliament.

Finland’s Ministry of Defence tweeted that it would close down until further notice. Several hours later, the department came back online and confirmed that it had been targeted by a DDoS (distributed denial-of-service) campaign.

Unlike most cyber attacks, the goal of DDoS isn’t to break into an organisation’s systems or compromise sensitive information.

Attacks are instead designed to disrupt traffic to a target’s server, service or network by overwhelming it with traffic. Unable to cope with the requests, the system will be forced to shut down.

Most DDoS attacks are conducted to frustrate the victim. This is usually because the criminal hacker holds a grudge or, as was likely the case in this instance, they were politically motivated.

Moments before the attack, Finland announced that a Russian aircraft had potentially violated the country’s airspace.

It occurred as President Zelensky addressed the Finnish government regarding Russia’s invasion of Ukraine.

Finland, which like Ukraine isn’t a NATO member, has reportedly been reconsidering its stance on membership.

The decision is thought to have angered the Russian government, which previously threatened Finland and another non-NATO member, Sweden, if they attempted to join the alliance.

Whether the DDoS attack was state-sponsored or was related to the incident involving the Russian aircraft remains unclear.

Hetzner cuts to the chase in data breach compensation

After the German Cloud services provider Hetzner Online suffered a security failure last month, it took the unusual step of paying affected customers €20 in compensation.

In a letter to customers, Hetzner Online wrote: “While we know that [the financial reimbursement] will not bring back your data, we still hope that you will accept the gesture.”

At first glance, it’s a positive step. The organisation, which operates data centres in Germany and Finland, understands that data breaches have a material impact on customers, and is attempting to address the damage.

In this case, Hetzner Online lost photographs and other images stored on its database following a hardware failure.

It’s not uncommon for organisations to offer a form of reimbursement following a data security incident. The most common is complimentary credit monitoring to identify fraudulent activity that might have resulted from the data breach.

However, as security researchers have noted, credit monitoring services offer limited protection against fraud. They might help you spot when someone tries to open a line of credit under your name, but they won’t do anything to prevent unauthorised activity.

It therefore puts the burden on the individual to make sure that sensitive data hasn’t been misused.

But is €20 in compensation better? The nature of this incident means that credit monitoring isn’t necessary; the organisation suffered multiple hardware failures that wiped customers’ data.

Hetzner Online reportedly mitigated against hardware failure by ensuring that data was copied across three disks. Therefore, even if two disks failed, the organisation would still retain that information.

Unfortunately, one of its clusters in Nuremberg suffered three disk failures in quick succession.

With this in mind, it’s hard to pin too much blame on Hetzner Online, and with no risk of fraud resulting from the incident there is not much the organisation could do after the fact to protect customers.

Yet it’s hard to see how €20 would help. It’s a substantially smaller amount than an organisation would spend providing credit monitoring, and it is arguably not an appropriate sum considering the potential sentimental value of the lost data.

Customers losing sleep after data breach at mattress manufacturer Emma

The German-based mattress firm Emma Sleep Company confirmed last month that customers in 12 countries were affected by a Magecart attack.

Magecart is a group of criminal hacking gangs that use online skimming techniques to steal personal data from websites.

Emma Sleep Company notified customers of the incident in an email last week:

“This was a sophisticated, targeted cyber-attack on the checkout process on our website and personal information entered, including credit card data, may have been stolen, whether you completed your purchase or not.”

The attack was made possible thanks to a piece of malicious code that was inserted in online checkout pages, which would skim the customer’s payment card data from their browser.

Emma Sleep Company said that its security measures had been “circumvented in a technically advanced way by how the JavaScript code was implemented and loaded dynamically from the attacker’s server and through highly sophisticated evasion techniques to avoid detection”.

According to CEO Dennis Schmoltzi, the organisation “took immediate action to remove the threat and ensure the security of data”.

He added: “[We] launched a full investigation, and reported this to the relevant authorities, including the police. We also directly contacted all those customers who may have been affected.”

Are you prepared for a cyber attack?

If you find yourself facing a cyber security disaster, IT Governance is here to help.

Our Emergency Cyber Incident Response Service provides the support you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, help mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.