Cyber Attacks and Data Breaches in Review: August 2022

Welcome to our latest monthly review of cyber attacks and data breaches. In August 2022, we found 112 publicly disclosed security incidents, accounting for 97 million breached records.

As ever, you can find the full list of security incidents on our sister site. In this blog, we look at the cyber security headlines across Europe.

Montenegrin government says it has been targeted by Russia

Montenegro’s security agency recently warned that it had come under attack from Russian-sponsored cyber criminals.

The country was formerly a strong Russian ally. However, tensions arose when Montenegro joined NATO in 2017 despite strong opposition from the Kremlin, and it has recently joined Western sanctions against Russia for its invasion of Ukraine.

Russia has, as a result, added Montenegro to its list of “enemy states”, so it’s easy to see why it would target the country’s government in a cyber attack.

Montenegro’s ANB (Agency for National Security) said the country is “under a hybrid war at the moment”.

Dusan Polovic, a government official, said: “I can say with certainty that this attack that Montenegro is experiencing these days comes directly from Russia.”

However, research from VX-Underground found that the Cuba Ransomware Team had taken credit for the attack. Although the group has links to Russian-speaking hackers, the researchers are sure that the criminal gang is not state-sponsored.

That doesn’t rule out the prospect of the attack being politically motivated. It could have been the work of independent, pro-Russian forces that want to support their country – although it’s just as likely that this was another indiscriminate attack against an easy target.

Either way, the attacks continue, with the US Embassy in Montenegro issuing a warning to Americans in the country, stating that the ongoing assaults could disrupt essential services.

“The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors,” it said.

Energy firm Encevo crippled by ransomware

Encevo became the latest energy giant to fall victim to ransomware last month after it was targeted by the cyber criminal gang BlackCat.

The Luxembourg-based conglomerate’s systems were disrupted for two weeks following the attack, although it confirmed that energy supplies were not affected.

According to a blog that the attackers posted on their dark web site, the ransomware gang claimed to have stolen 150GB of data, including contracts, agreements, passports, bills and emails.

The attack followed intrusions into two Encevo Group subsidiaries the previous week, with the electricity network and gas pipeline operator Cros and the energy supplier Enovos facing disruption to their customer-facing portals.

It later transpired that the attacker had exfiltrated data and rendered several computer systems inaccessible.

Twilio caught out by SMS phishing scam

The tech giant Twilio, which provides text message notification services, was recently caught out by an SMS phishing scam.

SMS phishing (or ‘smishing’) is a long-established technique among fraudsters. As with email phishing, fraudsters impersonate a legitimate company in a message that tricks the recipient into following a bogus link.

In this case, the criminal hackers masqueraded as the IT service management firm Okta (which, coincidentally, got caught out by a scam just like this in March). The text message told Twilio employees that they were required to log into their accounts again because their previous session had expired.

The SMS contained a link to a login page that faithfully recreated Okta’s legitimate site. At least one employee fell for the scam, handing over their credentials to the scammer.

Twilio provided an example of one of the fraudulent text messages.

The security breach was discovered four days later, on 8 August, by which time the fraudsters would have been able to exfiltrate vast amounts of sensitive information.

According to Twilio’s statement, the scammers had access to customers’ physical and IP addresses, payment card details, proof of identity and email addresses.

The organisation added that it was working with US mobile phone providers “to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down”.

It added that “the threat actors seemed to have sophisticated abilities to match employee names from sources with their phone numbers.”

Are you prepared for a cyber attack?

If you’re facing a cyber security disaster, IT Governance is here to help.

Our Emergency Cyber Incident Response Service provides the support you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.