Cyber Attacks and Data Breaches in Review: February 2022

Welcome to our latest review of cyber attacks and data breaches. In February 2022, we found 83 publicly disclosed security incidents accounting for 5,127,241 breached records.

As ever, you can find the full list of security incidents on our sister site. In this blog, we take a closer look at the cyber threat landscape in Europe.

Ukrainian websites hacked as Russia launches invasion

Ukraine was hit by a wave of DDoS (distributed denial-of-service) attacks last week, crippling the country’s banks and several government departments.

The move came hours before Vladimir Putin announced a full-scale invasion of Ukraine, demonstrating the ways that cyber warfare can be used to support hard power.

The Ukrainian military was also affected, although a researcher told BBC News that it has “seen a more rapid recovery, likely due to preparedness and increased capacity to implement mitigations.

This is the latest act of cyber aggression from Russia, after the country was accused in January of instigating a similar attack.

Suspected nation-state attackers hacked the Ukrainian Ministry of Foreign Affairs and the Education Ministry, defacing their websites and displaying the message: “Be afraid and expect the worst”.

The ongoing tensions – both in the eastern Donbas region and in cyberspace – led the EU to deploy a cyber rapid-response team across Europe to help with future incidents.

It’s unclear whether the team is helping to defend against this latest attack, but it’s likely to see plenty of action in the coming months.

Flash briefing: The cyber security implications of Russia invading Ukraine

Find out more about how the Ukraine incursion could affect your organisation by registering for our special presentation hosted by IT Governance’s founder and executive chairman, Alan Calder.

You’ll discover practical advice on how to reduce the risks to your organisation and the steps you can take to navigate disruptions caused by cyber warfare.

Credit Suisse data breach unmasks criminal activity

A data breach at Credit Suisse has revealed widespread criminal activity among its clients.

The revelation came to light after a whistle-blower leaked personal information from 18,000 Credit Suisse accounts to the German newspaper Süddeutsche Zeitung.

Dozens of media organisations have analysed the data, discovering evidence that the bank had been used by high-profile clients involved in serious crimes.

Credit Suisse has spent decades pledging to identify criminal clients and illicit funds. However, this leak reveals that its customers included convicted criminals such as Stefan Sederholm, who was sentenced for human trafficking, and Ronald Li Fook-shiu, the former chairman of the Hong Kong stock exchange who was imprisoned for taking bribes.

Other Credit Suisse clients include the Egyptian politician Hisham Talaat Moustafa, who was convicted in 2009 of conspiring to murder his ex-girlfriend, and Egypt’s former spy chief Omar Suleiman, who oversaw widespread torture and human rights abuses.

Speaking to Süddeutsche Zeitung, the whistle-blower condemned Credit Suisse for its role in protecting criminals.

“I believe that Swiss banking secrecy laws are immoral,” the anonymous source said. “The pretext of protecting financial privacy is merely a fig leaf covering the shameful role of Swiss banks as collaborators of tax evaders.”

Credit Suisse said that the leaks are based on “selective information taken out of context, resulting in tendentious interpretations of the bank’s business conduct”.

It added that it had taken “significant additional measures over the last decade, including considerable further investments in combating financial crime”.

Nevertheless, the EPP (European People’s Party), the region’s largest political grouping, called for the EU to consider adding Switzerland to a money-laundering blacklist.

The move would see transactions to and from Switzerland treated the same way as accounts tied to rogue states such as Iran, Syria and North Korea.

German fuel supplier hit by suspected ransomware attack

Oiltanking Deutschland GmbH was forced to operate at a “limited capacity” last month after suffering a cyber attack.

The fuel supplier, which stores and transports oil, vehicle fuels and other petroleum products, said that the IT systems in its German operations had been crippled.

Without access to its loading and unloading operations, business was brought to a standstill.

Oiltanking declared “force majeure” for most of its inland supply activities in Germany. Organisations can do this if they have a contractual agreement related to disruptive events that could not be anticipated or controlled.

The declaration excuses Oiltanking from its obligations to supply goods and services.

Meanwhile, Oiltanking’s main partner, Shell, said it had diverted operations to other suppliers to minimise disruption.

Neither Oiltanking nor its parent company have given details about the nature of the attack. However, it has the hallmarks of ransomware.

It wouldn’t be the first time a fuel supplier has been targeted in this way. The US organisation Colonial Pipeline was hacked last year, causing huge disruption and resulting in a $4.4 million (about €3.9 million) ransom payment.

Experts urge organisations not to pay up, because there is no guarantee that the attackers will keep their word and return the company’s systems to normal. Moreover, it marks the organisation as a viable target for future attacks.

Given the consequences of not being able to deliver fuel through the supply chain, you can understand why organisations might feel compelled to pay the ransom.

But as the frequency of attacks soar and ransom demands balloon – meat processing company JBS paid a record $11 million (€9.9 million) last year – organisations must make a stand if they are to curb the threat.

Cyber attack brings down Vodafone Portugal’s mobile services

On 7 February, Vodafone Portugal announced that a significant portion of its customer data services had gone offline following a cyber attack.

The organisation’s 4G and 5G mobile networks, SMS and answering services were affected for more than two days in an attack that its CEO, Mário Vaz, described as a “criminal act”.

In an update two days later, Vodafone Portugal said that it had begun restoring its systems but customer support services remained unstable.

The organisation added it was working with authorities to investigate the incident but is confident that no personal data was compromised.

It’s not the first time Vodafone has faced data protection issues. The company’s Spanish subsidiary was fined €8.15 million last year for repeated GDPR (General Data Protection Regulation) violations.

The fine incorporates 191 claims regarding Vodafone’s data processing and consent practices.

Whereas that fine concerned data privacy, this latest incident is a result of technical vulnerabilities.

It’s not clear how the attackers were able to access Vodafone Portugal’s systems, but ransomware may be to blame. It comes amid a wave of attacks in Portugal, with the news outlets Impresa and Cofina both breached by the Lapsus$ ransomware gang earlier this year.

However, it has not taken credit for this attack, and Vodafone Portugal has not yet commented on the nature of the attack.

Are you prepared for a cyber attack?

If you find yourself facing a cyber security disaster, IT Governance is here to help.

Our Emergency Cyber Incident Response Service provides the support you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

One Response

  1. Naimisha 14th March 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.