July 2019 was one of the worst months ever from a cyber security perspective. With incidents like the massive breach at the Chinese tech supplier Orvibo and another leaked database filled with Evite customers’ personal details, the second half of the year began with a mammoth 2,226,042,039 breached records.
In this blog, we delve into the most notable incidents affecting organisations and individuals in Europe.
1. Hackers break into Greece’s top-level domain registrar
Security researchers have confirmed that ICS-Forth, the organisation that manages Greece’s top-level domain codes .gr and .el, was breached earlier this year.
A report published by Cisco Talos accused the state-sponsored group Sea Turtle of orchestrating the attack.
The group’s methods were unusual because, instead of targeting websites themselves, they targeted accounts at the domain registrar, which reserves web addresses and assigns IP addresses to domain names.
This enabled them to modify a company’s DNS settings, redirecting traffic to clone servers. Visitors to an affected site are unable to tell the difference, setting themselves up for man-in-the-middle attacks.
Such attacks can work in several ways but, unfortunately, Talos hasn’t been able to identify exactly what the fraudsters did and which domain names they modified. However, the attack lasted for at least five days after ICS-Forth disclosed the incident, so the hackers had plenty of time to work with.
2. Bulgarian tax revenue agency compromised
Almost the entire population of Bulgaria has been affected by a cyber attack against the country’s tax reporting service, the NRA (National Revenue Agency).
The breached records include individuals’ names, dates of birth, addresses, social security information and incomes dating back to 2007.
The crook responsible for the attack was quickly identified as Kristian Boykov, a 20-year-old penetration tester from Sofia. Police raided his home, arrested him and seized his computers and mobile devices.
Prosecutors later identified an alleged co-conspirator, Georgi Yankov, who worked with Boykob at the cyber security company TAD Group.
Both were released on bail the following day after the charges were downgraded from a critical infrastructure attack to a crime against information systems, which carries a maximum prison sentence of three years.
Before his arrest, Boykov had released parts of the stolen information to reporters, claiming to be a Russian hacker selling the data.
However, Boykov didn’t appear to have any interest in selling the information, as he later posted it online.
3. Irish health services admit fault over medical files found in Donegal
Over the past few weeks, several people have reported finding medical records in the streets of Letterkenny in County Donegal.
The discoveries began in March, when litter wardens found a list of patient names in a bin. Another list emerged two months later and, on 9 June, a family found the private file of an elderly woman in a nearby park.
The mystery of how these files kept turning up was answered this month, with the HSE (Health Services Executive) confirming that storage containers at St Conal’s medical facility had been broken into.
It’s not yet clear at what point the facility, which is part of Letterkenny University Hospital, learned about its involvement in the breach. However, the Donegal Daily confirmed that a lock protecting the documents had been “smashed open”, suggesting the thieves hadn’t been subtle in their attack and that anyone visiting the facility would have noticed something amiss.
A spokesperson said: “All containers have been fitted with lock boxes to prevent a reoccurrence of the recent breach where the lock had been broken to gain access to one of the containers”.
“The loss of patient files [was] not as a result of negligence but as a result of theft so there will be no sanctions on staff.”