Welcome to our July 2023 review of cyber attacks and data breaches, where we review the biggest security incidents across Europe.
This month’s list includes a security breach linked to Swiss Review, plus the latest in a series of attacks tied to Russian-sponsored criminal gangs and the now notorious MOVEit file-transfer vulnerability.
Massive data breach of Swiss emigrants
Earlier this year, a database containing 425,000 personal data records appeared for sale on the dark web. The origin of this database was initially unclear, although reports emerged in July linking the attack to the Swiss Review.
The magazine is produced by the Swiss federal government to keep citizens abroad up to date on developments in their home country. Researchers noted that everyone affected by the breach was subscribed to the journal.
All Swiss emigrants are added to the journal’s sender list by default, although they are permitted to opt out.
The country’s foreign ministry is responsible for processing contact details and other personal information, and the data is considered so sensitive that not even the magazine’s publisher, SwissCommunity, has access.
So how exactly did this information end up for sale? Eventually, the leak was tied to a ransomware attack against two Swiss publishing houses, the NZZ publishing group and CH Media.
The editorial office of the Swiss Review was reportedly also affected, as it experienced disruptions to its workflow. All three organisations are connected through the same IT infrastructure, meaning that the attackers were able to launch three attacks by exploiting a single vulnerability.
An investigation into the incident is ongoing, with the foreign ministry saying that it “has no knowledge of how much data has actually been stolen”.
It added that “the fact that data that was not collected voluntarily has been made public in this way is very regrettable”.
Norwegian government targeted in suspected Russian cyber attack
Twelve Norwegian government ministries fell victim to a cyber attack last month, in the latest in a series of incidents linked to Russian state-sponsored hackers.
In a press release, Erik Hope, the director of the Norwegian ministries’ security and service organisation, said that “unusual” network traffic was uncovered on 12 July and was being investigated by the police.
Officials noted that the twelve ministries impacted by the cyber attack were unable to access several mobile services, including email.
What Hope meant when describing the incident as “unusual” remains unclear, but it was quickly connected to a “previously unknown vulnerability in the software” of one of the government’s suppliers.
Hope confirmed that the threat actor exploited that vulnerability, and he added that “it is too early to say anything about who is behind it and the scale of the attack. Our investigations and the police’s investigation will be able to provide more answers”.
In the meantime, many have credited the attack to Russia. It has a long history of targeting its political adversaries with cyber attacks, and those efforts have ramped up following the country’s invasion of Ukraine.
Norway’s state sector was hit by a DDoS (distributed denial-of-service) attack last year, which was attributed to a “criminal pro-Russian group”.
It’s therefore no surprise that commentators are speculating on further Russian aggression. Norway’s economy has soared since Russia’s invasion of Ukraine, with its political allies turning to the country for gas and oil after issuing embargoes on Russia.
The country is also one of NATO’s founding members, and it has provided financial aid for Ukraine throughout the war.
Deutsche Bank becomes latest victim of MOVEit vulnerability
Deutsch Bank confirmed in July that customer data was at risk after it suffered a security breach that’s likely caused by the now notorious MOVEit software vulnerability.
If so, it would be the latest in a series of cyber attacks exploiting a critical flaw in Progress Software’s MOVEit file transfer tool, which is used by thousands of organisations and as many as 3.5 million software developers.
The attacks have since been credited to the notorious Russian ransomware group Clop, which has threatened to publish the stolen data unless organisations contacted them to begin a ransom negotiation.
A report published earlier this week estimated that as many as 11 million individuals have had their data compromised in these attacks.
It’s unclear how many people have been affected in the incident affecting Deutsch Bank. According to a spokesperson for the bank, the breach affected the organisation’s account switching service, while later comments suggest that customers’ payment card data might have been compromised.
Deutsch Bank said that its own systems were not affected by the breach, and insisted that only a limited amount of personal data was compromised.
Are you prepared for a cyber attack?
If you’re facing a cyber security disaster, IT Governance is here to help.
Our Emergency Cyber Incident Response Service offers the necessary support to deal with the incident, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.