Although Europe looks as though it’s over the worst of the COVID-19 crisis – with infection rates down, lockdown restrictions eased and borders reopened – the associated cyber security threats are as prominent as ever.
We’ve been tracking the way cyber criminals have exploited the fears and uncertainty around the pandemic to launch attacks, and in the last month, dozens of organisations were caught out by coronavirus-related attacks.
June saw no fewer than 92 security incidents, which accounted for at least 7,021,195,399 breached records.
As always, we delve into the more notable incidents affecting European organisations in this blog.
German COVID-19 task force caught out by Microsoft scam
More than 100 high-profile executives at a German multinational have been targeted by a series of phishing attacks.
The unnamed organisation is part of a coronavirus task force responsible for purchasing personal protective equipment for healthcare workers.
Researchers at IBM X-Force believe that the attackers are targeting multiple organisations and third-party supply chain partners associated with the task force.
The phishing email directed victims to a fake Microsoft login page in order to capture their login details.
Source: IBM X-Force
This is the same method that was used in a series of attacks that compromised the accounts of 150 executives in the finance industry in May.
However, whereas that attack was linked to criminal hackers in Nigeria and South Africa, this campaign is tied to Russia.
This demonstrates how important it is to stay on top of phishing trends. Crooks clearly saw the success of this scam and recreated it. Had the organisation in question been as observant, it could have warned its employees.
A1 Telekom subjected to six-month malware intrusion
Austria’s largest Internet service provider, A1 Telekom, admitted last month that it suffered a malware attack in November 2019.
The organisation said its security team detected the malware a month later, but it took until May to contain the incident.
A1 Telekom didn’t provide specific details, or state whether it suspected the attack was the work of a financially motivated criminal hacker or a state-sponsored group.
However, it did confirm that the attack failed to leverage access from the office network to the entire IT system, which consists of thousands of servers and applications.
That’s not to say the attack was entirely ineffective. The perpetrator compromised some databases and ran database queries to reveal the organisation’s internal network.
A researcher who discovered the breach claimed that the intruder downloaded vast amounts of customer information, including location data and phone numbers.
Claire’s hit by payment card skimmer
Those who recently shopped online at the fashion retailer Claire’s and its sister brand Icing learned in June that their payment card details might have been compromised.
Researchers at Sansec discovered the skimmer, which was served from the domain ‘claires-assets.com’ and added to the two online shops between 25 and 30 April.
“The malware was added to the (otherwise legitimate) app.min.js file. This file is hosted on the store servers, so there is no “Supply Chain Attack” involved, and attackers have actually gained write access to the store code,” the researchers wrote.
The skimmer then attached to the ‘submit’ button of the checkout form so that when the customer clicked, their information was captured.
It’s not known how the attackers compromised the website, but they were presumably aware of the exploit weeks in advance, because they registered the domain on 22 March, the day after Claire’s announced that it would close its physical shops due to COVID-19.
Stay up to date with cyber security news
Are you looking for regular updates on the latest cyber attacks and data breaches?
Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on the steps you should take to protect your organisation.