Cyber Attacks and Data Breaches in Review: March 2022

Welcome to our latest monthly review of cyber attacks and data breaches. In March 2022, we found 88 publicly disclosed security incidents accounting for 3,987,593 breached records.

Let’s take a look at some of the incidents the cyber threat landscape in Europe.

Could Russian cyber criminals exploit Kaspersky antivirus to target Europe?

Germany’s BSI (Federal Office for Information Security) recently warned that the Russian cyber security firm Kaspersky could be used to facilitate attacks against European organisations.

In a bulletin published on 15 March, the BSI urged Kaspersky users to uninstall the software, noting that the war in Ukraine had increased the risk of cyber attacks on IT infrastructure in NATO countries and the European Union.

The notice, translated from German, reads: “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or itself be spied on as a victim of a cyber operation without its knowledge or be misused as a tool for attacks against its own customers.”

The Russian government has long been suspected of working with private groups to conduct cyber attacks against its adversaries. But these have typically been black- or grey-hat attackers, whereas Kaspersky is a legitimate cyber security firm.

Yet, this isn’t the first time that the company’s practices have come under fire. In 2017, the US Department of Homeland Security ordered government departments to remove Kaspersky products from its systems for fear that it was aligned with the Russian government.

Kaspersky has maintained that it has no link with the Kremlin, responding to the BSI’s bulletin by saying:

“We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds.”

“Kaspersky is a private global cybersecurity company and, as a private company, does not have any ties to the Russian or any other government,” the statement added.

Ukrainian news providers targeted by phishing attacks

The Russian invasion of Ukraine has been complemented by a wave of cyber attacks, demonstrating the influence that cyber warfare can have on the battleground.

On both sides of the conflict, attackers have predominantly used DDoS (distributed denial-of-service) to knock websites and other services offline. However, there have also been reports that pro-Russian groups are targeting Ukrainian military personnel with phishing attacks.

According to Google’s Threat Analysis Group, the criminal gang Fancy Bear (also known as Strontium), has launched a wave of phishing emails targeting Ukrainian news providers.

The phishing e-mails were sent from a large number of compromised non-Google accounts, and included links to newly created, attacker-controlled Blogspot domains.

It’s the latest in a series of Russian- and Belarusian-sponsored phishing attacks against Ukraine. The country’s CERT-UA (Computer Emergency Response Team) warned citizens last week that malicious actors are using phishing attacks to compromise the country’s infrastructure. 

Meanwhile, the cyber security firm ESAT has said that it’s not just Ukrainians who could come under attack.

ESAT discovered that fraudsters had created a bogus fund asking people to donate money to victims of the invasion of Ukraine.

ESAT shared a bogus charitable fund designed to steal people’s money.

Meta handed £14 million GDPR fine

Last month, Meta was fined €17 million (about £14.2 million) for twelve breaches of EU data protection rules.

The tech giant, formerly known as Facebook, violated several GDPR (General Data Protection Regulation) requirements, and more than 30 million people have been affected.

According to the Irish DPC (Data Protection Commissioner), which investigated the breaches, Meta failed to implement appropriate technical and organisational measures to protect EU users’ personal data.

The DPC began its inquiry in 2018 – shortly after the GDPR took effect – after it received a dozen breach notifications from Facebook.

The authority noted that Facebook (as it was known at the time) breached Articles 5(1), 5(2), 24(1) and 32(1) of the GDPR.

Articles 5(1) and 5(2) state that personal data must be processed lawfully, fairly and in a transparent manner, and that the data controller must be able to demonstrate that it is doing so.

Articles 24(1) and 32(1) state that organisations must implement appropriate technical and organisational measures to protect personal data.

Facebook’s failure to adopt these measures doesn’t necessarily mean that personal data was breached. Rather, it was found to have inadequate documentation, which could have resulted in poorly implemented controls.

A spokesperson for Meta highlighted this in its response, suggesting that the violations were simply a matter of “record keeping practices”.

They added that these were historical breaches – dating back to 2018 – and that Meta’s practices were now GDPR compliant.

“We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve,” the spokesperson said.

Are you prepared for a cyber attack?

If you find yourself facing a cyber security disaster, IT Governance is here to help.

Our Emergency Cyber Incident Response Service provides the support you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.