Cyber attacks and data breaches in review: May 2020

We have just seen 8,801,171,594 breached data records in one month. Yes, 8.8 billion.

The majority of those were the result of a leaky database belonging to the Thai phone network AIS that was quickly resolved – but it was a dire month even if you discount that.

There were 105 incidents in total, bringing the annual running total to 388 – and the total number of breached records has soared to more than 11 billion.

As always, we delve into the more notable incidents affecting European organisations in this blog.

Europe’s largest private hospital operator hit by ransomware

The German hospital operator Fresenius suffered a ransomware attack last month.

The organisation, which is a major provider of dialysis products and services that are in high demand thanks to the COVID-19 pandemic, said that the incident has limited some of its operations but that patient care continues.

Ransomware attacks like this are unfortunately common. We recorded 17 of them in May, although the actual figure will be much higher given how rarely they are publicly disclosed.

Security researchers believe that the attackers used the Snake ransomware strain, which identifies IT processes that are tied to enterprise management tools and large-scale industrial control systems, such as production and manufacturing networks.

It then siphons unencrypted files, encrypts computers on a network, and tells victims that they have 48 hours to pay up or the hackers will post the stolen data online.

The fact that it was an organisation providing coronavirus treatment is no coincidence. Interpol recently warned that it “detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response”.

World’s largest sovereign wealth fund stunned by cyber attack

Norfund, the Norwegian private equity giant, lost $10 million (about €9 million) in cash reserves after a cyber criminal breached an employee’s email account.

Based on the organisation’s statement, it sounds like a BEC (business email compromise) scheme.

“The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language,” the organisation explained.

As a result, Norfund rerouted a loan that was intended for a microfinance company in Cambodia to an unrelated Mexican bank account.

“This is a grave incident,” Norfund CEO Tellef Thorleifsson said. “The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable.

“The fact that this has happened shows that our systems and routines are not good enough.”

Massive vulnerabilities found in North Macedonia’s IT systems

North Macedonia’s government website was knocked offline for more than a day earlier this month, with visitors being told the pages were marked unsecure for use due to an “expired security certificate”.

It came shortly after the cyber crime group Powerful Greek Army leaked dozens of email addresses and passwords from staffers in North Macedonia’s Ministry Economy and Finance, as well as from the municipality of Strumica.

Security experts say the government’s website could be vulnerable to a MITM (man-in-the-middle) attack, with criminals siphoning off visitors’ personal details.

Stay up to date with cyber security news

Are you looking for regular updates on the latest cyber attacks and data breaches?

Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on the steps you should take to protect your organisation.

Subscribe to our weekly newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.