According to our figures, there were at least 128 publicly disclosed data breaches and cyber attacks in May 2021.
And as was the case last month, ransomware was the main method of attack, with 52 reported cases.
You can find the full list of incidents on our sister site, but as always, we delve into some of the notable incidents affecting European organisations here.
Spanish start-up Glovo lost 2 million people’s records
The month got off to an inauspicious start when Forbes reported that criminal hackers had captured the login details of Glovo customers, drivers and employees.
It was later confirmed that 2 million people’s data had been compromised in the attack. Fortunately, credit card details were not affected.
The incident came just a month after the Spanish delivery start-up announced a $530 million (about €435 million) investment, taking its overall funding to over $1 billion.
Forbes learned of the breach via Alex Holden, the founder and chief technology officer of Hold Security.
He passed on screenshots and videos that showed the criminal hackers demonstrating their ability to break into and manage Glovo accounts.
The company was informed about the breach shortly afterwards; it later confirmed the hack and claimed it had fixed the issue.
“On April 29, we were made aware of unauthorized access by a malicious third party actor to one of our systems,” a Glovo spokesperson said.
“The actor involved was able to gain access through an old administration panel interface. As soon as we discovered this suspicious activity, we took immediate steps to block further access by the unauthorized third party and put in place additional measures to secure our platform.
“While we are currently investigating further, we can confirm that no customer card data was accessed, as we do not hold or store such information.”
If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
DDoS attack targets Belgium’s parliament and universities
As many as 200 organisations in Belgium experienced severe disruption amid a co-ordinated DDoS (distributed denial-of-service) attack on 4 May 2021.
The country’s parliament and several universities and scientific institutions fall fell victim after the Internet service provider Belnet was targeted by cyber criminals.
Unlike most criminal hacks, DDoS attacks aren’t intended to steal sensitive data or make money but to disrupt or frustrate the victim.
They work by taking advantage of the limitations of computer networks, overwhelming them until traffic is unable to be processed.
Such attacks are often politically motivated, although some are used to distract the victim as the criminal hacker launches a more sophisticated intrusion to steal information.
“We are fully aware of the impact on the organisations connected to our network and their users and we are aware that this has had a profound impact on their operations,” Belnet’s technical director, Dirk Haex, said.
For several hours, Belgian residents were unable to access the websites of certain administrations, and students could not use their university’s online services.
Meanwhile, the country’s federal parliament was forced to cancel several committees, and online reservation systems for vaccination centres were also affected.
Belnet said it immediately activated its crisis procedures and contacted the Centre for Cybersecurity Belgium.
“Belnet continually invests in cybersecurity,” said Haex. “However, yesterday’s DDoS attack was of such a scale that our entire network was saturated.
“The fact that the perpetrators constantly changed their tactics made it even more difficult to neutralise the attack.”
Volue demonstrates how to respond to a ransomware attack
With the current ransomware crisis (we discovered 52 publicly disclosed incidents in May), we couldn’t complete our monthly review without discussing a ransomware attack.
The victim in this case was Volue, a Norwegian company that provides software to European energy and infrastructure firms.
On 4 May, applications that provided infrastructure to water and sewage facilities were infected with malware. The incident affected 200 Norwegian municipalities and about 85% of the county’s population.
As is common practice, Volue shut down all other applications and quarantined approximately 200 employee devices to prevent the infection from spreading further.
Meanwhile, Norway’s cyber security response unit for the energy and water sectors, KraftCERT, advised Volue customers to shut off their connections to the company’s application and reset their credentials.
External cyber security experts arrived shortly after Volue discovered the incident to assist in recovering the company’s data.
The company’s CEO, Trond Straume, later met with customers to explain how Volue is protecting their data and computer systems against the spread of the malware.
Straume added that the organisation set up a process to assess when each client could safely start using applications disabled after the attack.
Additionally, security experts analysed whether customers using applications hosted by Volue were at risk of having data stolen by the attackers.
Straume said he never considered paying the criminal’s ransom to decrypt Volue’s data. In fact, the company said it wasn’t able to see the fee that attackers asked for because the attackers sent a message with a link, which the security team didn’t click.
Within a week of the attack, Volue said that 90% of customers were considered safe – or close to safe – from risk related to the attack.
Stay up to date with cyber security news
Are you looking for regular updates on the latest cyber attacks and data breaches?
Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on how to protect your organisation.