HOSTED NEWS
It's estimated that around 5,000 ransomware attacks happen every day.
The figure above is simply staggering and these aren't just small companies who have overlooked their security. Included in these attacks are multinational organisations with multi million pound IT budgets. A ransomware attack really could happen to any individual or any organisation and it only takes one small vulnerability to be exploited for the attack to become a reality.
So which companies have caught our eye this week?
1 - Accenture
On August 11th, CRN reported that Accenture had been hit by a ransomware attack. Michael Goldstein, CEO of Florida-based LAN infotech said "If a $45 billion company like Accenture is vulnerable then everyone is vulnerable.
CNBC reporter Eamon Javers Wednesday first broke the news about the attack in a tweet, writing that the hacker group in a post on the Dark Web wrote, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
Accenture said “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,”. The critical thing to note here is that backup was clearly in place and they were able to restore servers quickly.
The attacker used LockBit to attack Accenture's sytems. LockBit is a cybercriminal gang that operates using a ransomware-as-a-service (RaaS) model—similar to DarkSide and REvil. LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model. Any ransom payments received from using LockBit are divided between the customer directing the attack and the LockBit gang.
2 - US Department of Justice
On 31st July the BBC reported that nearly 30 top US prosecutors had their office's email accounts hacked. 27 US attorneys had at least one office computer hacked.
The hack, which gave cyber-criminals potential access to 18,000 government and private computer networks, was made public last December. Accounts from four New York attorney offices were hit which included 80% of Microsoft email accounts. The department says hackers compromised the accounts as early as May 2020 - some seven months before the SolarWinds hack was made public.
3 - Wealden District Council
Wealden District Council suffered a sustained cyber attack on 14th June.
A report from Cllr Philip Lunn (Con, Crowborough South East), going to next week’s Overview & Scrutiny Committee, describes how on that day the Council’s had about 3,000 attempts to break into their email system. This compares to 20-30 in a typical day.
A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one. Brute force attacks are simple and reliable. Attackers let a computer do the work – trying different combinations of usernames and passwords.
4 - Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company
On July 27th, Bloomberg reported that Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company had suffered disruptions caused by a cyber attack on July 22nd.
“Transnet, including Transnet Port Terminals, experienced an act of cyberattack, security intrusion and sabotage,” it said. “Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach or sabotage.”
5 - Northern Trains
Self-service ticket machines operated by the Northern Trains rail franchise were targeted by a ransomware attack which took many ticket machines offline. E&T magazine reported this on July 20th stating "The operator installed more than 600 new ticket machines across the network earlier this year as part of a £17m scheme to provide passengers with modern touch-screen machines at over 400 stations across the north of England. The servers that operate these ticket machines have now been impacted by the suspected cyber attack."
