It's the beginning of a new week, and that means a new round up of what's been going on in the world of cyber security and data protection over the last 7 days!

 

07/11/22 - Azov Ransomware Is A Wiper, Destroying Data 666 Bytes At A Time

After emerging last month, the Azov ransomware continues to be distributed worldwide and it has now been proven to be a data wiper, intentionally destroying victim’s data and infecting other programs in their network. It would originally pretend to encrypt data and the ransom note would encourage victims to get in contact with well-known security researchers rather than a threat actor. Checkpoint security researchers have confirmed that the malware is designed to corrupt data, sitting dormant until a programmed trigger time at which point it begins wiping data in chunks of 666 bytes. It is currently unclear why threat actors are spending money to simply wipe data, but theories range from covering up other malicious software to simply ‘trolling’ the cyber security community. (Bleeping Computer)

 

07/11/22 - Ransomware Gang Threatens To Release Stolen Medibank Data

The ransomware gang that has claimed responsibility for the recent data break at Australian health insurance provider Medibank has posted to a hacking forum that it is planning to release the stolen data. The gang is yet to state how much data they stole, however Medibank serves 3.9 million customers and has over 4000 employees and revealed that the hackers had managed to access some of their customer data. Medibank also stated that they will not be paying the hackers’ ransom, adding that paying would only encourage the hackers to target affected customers as well as other Australian businesses. (Bleeping Computer)

 

09/11/22 - 15,000 Sites Hacked For Massive Google SEO Poisoning Campaign

A massive black hat SEO campaign is underway, with 15,000 websites being compromised to redirect people to fake discussion forums. Most of the compromised sites are WordPress, with each site containing around 20,000 files. The goal of the threat actors is likely to generate enough indexed pages that the fake discussion sites begin to rank higher up on search engines, setting up these sites for phishing purposes or as future malware droppers. Researchers at Sucuri couldn’t determine how the hackers were able to breach legitimate websites to add their redirections, but it is likely that it was through either a vulnerable plugin or brute forced WordPress credentials. (Bleeping Computer)

 

10/11/22 - Pupils' Data Spread Online In Hereford School Cyber Attack

West Mercia police have launched an investigation following a cyber-attack on the systems at Bishop of Hereford’s Bluecoat School, which saw pupil’s information published online. The police are currently working with the school to determine what information was published and the safeguarding measures that may be required as a result of the breach. (BBC News)

 

11/11/22 - Canadian Food Retail Giant Sobeys Hit By Black Basta Ransomware

Canadian giant Sobeys, which operates 1500 supermarkets and pharmacies with over 134,000 employees, has been experiencing company-wide IT disruption since last weekend. The company is yet to disclose any information on the disruption, however provincial privacy watchdogs in Quebec and Alberta have confirmed that they have received confidentiality incident notifications from Sobeys – alerts only sent out following incidents in which personal information has been accessed. Ransom notes and negotiation chats seen by Bleeping Computer further confirmed that it appears Black Basta ransomware has been deployed by the threat actors. While this gang’s demands tend to vary according to the size of the business, in the past they have demanded up to $2 million to decrypt victims’ systems. (Bleeping Computer)

 

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so contact Celerity to find out how we could protect your business!

Callum Graham-Rack

Written by Callum Graham-Rack