In the spotlight this week:
New Zealand stock exchange cyber attack amongst the most severe in the world
EU drug regulator confirms data leakage
Foreign state hackers breach the US Treasury
CISA orders emergency action after large scale cyber security breach
One million US dental patients impacted by a data breach
The New Zealand Exchange commissioned InPhySec, an independent specialist cybersecurity company, to review a series of DDoS attacks on their systems, which began back in August. The attacks disrupted the website and announcements board, causing the stock exchange to cease trading for a number of days. In its report, InPhySec said the attacks fundamentally changed expectations about this sort of attack for the industry, and confirmed the scale was beyond anything previously seen or that could have been reasonably forecasted.
The European Medicines Agency (EMA) confirmed last Friday that confidential documents on the development of the COVID-19 vaccines had been “unlawfully accessed”. The EMA said on Friday that the relevant companies including Pfizer, Moderna, and BioNTech SE have been informed, and that the breach had not affected its operations, or timelines, related to the evaluation and approval of COVID-19 vaccines and treatments.
Reuters sources report that a group backed by a foreign government agency has stolen data from the Treasury Department and the internet policy-focused NTIA. While details are still limited, intel suggests that the attackers took emails from both agencies. Intelligence officials in the White House are concerned that the hackers used a similar method to breach other government bodies and are taking necessary precautions to pinpoint and resolve any security breaches.
The Cybersecurity and Infrastructure Security Agency has issued an emergency directive in response to a sophisticated cyberattack mandating all federal civilian agencies stop using SolarWinds' Orion products with immediate effect. The directive is intended to mitigate potential compromises within federal civilian networks and has extended to the public and private sectors with organizations looking into assessing their exposure to this compromise and securing their networks against any vulnerabilities.
Dental Care Alliance discovered that it had been the victim of a data breach affecting more than a million patients in early October this year. While the healthcare provider managed to contain it within two days of discovery, the hack had been carried out silently in the background for over a month. Patient data including names, addresses, bank account numbers, and health insurance information was stolen by the attackers. DCA is working with the relevant authorities and patients to provide the necessary and appropriate support for the impacted individuals.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.