In the spotlight this week:
Microsoft hack hits PE firms
Cyber insurance claims on the rise
Cayman Islands investment fund left vulnerable to Azure blob
Law in order suffers ransomware attack
Cyber Crooks Seek to Provide Charitable Donations
French Retail Giant Carrefour Fined USD3.7M for GDPR Violation
A team of sophisticated cyber criminals has stalked private equity firms, monitored internal systems, diverted emails, and initiated wire transfers to steal millions of dollars from multiple organizations. The attack, exposed by Check Point, intercepted four separate bank transactions totalling $1.3 million, but only half the funds were recovered. These attacks are very sophisticated and occured in the following sequence: The attack group—dubbed the Florentine Banker—injected itself into the firm’s confidential business operations and proceeded to execute financial transactions. The attack started through persistent spear phishing aimed at the financial chain within target PE firms, using multiple vectors to steal credentials. The attackers persisted for weeks until they gained a holistic view of the financial structure of the company. With the ability to read emails between targeted firms and third parties, a stalking campaign began, to look for the right opportunity to execute a material theft. The attackers used email rules within Microsoft 365 to divert messages from specific senders or with specific subject lines to a monitored folder. From here, employees inadvertently began regular communication with the attackers, and allowed them to gain access to financial information.
Reports by Allianz Global Corporate & Specialty (AGCS) showed that external attacks on companies result in the most expensive cyber insurance losses. However, employee mistakes and technical problems are the most frequent generator of claims by number. Distributed denial of service (DDoS) attacks, phishing, and ransomware campaigns accounted for a significant majority of the value of cyber claims. The study analyzed 1,736 cyber-related insurance claims worth €660M involving AGCS and other insurers from 2015 to 2020. The number of cyber insurance claims has steadily increased over the last few years, from 77 in 2016, to 809 in 2019. This steady increase in claims has been driven, in part, by the growth of the global cyber insurance market which is currently estimated to be worth USD7B according to Munich Re.
A Cayman Islands-based investment fund exposed its entire backup to the internet after failing to properly configure a Microsoft Azure blob. Details of the fund's register of members and correspondence with its investors, as well as its shareholders, their shares, and the value of those holdings were freely available to anyone with the URL to its Azure blob. The fund's IT provider has since removed all of its files from its Azure blob as a result of the breach. The fund was completely unaware of how Azure operated or how their files had been exposed to anyone with a web browser and appeared to be totally reliant on their IT provider for everything other than basic office productivity software. Having a top-tier, experienced incident response team can save you time and money in the event of an attack. To find out more about building an effective incident response team, click here.
Law In Order, an Australian supplier of document and digital services to law firms, suffered a ransomware infection over the weekend that is believed to be of the Netwalker variant. After detecting the attack, Law In Order halted its business operations and called upon cyber security advisers to assist in the investigation and incident response. Law In Order has since alerted authorities including the Australian Federal Police (AFP) and the Australian Cyber Security Centre (ACSC) to the attack. The company said it was still working to understand the extent of the attack, and whether or not confidential data had been leaked.
The hacker group ‘Darkside’ has donated a small portion of its earnings to charity. Darkside is a criminal gang known for hacking into company computers, locking up critical data, and leaking it online while demanding ransom from its victims. Discovered by cyber security firm Emsisoft, the ransomware gang uploaded tax receipts amounting to USD 10,000 in charitable donations on the dark web. One nonprofit that the Darkside hackers donated to — Children International — said it had no intention of keeping the money.
French retail giant Carrefour and its banking arm have been fined USD3.7M by local data protection regulator Nationale de L’informatique et des Libertés (CNIL) for multiple breaches of the GDPR. CNIL took into account the significant remedial action that had been taken by the firm to address its concerns which spanned from unlawful cookie use to hidden information about data protection. Data protection regulators are now shifting their focus to an organization’s online presence with a special emphasis on data transfer policies. In light of this, consider reviewing your website to ensure that it meets GDPR or other local standards surrounding data transfer and usage regulations.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.