November cyber news round-up
Tesco gets hit by a cyberattack, celebrity jeweler has data leaked, the DOJ make REvil arrests, and hackers lay low on an Australian water supplier system
We may all be winding down for Thanksgiving and Christmas, but these hackers just won't rest! We've got news on an array of cyber events from all across the globe this month.
Tesco restores online operations after cyberattack
On late October, Tesco announced it was having some issues with the search function on their website after attempts to interfere with their systems. By the next day, the website’s functionality was restored but they had implemented a “virtual waiting room” to handle high volumes of traffic.
Tesco did not disclose the nature of the cyberattack they suffered, but a spokesperson said there was nothing to indicate customer data was compromised and that they were continuing to ensure the safety of customer data.
Tesco’s stock was relatively unaffected by the incident.
Conti hacks high-end jeweler, leaking celebrity data
The hacking group Conti have hacked the jewelry firm Graff, obtaining data on thousands of their clients, many of whom are notable figures.
69,000 documents were leaked on the dark web from the breach pertaining to approximately 11,000 customers including Donald Trump, Tom Hanks, David Beckham, and many other famous names.
Conti took responsibility for the leak and demanded a multi-million-pound ransom to prevent the leak of further documents, stating that the leaked files were only 1% of the data they obtained from the hack.
Graff has reported that it is working with law enforcement and had already reported the breach to the Information Commissioner’s Office (ICO). The site hosting the leaked data has already been visited by thousands hoping to pry through the personal transactions of the stars.
DOJ charges REvil ransomware leaders
The US Department of Justice (DOJ) arrested and charged Yaroslav Vasinskyi, a Ukrainian national, for deploying ransomware to attack businesses and government entities in the US. This activity occurred as part of the attack against Kaseya in July.
The DOJ also announced that they had seized $6.1 million from Russian national Yevgeniy Polyanin, who is charged with conducting ransomware attacks against businesses and government entities in Texas in August of 2019.
Both individuals were charged separately with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. They could face maximum penalties of 115 and 145 years in prison.
Hackers undetected for nine months on Australian water supplier server
Hackers compromised a server belonging to SunWater, a Queensland-based water supplier, and remained undetected for nine months.
The attackers were on the server between August 2020 and May 2021 but are not believed to have exfiltrated any data. Instead, it's believed the attackers infected the server with custom malware to increase visitor traffic to an online video-sharing platform.
The news was published in an auditing report by the Queensland Audit Office. The report outlined that the older and more vulnerable servers were compromised while the newer ones were left untouched, as well as raising concerns about an absence of proper security practices such as the Principle Of Least Privilege (POLP).
The auditors went onto conduct a review of the controls of six water authorities in Australia and found that three of them were not up to standard.