Tag Archive for: Strikes

Cl0p Ransomware Strikes Deloitte, Company Refutes Breach

/in


IN SUMMARY

  • The Cl0P ransomware gang claims to have breached Deloitte.
  • Deloitte has refuted the claims made by the gang regarding the breach.
  • The Cl0P ransomware gang is actively exploiting the MOVEit vulnerability.
  • Deloitte is among the firms using the vulnerable MOVEit Transfer software.

The infamous Cl0p Ransomware has struck again, this time claiming to have targeted the multinational professional services network Deloitte. The ransomware gang, known for its high-profile attacks, claimed responsibility for breaching Deloitte’s infrastructure in a recent post on its dark web data breach blog. While Deloitte’s response refutes the claims, the incident highlights the ongoing risk posed by the MOVEit vulnerability.

Deloitte’s denial of the breach comes with a strong statement from the company’s Global spokesperson. In an exclusive response to Hackread.com, Deloitte stated that they found no evidence of any breach of client data during their analysis.

Cl0p Ransomware Strikes Deloitte, Company Refutes Breach
According to Cl0P, “The company doesn’t care about its customers, it ignored their security!!!” (Screenshot: Hackread.com)

The company took immediate action upon discovering the zero-day vulnerability, applying security updates and mitigating actions as per the vendor’s guidance. Furthermore, Deloitte claimed that their global network’s use of the vulnerable MOVEit Transfer software is limited, and their analysis revealed no impact on client data.

Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance. Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact on client data.

Deloitte Global Spokesperson

The Cl0p Ransomware group has been on a hacking spree, exploiting the MOVEit vulnerability to target major companies worldwide. Previous victims include renowned names like PWC business consulting firm, TD Ameritrade, Aon, Kirkland, and Ernest & Young, among others. The gang is now also notorious for using clearnet websites to publish stolen…

Source…

Ransomware attack strikes Hawaii Community College

/in


Jun. 21—Hawaii Community College has been struck with a ransomware attack, and security measures are being increased to protect digital assets, University of Hawaii officials said Tuesday.

“Hawaii CC representatives are actively working with federal authorities and cybersecurity experts,” a university statement said.

“The Hawaii CC campus was notified of a cybersecurity incident on Tuesday, June 13, shortly after UH was made aware of the situa­tion,” the statement continued. “UH System Information Technology Serv­ices responded immediately and took the Hawaii CC network offline and took additional steps to protect all UH networks. Hawaii CC is the only UH campus identified in the attack by the group claiming responsibility.”

Cybersecurity experts at UH do not think any of the other nine UH campuses have been affected.

When asked which ransomware group or platform was responsible, what kinds of data may have been compromised and what steps students and university employees should take, UH spokesman Dan Meisenzahl said those issues are part of the ongoing investigation and cannot be discussed. But he confirmed that the university “has increased scanning and monitoring and is deploying additional security technologies.”

The bad actor is “holding numerous companies and agencies ransom. Not just Hawaii CC,” Meisenzahl added. “This is happening to hundreds of agencies, hospitals, businesses around the county for the last few years now. It was always a matter of when and not if it would happen.”

Source…

As Cyber Strikes Mount, What Happens in Ukraine Doesn’t Stay in Ukraine

/in


The scale of Russia’s cyber-attacks in Ukraine swelled in the first quarter of 2023, a top Ukrainian official told a gathering of top cyber security experts at the Cyber Initiatives Group Spring Summit on Wednesday; part of a new phase of the war to accompany an apparently stalled Russian ground campaign. 

“Conventional warfare and cyber warfare are integrated things,” said Col. Ivan Kalabashkin, Acting Deputy Head of the Cybersecurity Department in the Security Service of Ukraine (SSU), who detailed the nature of simultaneous Russian missile and cyber strikes against Ukrainian military positions and critical infrastructure, including recent strikes at a nuclear facility near Kyiv.  

In 2022, Ukraine reported 4,500 such strikes and related incidents. That number is already at nearly 1,200 in just the first three months of 2023, Kalabashkin said. Ukraine is also dealing with around 1,000 Russian psychological and disinformation operations every month, he added.

Many of these propaganda campaigns now orient around the battle for Bakhmut, a small eastern city that has been a focal point of recent fighting. Russian forces have encircled the city but have been unable to force a Ukrainian withdraw. 

Ukrainian Deputy Defense Minister Hanna Maliar addressed those operations on Wednesday, saying Russia is currently focused on three principal tasks in mass media: 1.) the undermining of civil-military trust, 2.) the discouraging of the Ukrainian army, and 3.) attempting to provoke battlefield mistakes. 

“Our military command, not the Russian psychological operations, will determine how long Bakhmut will be defended,” Maliar added.

And yet as the battle for Bakhmut rages, broader security questions are also being raised, not just about the evolving nature of hybrid warfare, but also about the level of public and private sector preparedness in the U.S. That preparedness includes evolving regulatory and law enforcement frameworks that govern and protect the comparably more digitally-connected societies in the West. 

It’s not just for the President anymore. Are you getting your daily national security briefing? Subscriber+Members have exclusive access to the Open Source…

Source…

Ransomware attack strikes City of Ellsworth

/in


ELLSWORTH – The City of Ellsworth announced today that it had fallen victim to a ransomware attack. 

The following was posted on the City of Ellsworth Facebook page:

The City of Ellsworth is notifying residents that, on June 2, 2022, it detected unauthorized activity on its network, which has been confirmed as a ransomware attack. In response, the City took its systems offline to contain the threat and protect against any other potential malicious activity. In addition, the City notified federal law enforcement and it is working with them and computer forensics experts to thoroughly investigate and remediate this issue.

The incident has not caused any stoppage in City services to residents, but its internal operations have been limited this week during the recovery efforts.

“Please know that we are giving this our undivided attention and are doing everything we can to restore our systems and resume normal operations as quickly as safely possible,” said Mayor Daniel Finnegan. The City currently estimates that its main server at City Hall will be restored and operational in the next one to two days. In addition, the City is deploying an endpoint detection and response program that will provide continuous monitoring and alerts of any suspicious or potentially malicious activity on its network.

At this time, the City has not determined if any personal information was accessed or acquired in connection with this incident. However, it is continuing to investigate and notify residents and provide updates as it learns more. In the meantime, please refer to the City’s website at www.ellsworthks.net where the City will be posting updates and additional details during the course of its investigation. Additionally, if anyone has other questions, they may contact John Deardoff, the interim City Administrator, at 785-472-5566.  

Source…