Phishing with Citibank Lures

March 01, 2022

Phishing with Citibank Lures

Industry: Financial | Level: Strategic | Source: BleepingComputer

A widespread phishing campaign is luring customers of Citibank as reported by BleepingComputer and investigated by Bitdefender. Threat actors are spreading the phishing email attempting to capture the victim’s CitiBank online login credentials and personal user information. The email urges swift action from the user to avoid account suspension with a link leading to a fraudulent CitiBank login page. Victim statistics for the campaign as tracked by Bitdefender has found targets are predominantly Americans (81%) followed by UK users (7%) and South Korean users (4%). An alternative CitiBank-themed phishing campaign occurred between February 11th and 15th, 2022 incentivizing victims with an opportunity to win monetary prizes that attempt to capture users’ personal information including “full name, address, age, phone number, and a scanned copy of their national ID card.”

Ukraine’s IT Army

March 01, 2022

Ukraine’s IT Army

Industry: Email, Government, Technology | Level: Strategic | Source: BleepingComputer

As reported by BleepingComputer, following a call to action by Ukraine’s Minister for Digital Transformation, Mykhaylo Fedorov, a Ukrainian “IT Army” was assembled to “fight on the cyber front.” The group’s operations are communicated through a Telegram Channel and with an initial task targeting 31 Russian targets from a variety of industries and technologies, “This list includes 31 targets, including Russian government agencies, government IP addresses, government storage devices and mail servers, three banks, large corporations supporting critical infrastructure, and even the popular Russian search engine and email portal, Yandex.”

Banking outage in Canada

February 22, 2022

Banking outage in Canada

Industry: Financial | Level: Strategic | Source: BleepingComputer

Reported by BleepingComputer on February 16th, 2022, an apparent outage for “Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce (CIBC)” inhibited customers from accessing or using services in their online and mobile banking portals. The issues for the banks ranged throughout the day peaking between the hours of 17:00 – 18:00 EST. A customer Bank of Montreal cited issues with the “Global Money Transfer service” and desired transactions getting auto-rejected. The Royal Bank of Canada suffered sporadic issues with systems allegedly restored and verified on Twitter only for customers to report issues shortly after.

Meyer Corporation Ransomware Attack

February 22, 2022

Meyer Corporation Ransomware Attack

Industry: Manufacturing | Level: Strategic | Sources: BleepingComputer & NotificationLetter

On October 25th, 2021, Meyer Corporation, a cookware distributor, suffered a ransomware attack, reported by BleepingComputer. Review of the incident was completed on December 1st, 2021, identifying the compromise of employee data.  Meyer Corporation subsidiaries “Hestan Commercial Corporation, Hestan Smart Cooking, Hestan Vineyards, and Blue Mountain Enterprises, LLC” employee data was also compromised.  Information from the breach included names, addresses, date of birth, social security numbers, passports, government ID numbers and more. Meyer Corporation’s data breach notification doesn’t contain specific details regarding the attack however, BleepingComputer identified from Conti’s extortion site a entry on November 7th, 2021 that coincides with the attack timeline. The site contained 2% of alleged Meyer’s data that was stolen however since the posting, there is no additional follow-up with potential outcomes being “either an indication of their willingness to negotiate indefinitely or due to losing interest.”

Blackbyte Ransomware Hits NFL 49ers

February 15, 2022

Blackbyte Ransomware Hits NFL 49ers

Industry: Entertainment | Level: Strategic | Sources: BleepingComputer & TheRecord

A spokesperson for NFL team, the San Francisco 49ers, disclosed a ransomware attack from operators of BlackByte ransomware to news outlets, The Record and BleepingComputer. Information is currently limited with the team working to recover impacted systems. A statement from the 49ers mentions, “While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.” The 49ers are engaging with law enforcement and third-party cybersecurity firms to assist with the investigation.

Puma Data Breach

February 15, 2022

Puma Data Breach

Industry: Manufacturing | Level: Strategic | Source: BleepingComputer

As the result of a ransomware attack on Kronos, a workforce management solutions provider in December 2021. Puma SE, a sportswear and apparel manufacturer disclosed a data breach. The compromised data included employee information and their associated dependent’s information, along with social security numbers, the data was stored on Kronos Private Cloud (KPC) cloud environment. Puma was notified of the incident on January 10th, 2022, due to Kronos conducting reviews of impacted environments.

News Corp Cyberattack

February 08, 2022

News Corp Cyberattack

Industry: Media | Level: Strategic | Source: BleepingComputer

Reported by BleepingComputer, American mass media corporation, News Corp, discloses a cyberattack, identified in January 2022. News Corp SEC filing detailed the attackers are aligned to a “foreign government,” but has not shared the full extent of the impact, however did confirm that data exfiltration had occurred. The attack, “reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists.” The News Corp media corporation is associated with properties including “Fox News, The Wall Street Journal, New York Post, and News UK.”

Conti Ransomware Hits KP Snacks

February 08, 2022

Conti Ransomware Hits KP Snacks

Industry: Food | Level: Strategic | Source: BleepingComputer

On January 28th, 2022, British snacks producer, KP Snacks, was compromised by the Conti ransomware gang. Data compromised from the attack includes various sensitive documents, employee records and financial documents with Conti leaking data stolen from the company. A shortage of KP Snacks would be expected due to the disruption to its supply chain, causing deliveries to be delayed or canceled. The company has notified markets that the shortages may last until the end of March.

Swissport International Ransomware Attack

February 08, 2022

Swissport International Ransomware Attack

Industry: Aviation | Level: Strategic | Source: BleepingComputer

Swissport International, an Aviation services company, disclosed a ransomware attack from the company’s official Twitter, on February 4th, 2022. The main impact of the attack on the company’s IT infrastructure, has caused delays to flights as the company provides services for “cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. It handles 282 million passengers and 4.8 million tons of cargo every year, making it a vital link in the global aviation travel industry chain.” Throughout the day of February 4th the company’s website was inoperable returning visitors with 403 error codes. Despite issues with the IT infrastructure, ground services are available with some potential delays. Details have not been shared regarding the ransomware gang responsible for the incident and what data was compromised during the attack.

Global Affairs Canada Cyberattack

February 01, 2022

Global Affairs Canada Cyberattack

Industry: Government | Level: Strategic | Source: BleepingComputer

Global Affairs Canada (GAC) detected a cyberattack on January 19th, 2022, resulting in network disruptions. The attack was successfully mitigated with critical services continuing to be available however some online services are not, as recovery efforts are still in progress. The GAC manages foreign and consular relations for the Canadian government and the current review of the incident did not identify impact to other government departments.