Cloud Provider

Industry

Cloud Provider Snowflake Suffers Snowballing Data Breach

April 14, 2024

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time. The earliest evidence of unauthorized access to Snowflake customer instances occurred on April 14, according to Mandiant’s June 10 threat intelligence report on the attacks.

Alleged affected customers are Ticketmaster (560 million records), Santander (30 million records), automotive giant Advance Auto Parts (380 million records/3TB),LendingTree and QuoteWizard (190 million records/2TB). Neither LendingTree nor Advance Auto Parts has filed breach notifications with the Securities and Exchange Commission at this time.

read more

Akira Group Attacks Finnish Tietoevry Causing Disruption Across Swedish Businesses

January 19, 2024

Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden. The attack encrypted the company’s virtualization and management servers used to host the websites or applications for a wide range of businesses in Sweden.

Companies impacted by the attack: Sweden’s largest cinema chain, Filmstaden, discount retail chain Rusta, raw building materials provider Moelven, farming supplier Grangnården, Tietoevry’s managed Payroll and HR system, Primula (used by the government, universities, and colleges in Sweden), numerous government agencies and municipalities.

read more

Ransomware Attack on Thousands of VMware ESXi Servers

February 3, 2023

A vast ransomware infection campaign hits VMware ESXi servers around the world on February 3. The scale suggests an automated operation.

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated threat actors in low-complexity attacks.

While the threat actors behind this attack claim to have stolen data, one victim reported in the BleepingComputer forums that it was not the case in their incident. Victims have also found ransom notes named “ransom.html” and “How to Restore Your Files.html” on locked systems. Others said that their notes are plaintext files.

read more

ALPHV/Blackcat Reportedly Demands ‘8 figure’ Ransom from Western Digital

March 26, 2023

On March 26 hackers breached Western Digital’s

Hackers breached data storage giant Western Digital internal network and stole company data. They claim to have stolen around 10 terabytes of data from the company, including reams of customer information. The extortionists are pushing the company to negotiate a ransom — of a “minimum 8 figures” — in exchange for not publishing the stolen data.

The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company’s systems even as the company responded to the breach Western Digital declined to comment regarding the leaked screenshots and claims by the threat actors.

read more

German Cloud Service Provider Hacked

May 20, 2023

The hosted exchange of the German provider United Hoster suffered a ransomware attack on Saturday (May 20th). “As part of an internal investigation, it was determined that an attacker exploited an unknown vulnerability in Microsoft Exchange to gain access to the Exchange Server,” a company spokesman told heise online

United Hoster is building a new Microsoft Exchange environment into which customers will eventually be migrated so that they can receive the full range of functions again. The company does not provide information about the number of affected customers or mailboxes, as this is a business secret. It is also unclear when United Hoster expects to restore services in the new structure. The company spokesman did not specify which Exchange security gap the attackers were able to abuse.

read more

Network Monitoring Company Users Affected by Hacking Campaign

August 24, 2023

Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks.
The company says that the hacking campaign has hit what it describes as a “small number” of users and is working with those affected to mitigate the attacks’ impact.

While LogicMonitor did not confirm that ransomware attacks hit its affected customers, anonymous sources familiar with the incidents told BleepingComputer that the threat actors hacked customer accounts and “were able to create local accounts and deploy ransomware.”

read more

Paralyzing Cyberattack Hits Danish Cloud Service Companies

August 18, 2023

CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider’s servers and “paralyzed CloudNordic completely,” according to the IT outfit’s online confession. The hackers shut down all of CloudNordic’s systems, wiping both company and customers’ websites and email systems, even the backups and production data were trashed. CloudNordic isn’t prepared, nor able, to pay a ransom, presumably to restore the information and systems. CloudNordic says its “best estimate” is that the infection happened as servers were being moved from one datacenter to another.

Customers with Azero are also affected. CloudNordic and Azero are owned by Denmark-registered Certiqa Holding, which also owns Netquest, a provider of threat intelligence for telcos and governments.

read more

ScanSource Mitigates Business Impact after Cyberattack

May 14, 2023

ScanSource, a leading hybrid distributor connecting devices to the cloud, today announced that it was subject to a ransomware attack impacting some of its systems. Upon discovering the incident the Company immediately launched an investigation and implemented its Incident Response Plan.

ScanSource is working diligently to bring affected systems back online, while also mitigating the impact on its business. ScanSource regrets any inconvenience or delays in business this may cause customers and suppliers in North America and Brazil and appreciates their patience.

read more

Ransomware Attack for Cloud Provider, Rackspace

December 2, 2022

Cloud computing provider Rackspace said Tuesday morning a ransomware attack is behind its ongoing Hosted Exchange outage that started early Friday morning.
“As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident,” the company said in an update to the initial incident report. “We have since determined this suspicious activity was the result of a ransomware incident.”
The investigation, led by a cyber defense firm and Rackspace’s own internal security team, is in its early stages and is still investigating if any data ended up purloined.

read more

Kansas City MSP NetStandard Forced to Disable MyAppsAnywhere Cloud Service.

July 26, 2022

NetStandard, a managed IT services company in Kansas City, suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services.
According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack’s spread. While the company says that only the MyAppsAnywhere services are affected, the attack appears to have had a broader impact, with the company’s main site shut down as well. BleepingComputer has reached out to NetStandard with questions about the attack but has not received a reply at this time.

MyAppsAnywhere cloud services consist of hosted Dynamics GP, Exchange, Sharepoint, and CRM services.

read more