Other Archives - ICSSTRIVE

Rapattoni Cyber Attack has Significant Financial Impact on Real Estate Sector

August 8, 2023

August 8 Rapattoni cyberattack on NorCal MLS provider drags on for > 14th days. Rapattoni says “certain essential components” missing to restore service. This is said to be the longest-running cyberattack on an MLS.

Real estate agents are unable to track property online as the information on listing websites was not updated, and buyers could not discover new houses. Subsequently, fewer buyers showed up for open houses, reducing competition for available houses and affecting their prices. Some realtors resorted to manual systems and old-school real estate marketing tactics like cold-calling buyers or passing flyers, while others started sharing property information on social media.

Rapattoni did not confirm if a ransom was paid.

Independent Businesses Suffer Big Hit as Result of Cyberattack on Swan Retail IT Firm

August 13, 2023

Up to 300 independent retailers have been left unable to process stock after being hit by a cyber attack at fullfilment software supplier Swan Retail. The attack took place on Sunday (13 August).

Independents told Drapers that their businesses have taken a big hit since the attack as they struggled to replenish stock in-store or fulfill online orders. Some have also had to delay bringing in new autumn/winter collections as a result.

MOVEit Transfer data breach at Zellis affect

June 5, 2023

UK payroll and HR solutions provider Zellis suffered a data breach due to MOVEit attacks. “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product,” Zellis told BleepingComputer in a statement on June 7. “We confirm that a small number of our customers have been impacted and we are actively working to support them. Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland.”

Additional information, 23AUG23:
On June 6th, 2023, the notorious Russian-affiliated ransomware group, Clop, claimed responsibility for an attack that targeted Progress Software’s MOVEit transfer tool. This corporate file-sharing solution has an extensive customer base in the United States. Organizations use MOVEit for secure file transfers; it’s essentially a more jazzed-up, professional version of popular file-sharing tools like Dropbox. In May 2023, cybercriminals at Clop uncovered a previously unknown vulnerability in MOVEit, which they began exploiting. Up to 130 organizations suffered from downstream impacts when the vulnerability in MOVEit enabled Clop hackers to gain access to their IT environment and steal sensitive data.

14 Ontario Gateway Casinos Close for Two Weeks after Ransomware Attack

April 16, 2023

Canada’s Gateway Casinos & Entertainment Ltd. confirmed on Friday ,22 April that all 14 of the company’s casinos in the province of Ontario were shut down after being hit with a ransomware attack on 16 April.

On Saturday April 29, Gateway Casinos confirmed it was starting to re-open its Ontario operations. 15 other casinos in different provinces were not affected and remained open.

Hackers take control of a water treatment system at a hotel in Israel

September 10, 2022

NEED TO REVIEW AND SEARCH FOR ONE MORE SOURCE

GhostSec’s claimed breach of 55 Berghof PLCs in Israel. This weekend, on September 10, 2022, the hacktivist group published another announcement alleging that it successfully breached another controller in Israel.The affected controller is an Aegis II controller manufactured by ProMinent.

According to images that the GhostSec published, the group appeared to have taken control of a water system’s pH and chlorine levels. In the published message, the hacktivists said they “understand the damages that can be done …” and that the “Ph pumps” are an exception for their anti-Israeli cyber campaigns.

Serious IT Breach at Wisag, German Aviation Services

January 27, 2022

Wisag, a German aviation services provider suffered a serious IT breach on Jan. 27. Operational business continued, but the processes were severely disrupted for about a week. Wages for 55,000 employees were paid late. Wisag board member Michael Wisser publicly insisted at the time that he would not allow himself to be blackmailed by criminals.

It’s not clear if it’s linked to the Mabanaft breach.

Wisag Group Hacked Again a Year Later

February 9, 2023

Almost exactly a year after the first attack, the service group Wisag fell victim to hackers again. On Tuesday morning, the IT department found “irregularities” on the servers, said a spokeswoman for the Frankfurt-based company. As a result, all systems and applications were immediately taken off the network.

“At the current time, it is not apparent that customer or internal data has leaked,” it continues. “We are optimistic that we can safely put all systems back into operation as soon as possible.”

Attack Disables Irrigation Systems and Disrupts Water Treatment Processes

April 25, 2023

Water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation. Several water monitors – which monitor irrigation systems and wastewater treatment systems – were left dysfunctional on Sunday after a cyber attack targeted the monitoring systems. Specifically, water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.

The management for both major systems was pushing all of Sunday morning to work through the issue and bring the systems back into full operation. Farmers in the region were warned several days prior about suspicions over a planned cyber attack. Some of them, as a result of the warning, disconnected the remote control option for their irrigation systems and switched them to manual operation, instead, to prevent any harm from the attack. Indeed, those who left their systems on remote control were the ones impacted by the attack.

The attack is thought to be part of an annual “hacktivist” campaign that takes place every April, and this year’s attempt at least managed to cause a nuisance for some farms in the Jordan Valley. The cyber attack is part of an annual campaign called “OpIsrael,” which strikes in April with DDoS attacks and breach attempts on targets in the country.

Each year of the cyber attack campaign seems to bring new targets of opportunity. This year the threat actors put a special focus on irrigation systems. The Galil Sewage Corporation was one of the targeted wastewater processors that was breached, and the company reports that the cyber attack blocked several controllers for about a day and disrupted some treatment processes.

Ransomware Attack at NCR

April 13, 2023

NCR is suffering an outage on its Aloha point of sale (PoS) platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.
NCR provides digital banking, PoS point of sale system, and payment processing solutions for restaurants, businesses, and retailers
On Friday, NCR released a statement saying: “On April 13, NCR determined that a single data center outage that is impacting some functionality for a subset of its commerce customers was caused by a cyber ransomware incident. Upon such determination, NCR immediately started contacting customers, enacted its cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process. The investigation into the incident includes NCR experts, external forensic cybersecurity experts and federal law enforcement.

Business Operations Continue Manually After Cyberattack at Textile Logistics Company

December 6, 2022

On December 6th there was a successful cyber attack on the systems of the well-known textile logistics company Meyer & Meyer. The company can still be reached, but various processes had to be converted to manual work. The extent of the damage caused by the cyber attack is currently being checked and the system has started to be restored. “We reacted quickly and decisively to the targeted attack,” says Björn Plantholt, who is responsible for corporate communications at Meyer & Meyer. The company was able to maintain part of the business operations after the cyber attack, despite the systems being shut down, by switching to manual processes.

« Older Entries