CNI Threats on the Rise: Top Cybersecurity News from the Week of Nov 14th
This week has seen a wave of new cyberattacks on critical infrastructures around the world. Governments around the world are already experiencing monumental challenges from the ongoing energy crisis and inflation. Threat actors in the digital landscape are utilising this opportunity to target government sectors, while they are distracted.
Overall, 7 out of 10 CNI organisations in the UK have experienced increasing cyberattacks this year, especially since the inception of the Russia-Ukraine war. Here are some of the most notable security incidents from the week:
Attackers have taken a pacific island completely off-grid
The small island nation of Vanuatu has been crippled by an extended range of cyberattacks for nearly two weeks. The country’s government has been offline for 11 days now, after a critical attack on the country’s national servers.
The attack has disabled the websites of its parliament, national police and prime minister’s office. It has also taken down the email system and online databases of schools, hospitals and other emergency services as well as all government services and departments.
The shutdown has left the nation’s 315,000 population in complete disarray. They are scrambling to carry out basic tasks like paying taxes, invoicing bills and getting licences and travel visas. Essentially anyone with a ‘gov.vu’ email or domain has been affected.
Australian newspaper The Sydney Morning Herald reported that it was a ransomware attack, but the government has refused to pay the ransom. However, details of the amount demanded have not been disclosed yet.
Australian private medical insurer suffers major breach
According to Australian Police, Russian cyber-criminals have initiated a breach of the Medibank database, one of the largest private health insurers in the country. The attackers have compromised 9.7 million records, and are demanding a dollar for each record.
The attackers have applied a double-extortion technique, as some parts of the sensitive data have been leaked online, including abortion records. Australian Federal Police Commissioner Reece Kershaw told reporters that police believe the hackers are in Russia but did not provide any evidence.
“We believe we know which individuals are responsible but I will not be naming them,” he said.
The Commissioner said his team was holding talks with Russian law enforcement officials, and asked Moscow to help.
UK MPs warned about state-sponsored attacks
MPs have been warned they are being targeted by “hostile states”, with their mobile phones “a potential goldmine” of sensitive information. The House of Commons Speaker, Sir Lindsay Hoyle has sent urgent letters to the MPs, advising them to avoid using their phone for sensitive conversations or even having it in the same room.
“If hackers have switched on the microphone on one phone everyone in the room might be overheard,” he wrote.
The government is creating a task force to defend the UK from hostile state-sponsored actors.
Last month reports emerged that former prime minister Liz Truss’s phone was hacked while she was foreign secretary. The private messages between Ms Truss and foreign officials included sensitive discussions about the Ukraine war.
For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.