[Security Weekly] South African Trade and Logistics Halted Due to Ransomware Attack

  1. South African trade and logistics halted due to critical ransomware attack

South Africa is facing a nationwide delay in the transports of goods after its state-owned logistics firm Transnet suffered a critical ransomware attack on July 22. Transnet operates most of the country’s ports, railways, and pipelines.

Transnet sent a notice to its customers stating that major parts of the company’s IT network were impacted by the attack and experienced equipment damages, including the Transnet Port Terminals. Operations were completely halted at the container terminals of Durban, Cape Town, Ngqura, and Port Elizabeth. As a result, South Africa’s international trade faced significant disturbance as 60% of the nation’s container traffic passes through the Durban terminal.

Even though Transnet has not yet commented on the cause of the attack, according to South African IT media TechCentral, the attack was likely initiated by operators of Hello Kitty ransomware. It suggested that the attackers left a ransom note claiming to have encrypted 1 TB of personal and corporate data, followed by a negotiation offer.

This attack shows again that ransomware groups are increasingly targeting infrastructures that are critical to the economy. Only a couple of months earlier, a ransomware attack at Colonial Pipeline led to a shortage of oil on the US east coast. Infrastructure operators must upgrade their cybersecurity measures to prevent such damages.

Sources: TechCentral, CNBC

 

  1. UC San Diego Health suffers serious data breach following email compromise

The University of California San Diego Health, one of the best hospitals in the United States, announced a cyberattack incident that led to the compromise of personal, health, and financial information belonging to its employees, students, and patients.

The intrusion originated from a phishing email, after which the hackers gained access to a number of email accounts and eventually compromised some major parts of the IT network. The hackers remained in the systems from December 2, 2020 until being discovered on April 8, 2021.

The compromised data contained sensitive information such as names, addresses, government-issued ID numbers, Social Security Numbers (SSN), Medical Record Numbers (MRN), medical records, prescription and treatment information, payment card numbers and security codes, as well as student ID numbers and passwords.

UC San Diego Health immediately suspended all compromised email accounts, changed system login credentials, and cut off the entry points. It has promised to contact all victims by September 30 and offer one year of free credit monitoring service as compensation.

Sources: Threatpost, Bleeping Computer

 

  1. Personal data of residents from over 80 US municipalities exposed online

Researchers at cybersecurity firm WizCase published a report disclosing their discovery of 86 misconfigured Amazon S3 buckets that contained over 1.6 million files with a size of 1,000 GB belonging to US municipalities.

The misconfigured databases were accessible without any password. It was said that all of them used the same naming convention as MapsOnline, an information management software application that connects all cities in Massachusetts, New Hampshire, and Connecticut. The software was made by local firm PeopleGIS.

The exposed data contained tax information of residents, business licences, and government job applications. These include sensitive personal information such as names, home and email addresses, phone numbers, driver’s licence information, and real estate tax records.

It remains unclear whether the databases were set up by PeopleGIS or the municipalities. No party has yet responded to the incident.

Sources: WizCase, ZDNet, Security Magazine

Cofence
Cisco
mimecast
IBM
Logpoint
Qualys
cyberfish
ExtraHop
netskope
SentinelOne
Rapid7
zscaler
fortinet
thycotic
Crowdstrike
Securonix logo
ThreatX logo