Ransomware Front: Analysis Of Recent Attacks And Effective Defense Strategies
DDoS attack on Cloudflare claimed by Anonymous Sudan
Cloudflare's website was recently hit by a distributed denial of service (DDoS) attack claimed by the group known as Anonymous Sudan.
Cloudflare confirmed that the outage only affected the "www.cloudflare.com" site, did not affect other products or services, and that no customers were affected by the incident.
The Cloudflare website is hosted on a separate infrastructure, so it cannot affect Cloudflare services.
Anonymous Sudan, also known as Storm-1359, claimed responsibility for the attack on its Telegram channel.
Over time, the group has also claimed responsibility for a DDoS attack on OpenAI's ChatGPT bot and other attacks on Microsoft services such as Outlook.com, OneDrive, and Azure Portal.
Although the group claims to be targeting countries and organizations that interfere in Sudanese politics, some analysts believe this may be a false flag and link the group to Russia.
In the update released by Cloudflare, we read that the vulnerability has been fixed and the company has managed to remove the ransomware.
Commercial and Industrial Bank of China hit by ransomware
Commercial and Industrial Bank of China (ICBC) has confirmed that its services were disrupted due to a ransomware attack that affected its systems on Wednesday, November 8, 2023.
The attack caused problems in the clearing market operations of U.S. Treasury securities.
ICBC immediately isolated the affected systems to contain the incident, and is conducting a thorough investigation with the support of a professional team of cybersecurity experts.
The incident did not affect the systems of ICBC's New York branch, head office and other affiliated institutions in China and abroad.
Nevertheless, ICBC's shares fell 0.5% in Hong Kong, according to the Financial Times.
Due to the ransomware, the bank was unable to settle U.S. Treasury securities market transactions for other market participants.
American Airlines pilots union hit by ransomware attack
The Allied Pilots Association (APA), which represents 15,000 American Airlines pilots and is the largest independent pilot union in the world, suffered a ransomware attack on October 30.
As a result of the incident, its data and some of its systems were encrypted.
Following the incident, the Association took immediate steps to protect its network and is working to restore encrypted files and affected systems.
The investigation into the attack is ongoing, and it is not yet clear whether any pilots' personal information was compromised.
This attack follows other security incidents involving American Airlines pilots, including a data breach in June due to a hack by a third-party vendor and another breach in September 2022 that affected more than 1,708 customers and employees following a phishing attack.
This incident joins others that have affected airlines such as TAP Air Portugal and AirAsia.
Another data breach occurred in March 2021, when the passenger service system used by several airlines was compromised.
In breach notifications sent to affected individuals, American Airlines said attackers accessed sensitive information belonging to 5,745 pilots and prospective pilots.
领英推荐
The company has also provided a number of contacts and updates on its website to keep up with the situation.
Healthcare giant Henry Schein hit by BlackCat ransomware
The BlackCat (ALPHV) ransomware group said it breached the network of Henry Schein, a major healthcare solutions provider, and stole approximately 35TB of sensitive data, including payroll and shareholder information.
Henry Schein, a Fortune 500 company, declared it had to take some systems offline following the cyberattack, which affected its manufacturing and distribution operations.
While some business operations were disrupted, Henry Schein One's practice management software was unaffected, and the company took a number of steps for ransomware protection.
The BlackCat group then published some of the stolen data on its dark web leak site, saying it had re-encrypted the company's devices due to the failed negotiations.
Henry Schein's listing on the BlackCat leak site has since been removed, suggesting that the company may have resumed trading or paid the ransom.
Boeing confirms cyberattack under LockBit ransomware claims
Boeing, a major aerospace manufacturer, is investigating a cybercrime that affected its parts and distribution business.
The ransomware group LockBit has claimed responsibility, saying it breached Boeing's network and stole a large amount of sensitive data.
Boeing confirmed that the incident did not affect flight safety and is cooperating with law enforcement and regulators.
The fact remains, however, that the company's service site continues to display an inactivity message due to technical issues.
Toronto Public Library hit by Black Enough ransomware attack
The Toronto Public Library (TPL), Canada's largest public library system, suffered a Black Basta ransomware attack that caused technical disruptions to its websites and online services.
The attack occurred on the night of October 27 and affected various services the following morning, according to a statement released by the organization.
Fortunately, the main servers containing sensitive data were not encrypted, as is the case with many companies hit by ransomware.
However, it is not yet known if the data was stolen: Black Basta, the ransomware group responsible for the attack, is known for its double extortion attacks.
In summary
Recently recorded ransomware attacks highlight the growing sophistication and aggressiveness of groups like BlackCat (ALPHV) and Rorschach.
Breaches at critical organizations such as Boeing, the Toronto Public Library, and Henry Schein demonstrate the magnitude of these threats.
Cloudflare's timely response and the willingness of companies like American Airlines and the Commercial and Industrial Bank of China to mitigate incidents underscore the importance of proactive preparation.
Black Basta's insidious dual extortion of the Toronto Public Library raises concerns about escalating ransomware extortion tactics.
In this context, collaboration between the public and private sectors is emerging as a critical element in addressing and mitigating these ever-evolving threats.