Cross begs hackers to leak data

It also isolated a portion of its technical environment to try to contain the intrusion, the company said.

RRD didn’t name the perpetrator of the attack in the filing. However, a published report in BleepingComputing claims it was Conti, citing an online post the cybercriminal group made claiming responsibility and leaking 2.5GB of data allegedly stolen from the company on Jan. 25.

At first RRD said it was not aware of any data being stolen in the filing; however, the company revised this position and confirmed Wednesday in a separate SEC filing that data had been stolen in the attack, according to the BleepingComputer report.

RRD is working with a third-party cybersecurity expert and law-enforcement in a continued investigation into the incident, according to the December SEC filing.

Cross flutters above the humanitarian organization’s headquarters in Geneva on Sept. 29, 2021. The ICRC is pleading with hackers to keep stolen data confidential.Fabrice Coffrini/AFP via Getty Images

The International Committee of the Red Cross has revealed that hackers have stolen data on over 515,000 “highly vulnerable people,” recipients of aid and services from at least 60 affiliates of the charitable organization worldwide.

During the investigation into the extent of the attack, which targeted a contractor in Switzerland that was storing the data, the Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies.

The biggest concern is that the hackers will ransom, leak or sell sensitive information on the families and their locations to bad actors who might seek to cause further harm to victims.

Fortune 500 integrated services firm R.R.Donnelley & Sons (RRD) is the latest victim of the hacking collective known as the Conti Group. According to regulatory disclosures RRD was the victim of a network breach that resulted in stolen data in December.

RRD, a global firm with 33,000 employees, disclosed incident details in its U.S. Securities and Exchange Commission (SEC) 8-K form – filed Dec.
27. The company said it “had recently identified a systems intrusion in its technical environment,” according to the filing.

“The Company promptly implemented a series of containment measures to address this situation, including activating its incident response protocols, shutting down its servers and systems and commencing a forensic investigation,” the company disclosed.

While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” said Robert Mardini, director-general for the International Committee of the Red Cross.

Singapore monetary authority threatens action on bank over widespread phishing scam Date: 2022-01-18 Author: The Register

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia’s second largest bank, Oversea-Chinese Banking Corporation, which was criticised for its incident response to a widespread phishing scheme across the island nation. “Monetary Authority Singapore takes a serious view of the recent phishing scams involving OCBC Bank. They have significantly impacted several customers. OCBC has acknowledged that its incident response and customer service should have been better.

We are all appalled and perplexed that this humanitarian information would be targeted and compromised. This cyberattack puts vulnerable people, those already in need of humanitarian services, at further risk.”

Red Cross spokesperson Elizabeth Shaw told CNN that the top priority is to work with ICRC delegations, and Red Cross and Red Crescent societies on the ground, “to find ways to inform individuals and families whose data may have been compromised, what measures are being taken to protect their data and the risks they may possibly face.”

She also ruled out the possibility of ransomware having been involved in the incident and said that “highly specialized” cybersecurity firms are helping the ICRC to respond to the attack.

‘Straight for the Jugular’

Would that this attack were an anomaly.

Friday’s Q&A.

The compromised data, which originated from at least 60 Red Cross and Red Crescent National Societies around the world, included personal data and confidential information for those who’ve used the Restoring Family Links site.

The attack compromised personal data such as names, locations, and contact information of the more than 515,000 affected people from across the world: over half a million people including missing persons and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration.

As well, login information for about 2,000 Red Cross and Red Crescent staff and volunteers who work on the family restoration programs was also compromised.

Conti also was the professional ransomware group to fully weaponize the dangerous Log4Shell vulnerability discovered late last year, building up an entire holistic attack chain to fully take advantage of the flaw.

The Evolution of Ransomware

Indeed, the RRD attack and Conti’s sharpening of its knives shows an evolution in the direction ransomware actors likely are to continue to take in 2022 after ransomware volumes hit record highs last year.

The chance of victims recovering data from back-ups are becoming slimmer, meaning companies have to be even more prepared for attacks before they happen, observed one security professional.

“Ransomware isn’t just about encrypting your data any longer,” Tim Erlin vice president of strategy at cybersecurity firm Tripwire, said in an email to Threatpost.

MAS has been following up with the bank on these and broader issues relating to the incident,” said MAS deputy managing director Ms Ho Hern Shin in a statement to The Register.

Bunnings customers’ personal data compromised following cyber attack Date: 2022-01-17 Author: Cyber Security Connect

Bunnings Warehouse customers who shopped using the contactless pick-up service may have had some of their personal information stolen. The company has emailed customers to say they have recently been made aware of a data security breach experienced by its third-party booking provider FlexBooker. In December of 2021, the third-party software firm suffered a cyber security breach that led to the information of 3.7 million customers being exposed, and last week Bunnings was forced to warn its customers of the incident.

Humanitarian organization the International Red Cross disclosed this week that it has fallen foul of a cyberattack that saw the data of over 515,000 “highly vulnerable people” exposed to an unknown entity.

The target of the attack was the organisation’s Restoring Family Links operation, which strives to find missing persons and reunite those separated from their families due to armed conflict, migration, disaster, detention and other catastrophic events. The service is free, but is currently offline.

Among the stolen data were names, locations, and contact information. The org said the data originated from at least 60 Red Cross and Red Crescent National Societies around the world.

The threat actor is currently unidentified.

However, it is understood that they executed the attack on a Switzerland-based contractor that stores the nonprofit’s data.

It’s now about exfiltrating your data and holding it hostage. The strategy of taking a copy of data to ransom means that simply having backups from which you can restore isn’t really a sufficient ransomware strategy.”

As it often takes time for organizations to put together what really happened in a ransomware attack—with the true impact being realized only later–they need to take a different approach than merely a response and remediation position, he said.

“A rigorous change detection and configuration management program can not only help prevent breaches, they can also help organizations figure out what happened faster,” Erlin said.

Password Reset: On-Demand Event: Fortify 2022 with a password-security strategy built for today’s threats.

Do not share, sell, leak or otherwise use this data.”

The attack forced the ICRC, along with the wider Red Cross and Red Crescent network, to shut down the systems underpinning the Restoring Family Links site. That action also crippled the humanitarian network’s ability to reunite separated family members, the release said.

As of Thursday morning, the site was still down.

As Ars Technica has reported, the Internet Archive last updated the Restoring Family Links site on Dec. 27, suggesting that the breach may have happened around then.

012122 04:46 UPDATE: As of Friday afternoon, the site was still down, and the ICRC had posted a Q&A about the incident.

Leave a Reply

Your email address will not be published.