Insights | Integrity360

Weekly Cyber News Roundup – November 7th to 11th 2022

Written by Matthew Olney | 11 November 2022 09:30:00 Z

It’s been another busy week in the world of cyber security. The ongoing war in Ukraine has seen NATO warn of a growing cyber threat, and all eyes were on the US for signs of any attacks aimed at causing disruption to the mid-term elections.

NATO warns of real and growing threat from cyberspace 

With Russia’s war against Ukraine raging on, NATO’s Secretary General Jens Stoltenberg highlighted the danger posed to critical infrastructure, satellites and government departments at this week’s NATO 2022 Cyber Defence Pledge conference in Rome. 

“Cyber is a constantly contested space and the line between peace, crisis and conflict is blurred. That is why NATO has taken the threat to cyberspace from state and non-state actors so seriously for so long. And why we have taken determined steps to guard against cyber-attacks. It is key to our collective defence,” he said as he called on all NATO members and its allies to reaffirm their commitment to the Cyber Defence Pledge that was first made at the Warsaw Summit back in 2016.  

New ENISA report highlights the role geopolitics is playing in cyber attacks 

A new report released by the EU Agency for Cybersecurity (ENISA) this week showed how the conflict in Ukraine has seen an upsurge in the number of cyber-attacks being carried out by state- sponsored groups. Over the year, ENISA reported over 128 governmental organisations in nations that are supporting Ukraine were targeted by hackers. 

The report also identified the most common types of attacks being used by state sponsored attackers. Attacks on Operational Technology (OT) networks were shown to have increased sharply, with wiper attacks being used to destroy and disrupt government activities and harm critical infrastructure. Ransomware topped the list for the most common type of attack, with more than 10 terabytes of data being stolen monthly during the period the report was collated. In second place were DDoS attacks, with the largest recorded hitting a peak of 853.7Gbps and 659.6Mpps over a 14 hour period.  

Read the full report HERE 


Hacker demands $10 million to stop leaking medical records 

Following the large Medibank data breach last month that saw the medical details of 10 million Australians stolen hackers are now threatening to leak more sensitive data online.  

To show they were serious, the hackers, released on Wednesday, a list containing details of 100 patients including their treatments for cannabis dependence, alcohol abuse, anxiety, constipation, reflux and alcohol, tobacco and drug use.  

In a message posted to the dark web the hackers have demanded $10 million to stop leaking any more data.  

According to media reports, Medibank has refused to pay any ransom on advice from cyber security specialists, warning that it is unlikely the extortionist will return the data. 

The incident highlights the increasing trend of hackers of releasing data in order to extort their targets. The fallout from the breach is likely to continue for some time, with Australian Federal Police warning that anyone who accesses the stolen data will face criminal charges. 

Just Stop Oil activist group’s website knocked offline by DDoS attacks 

The increasingly unpopular and disruptive protest group, Just Stop Oil, has fallen victim to a cyber-attack that knocked its website offline.  

The irritating group that has caused major disruption across the UK - and most recently this week have decided that it was a good idea to block the M25 Motorway - has been seen public support plummet, and it seems they annoyed the wrong person or persons.  

According to reports the website was the victim of a DDoS attack, which seeks to disrupt a site by flooding it with web traffic in a bid to try and knock it offline. 

Integrity360 has proven experience working with major financial institutions and banks, helping to ensure their customers and employees always stay protected.  

Get in touch to find out how you can protect your organisation itself from financial services most challenging cyber-threats.