Industrial and Commercial Bank of China suffers ransomware attack
Media reports are confirming that the Chinese state-owned bank, one of the world’s largest, is dealing with an attack that is primarily affecting its ability to clear trades. Sources told the Financial Times that LockBit is behind the attack. According to The Record, “cybersecurity expert Kevin Beaumont shared a Shodan search showing that ICBC had a Citrix Netscaler box that was unpatched for CVE-2023-4966 — a bug known by experts as “CitrixBleed” that affects NetScaler ADC and NetScaler Gateway appliances.” Beaumont added that more than 5,000 organizations have yet to patch that same vulnerability.
UK health data donated for medical research shared with insurance companies
Despite a pledge that this would not happen, an investigation conducted by The Observer showed that “UK Biobank opened up its vast biomedical database to insurance sector firms several times between 2020 and 2023.” This data was provided to help “create digital tools that help insurers predict a person’s risk of getting a chronic disease.” The Observer points out that in 2002 Biobank promised that data would not be shared with insurance companies, but last weekend, the pledge – made repeatedly over four years – no longer applied. It said, “the commitment had been made before recruitment formally began in 2007 and that when Biobank volunteers enrolled, they were given revised information,” and that the commitment referred to identifiable information like a person’s name.
Boeing data published by LockBit
Following up on the ongoing Boeing hack, LockBit has now allegedly published internal data from the aerospace manufacturer on its leak site. The files have not been independently verified. According to Reuters, “the company said it “remains confident” the event does not pose a threat to aircraft or flight safety but declined to comment on whether defense or other sensitive data had been obtained by LockBit.”
Malaysian police take down BulletProftLink phishing provider
Working with the Australian Federal Police and the FBI, the notorious phishing-as-a-service provider, arrested eight people, took down its domains and recovered cryptowallets, servers and luxury items. The police stated that having these servers in their possession will help them to identify users of the platform, some of whom were paying up to $2,000 per month for access to batches of credential logs. According to Intel 471, these services included login pages for Microsoft Office, DHL, American Express, Bank of America, Consumer Credit Union, and Royal Bank of Canada, among others.
Washington State Department of Transportation suffers cyberattack
The attack occurred last Tuesday bringing down the department’s website and app as well as cameras for traffic, ferries, and mountain pass reports. Most services were restored by Thursday. There has been no confirmation as to whether this was a ransomware attack.
Maine discloses data breach
Another MOVEIt related breach, this time the state of Maine, revealing a breach that affected 1.3 million people, and which took place in May of this year. Compromised data may include the “Social Security number (SSN), date of birth, driver’s license/state identification number, and taxpayer identification number… the attackers also gained access to medical information and health insurance information of some individuals.”
Moving company Dolly.com exposed after ransomware payment
On-demand moving and delivery platform Dolly.com found out the hard way that there is no honor among thieves. The team at Cybernews believes that the company paid the ransom demanded by a criminal organization, but “the attackers complained that the payment wasn’t generous enough and published the stolen data.” The group did not return the “not generous enough” amount but instead shared sensitive company information an underground Russian language forum. The Cybernews researchers also noted that the forum post “included entry points for MongoDB instances hosted on Amazon Web Services (AWS) cloud, along with their admin credentials to internal Dolly.com systems.” Dolly.com has not confirmed to Cybernews whether it had suffered a ransomware attack or if it has paid any ransom.