Europe’s Air Traffic Control (ATC) agency under DDoS attack. Eavesdropping police in the U.K. spared massive fine. Numbers emerge after NCR ransomware attack. Hackers hit gold in secondhand routers.
By Joe Fay
“Pro-Russian” Hackers Dive Bomb European Air Traffic Control Agency
Europe’s air traffic control agency, Eurocontrol, has been fighting off a cyberattack by pro-Russian hackers since April 19. The attack appears to have been a DDoS targeting the agency’s website. Pro-Russian group Killnet claimed to have launched a “100 hour” marathon against Eurocontrol. The agency declined to detail the nature of the attack but said its safety operations had not been affected. European and North American organizations have seen a spike in DDoS attacks since the outbreak of war in Ukraine. In March, ENISA detailed a rise in all forms of attacks on European transport systems, with aviation facing the broadest range of assaults.
ICO Spares Surrey Sussex Cops Fine Over Massive Phone Recording Breach
The U.K.’s Information Commissioner’s Office has reprimanded Surrey Police and Sussex Police, after the two regional police forces “unintentionally” allowed a phone recording app meant for hostage negotiators to be downloaded by over 1,000 staff members. As a result, more than 200,000 phone conversations “likely with victims, witnesses, and perpetrators of suspected crimes” were captured. The error was discovered in 2020, and forces referred themselves to authorities including the ICO and Investigatory Powers Commissioner’s Office. The ICO said that following its “revised public sector approach” it would not be imposing a £1m fine on both forces, but instead issued a formal reprimand and a set of recommendations for deploying apps.
NCR Ransomware Attack Eighty Sixes Restaurant POS Systems
Following on from last week’s news that ATM and payment giant NCR had suffered a ransomware attach, the company has confirmed that only one of its data centers has been hit by ransomware. The incident centered on a single data center for its Aloha cloud service, which provides POS, and front and back of house services for restaurants. Last Tuesday, the firm said it aimed to get services back up and running by the end of the week.
CISA Head to South East Asia For Cyber Workshops
U.S. cybersecurity agency the Cybersecurity and Infrastructure Security Agency (CISA) has highlighted its efforts to work with “international partners” to help protect “the critical infrastructure Americans rely on for their way of life”. The agency revealed last week it had conducted a series of “first-of-their-kind capacity-building engagements” in Thailand, the Philippines, and Indonesia, focused on sectors such as defense, banking, business, aviation and shipping. The sessions focused on issues such as threat actors, intelligence and the need to develop public sector cybersecurity. The report noted that Indonesia is the home to the ASeAN secretariat, while Thailand and the Philippines are long-term U.S. allies, along with being major outsourcing destinations for U.S. businesses.
Threat Actors Could Strike Gold with Recycled Routers
Researchers at ESET have found that defunct routers procured on the second hand market offer a potential goldmine for cybercriminals. In a newly released paper, to be highlighted at this week’s RSA conference, researchers said that when they bought some secondhand routers for a test environment, it was clear that previous configurations had not been wiped meaning they could identify previous owners, along with their network configurations. They then bought 18 more routers and found similar details and data on over half of them. Such data could be used by attackers to gain initial access to a target network, providing the launchpad for sophisticated advanced persistent threat attacks. Or it could be sold to other attackers. Worryingly, the researchers added, when they contacted the previous owners, many of the devices had supposedly been handed over to contractors for secure destruction or wiping.
LockBit for Mac? A Testing Subject for Now…
Notorious Russian ransomware group LockBit has developed malware targeted at ARM-based Apple Macs. The code’s existence emerged in mid-April, but apparently it has been in circulation since last Autumn. However, Malwarebytes reports, Mac experts say that while the code will indeed run on a Mac, Apple fans are safe for now, as it does not have a valid signature meaning the MacOS won’t execute it. Furthermore, the code itself is buggy and could be simply a test. However, while Macs are often thought to be relatively safe from cyberthreats, the code’s emergence could bode ill for the future