Hello and welcome to another cybersecurity news round up here on the GlobalSign blog.
First up, it was just revealed yesterday that the massive gaming company EA has been attacked, during which game source code and related internal tools were stolen. Announced in a forum, the hackers said they managed to get away with the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield.
According to Nintendo Enthusiast, the hackers claim to have taken 780 GB of data in total, which also includes “proprietary EA frameworks and software development kits (SDKs).”
There’s been lots of news around JBS, the enormous global distributor of meats that was hacked in late May. Earlier this week the company confirmed they paid maybe the largest ransom ever involving a cyber attack. The company said it paid the huge sum of $11 million – negotiated down from the original demand of $22,500 million – to prevent their stolen data from being publicly leaked, as well as mitigate possible technical issues.
After a series of offers and counter-offers, JBS and REvil agreed to a ransom of $11 million, and payment in bitcoins was sent that same day, June 1st. The cyber thieves provided their decryptor (to pay the fee) once they received the payment.
On Tuesday the CEO of Colonial Pipeline revealed that prior to the recent hack, the company hadn’t created a specific plan for managing a ransomware attack. The admission came during Joseph Blount’s testimony before the Senate Homeland Security and Governmental Affairs Committee.
While the company had some basic cybersecurity plans in place, it had had “no discussion about ransom” before the attack.
Blount’s statements drew the ire of some of the senators at the hearing, including New Hampshire Senator Maggie Hassan.
“It is a stunning admission that Colonial Pipeline did not have a plan in place if hackers requested a ransom payment… I’ve talked with small school districts in my state of New Hampshire that are better prepared for cyberattacks than Colonial Pipeline was.”
A hospital in Massachusetts also recently decided to pay ransom.
Attleboro, Massachusetts-based Sturdy Memorial Hospital says that on Feb. 9, it identified a security incident that disrupted the operations of “some” of its IT systems.
The hospital paid the ransom after obtaining assurances that data acquired by hackers would not be distributed and ultimately would be destroyed. Their systems were secured once the payment was made.
Finally, in non-ransomware news (who knew that was a thing anymore?) the French antitrust regulator has fined Google €220 million ($268 million) for what it calls an abuse of the company’s dominant position in the online advertising market. Google has not disputed the fine.
That’s all the top cybersecurity news for the week. Wishing you a great cyber-safe weekend!
Top Global Cybersecurity News
Vice (June 10, 2021) Hackers Steal Wealth of Data from Game Giant EA
“Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools, Motherboard has learned.
‘You have full capability of exploiting on all EA services,’ the hackers claimed in various posts on underground hacking forums viewed by Motherboard. A source with access to the forums, some of which are locked from public view, provided Motherboard with screenshots of the messages.
In those forum posts the hackers said they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield.”
Bleeping Computer (June 10, 2021) JBS paid $11 million to REvil ransomware, $22.5M first demanded
“JBS, the world’s largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million.
On May 31, JBS was forced to shut down some of its food production sites after the REvil ransomware operators breached their network and encrypted some of its North American and Australian IT systems.
JBS said they paid $11 million to prevent their stolen data from being publicly leaked and mitigate possible technical issues in a statement released last night.”
NBC News (June 8, 2021) Colonial CEO: We had no ransomware plan in place
“Colonial Pipeline had no specific plan for what to do in the event of a ransomware attack, its CEO said Tuesday.
Testifying before the Senate Homeland Security and Governmental Affairs Committee, CEO Joseph Blount admitted that while his company had some basic cybersecurity plans in place, it had had “no discussion about ransom” before the attack.
His comments come as U.S. institutions and companies are scrambling to guard against a rash of ransomware attacks that have hit everything from schools and hospitals to cities and major industrial players such as Colonial and meat supplier JBS.”
InfoSecurity (June 8, 2021) French Antitrust Regulator Slaps $268 Million Fine on Google
“The French antitrust regulator has fined Google €220 million ($268 million) for abusing its dominant position in the online advertising market.
The fine, which Google has not disputed, was levied because the tech giant favored its own Google Ad Manager technologies.
This put competitors — such as publishers News Corp, Le Figaro group and the Rossel La Voix group, who brought the initial complaint — at a disadvantage, according to the Autorité de la concurrence.
The proprietary technologies in question were the DFP ad server — which allows site and app publishers to sell their advertising space — and the SSP AdX sales platform — which enables publishers to sell impressions to advertisers.”
Wall Street Journal Pro (June 8, 2021) Why the Hybrid Workplace Is a Cybersecurity Nightmare
“It’s a hacker’s dream: a constantly changing mix of office and remote workers, devices that move in and out of the company networks, and security staffs stretched thin.
Security staff must be vigilant for threats that may be waiting in employee devices, such as malware that can stay asleep for some time before it awakes and allows for further infection.
For many bosses and employees, there is a measure of relief in returning to the office—especially for those who have the flexibility of continuing to work from home part of the time. But for those teams working to protect their offices from hackers, the new hybrid workplaces aren’t nearly as welcome.
In a typical hybrid workplace, some employees will be in the office, some will be working from home—or spaces like coffee shops and client headquarters—and some will be cycling back and forth. Devices, too, are moving in and out of the company network, with employees bringing their laptops onto company networks and then taking them back home—where they’re much more exposed to hackers and can easily get infected with malware.”
READ MORE (requires subscription)
Data Breach Today (June 7, 2021) Hospital Pays Ransom in Exchange for Promised Data Destruction
“The recent decision by a Massachusetts-based hospital to pay a ransom in exchange for promises by the attackers to destroy stolen data spotlights the difficult choices and pressure many healthcare entities are facing in the wake of cyberattacks.
In a May 28 data breach notice posted on its website, Attleboro, Massachusetts-based Sturdy Memorial Hospital says that on Feb. 9, it identified a security incident that disrupted the operations of ‘some’ of its IT systems.
‘Our systems were secured later that same day,’ the hospital notes.
But it adds, ‘In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed.’”
Other Industry News
High Street Banks Exposing Customers to Phishing Attacks – Infosecurity Magazine
Cryptos troubling rise and role in growing ransomware attacks – PYMNTS
US brokerage firms warned of ongoing phishing with penalty threats – Bleeping Computer
This new ransomware group claims to have breached over 30 organisations so-far -ZDNet
FBI warns of BEC scammers impersonating-construction-companies – Bleeping Computer
Public Sector, Another Vulnerable Target to Attackers – Hashed Out by The SSL Store™
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.