December security round-up

January 2, 2024 | Cybersecurity
Chloe Schofield

Written by
Chloe Schofield

In the final security round-up of 2023, it's no surprise that cyberattacks continue to disrupt major organisations worldwide. In the past few weeks, significant concerns have been raised about the UK's ability to withstand a major ransomware attack.

Let's start with the recent network disruption affecting Ukraine.

 

Ukraine hit by a significant cyberattack

In mid-December, Ukraine experienced a significant 48-hour cyberattack, described as potentially one of the most impactful disruptions to Ukrainian networks since Russia's full-scale invasion. The UK's Ministry of Defence disclosed that on December 12, 2023, Kyivstar, the largest mobile network operator in Ukraine, fell victim to the attack, leading to a continuous impact on mobile and data services for over 48 hours.

 

Kyivstar is a major network provider that serves more than half of Ukraine's population with mobile and home internet services. The attack left users without mobile signals and internet access. Fortunately, Kyivstar assures that no personal data was compromised during the cyberattack. Still, the repercussions did extend to the disruption of air raid sirens, select banks, ATMs, and point-of-sale terminals.

 

At the same time as the attack on Kyivstar, the Ukrainian bank Monobank faced a distributed denial of service (DDoS) attack, hampering access to its website.

 

Medusa ransomware gang targets Toyota

Toyota Financial Services (TFS) has confirmed the detection of unauthorised access on some of its systems in Europe and Africa following a Medusa ransomware attack. TFS is a global subsidiary of Toyota Motor Corporation. Operating in 90% of Toyota's markets, it provides auto financing worldwide. The Medusa ransomware gang claimed responsibility for the attack and listed TFS on the dark web, demanding an $8,000,000 payment to delete the allegedly stolen data.

 

The threat actors imposed a 10-day deadline on the company, with an extendable rate of $10,000 per day. To validate their claims, the hackers supposedly published a sample of data which included financial documents, spreadsheets, hashed passwords, user IDs, agreements, passport scans, internal organisation charts, financial reports, staff emails, and more.

 

Toyota Financial Services Europe & Africa have acknowledged the unauthorised activity, taken systems offline for investigation, and collaborated with law enforcement. The incident is confined to Toyota Financial Services Europe & Africa, and systems are being brought back online in the most affected countries.

 

Vans and North Face hit by cyberattack

VF Corp., the parent company of well-known clothing brands North Face, Vans, and Timberland, has recently suffered a cyberattack. The company reported unauthorised incidents on its IT systems that have caused disruptions and impacted its ability to meet Christmas orders.

 

It is said that company systems were encrypted, and data, including personal information, was stolen. Portions of VF Corp.'s IT systems are functioning, but operational disruptions continue, affecting order fulfilment. 

 

VF Corp. has notified relevant law enforcement and is working with cybersecurity experts to address and ease the impact.

 

Shoppers visiting the affected brands' websites are encountering warnings about logistical disruptions affecting delivery dates. The company, which also owns Supreme, Dickies, Jansport, and Eastpak, anticipates a "material impact" on its business until the issue is resolved.

 

Warning that the UK is not prepared

A recent report from the Joint Committee on the National Security Strategy (JCNSS) has warned that the UK is not equipped to manage a large-scale ransomware attack, which could bring the country to a halt at any moment.

 

The report highlights deficient and outdated regulatory frameworks in the UK, emphasising the vulnerability of critical national infrastructure due to their reliance on legacy IT systems.

 

Despite warnings from agencies like the National Cyber Security Centre (NCSC), the report highlights a lack of adequate investment in safeguards to prevent a major crisis, and the Home Office is accused of prioritising other issues.

 

The committee has recommended that the responsibility of combating ransomware attacks should move to the Cabinet Office with direct oversight from the Deputy Prime Minister.

The JCNSS Chair has expressed concern about the UK's vulnerability, calling for ransomware to become a higher political priority with increased resources allocated to address the national security threat.

 

A Home Office spokesperson has acknowledged the report and asserted the UK's readiness to counter cyber threats, stating a £2.6bn investment in cyber defences and implementing government-backed minimum standards through the NCSC's Cyber Essentials scheme.

 

Final thoughts

As we head into a new year, we will keep a close eye on the latest cyberattacks and threats making the headlines. If you want to discuss how we could support your cybersecurity needs, get in touch.

Recommended reading

Women in tech panel: Insights on the current cybersecurity landscape

At last month’s Brigantia Annual Partner Conference, I had the pleasure of hosting a panel with four ...

Hornetsecurity’s AI-powered email threat protection

Email remains the most common target for cybercriminals, with over 90% of attacks originating there. As cyber ...

Guarding intellectual property: How Next DLP can shield your business from data loss

In today's work climate, protecting Intellectual Property (IP) is more critical than ever. With the ongoing ...