Recently, officials for the international healthcare provider, Henry Shein, confirmed that their systems had been compromised in a ransomware attack, which has since been claimed by the BlackCat/ALPHV ransomware group. The incident forced the company to halt production and distribution operations, along with taking several of their core systems offline, to prevent the attack from affecting other parts of their network. The threat actors behind BlackCat/ALPHV have added Henry Shein to their dark web leak site, claiming to have stolen 35TB of sensitive data during the breach, and were able to re-encrypt the victim’s systems when ransom negotiations broke down.
Scottish island community hit with cyberattack
Earlier this week, the Scotland’s Western Isles community of Comhairle nan Eilean Siar discovered a disruption in their IT systems, causing outages for several government services. While it is unclear if this security incident was the result of a ransomware attack, no threat group has claimed responsibility or posted any stolen data. Fortunately, officials confirmed that some of the affected services have been restored and the rest are slowly returning to normal operations.
Ransomware groups exploiting recent Atlassian vulnerability
Following last week’s discovery of a critical vulnerability in all versions of Atlassian’s Confluence Data Center and Server, security researchers have identified numerous customer environments that have been compromised by ransomware who have exploited the vulnerability. Upon entry to the vulnerable system, threat actors have been able to download malicious payloads through command-line execution and have even deployed Cerber ransomware to an affected Confluence server. While Atlassian has pushed out patches for this vulnerability, they have also reassessed the vulnerability and increased the CVSS score from the original 9.1 to a full 10.0, due to the wide range of attacks.
Cyberattack takes 25% of Ace Hardware’s IT devices offline
Over the weekend, staff of the international hardware chain, Ace Hardware discovered a cyberattack that had affected over 1,200 internal IT devices, which make up 25% of the entire company’s networked devices and servers. This cyberattack impacted the ordering services for both retail stores and online customers, though in-store purchases, and POS (Point of Sale) systems have remained operational. It is unclear as to when staff will be able to restore all systems to normal function, or if any data was stolen during the incident, though some threat actors have already begun sending phishing emails to Ace retailers.
665,000 customers compromised in Marina Bay Sands data breach
Towards the end of October, officials for Marina Bay Sands resort in Singapore discovered some unauthorized access to their customer loyalty program, which may have compromised the sensitive data for over 665,000 guests. While the resort staff has already begun contacting affected customers and investigating the initial entry vector, they haven’t confirmed if ransomware was to blame or any other information on the attack itself.
