Over the weekend, officials for the City of Wichita, Kansas confirmed that they were forced to take several critical services offline because of an encrypting cyberattack. It was later revealed that the LockBit ransomware group had claimed responsibility for the attack and had added the City of Wichita to their leak site, with a ransom deadline of May 15th. Wichita was added to the leak site only days after the initial attack, which is unusual for ransomware, as they typically give the victim more time to negotiate, though this may be due to the LockBit admin, LockBitSupp, being identified by global law enforcement. Read more about this here:
El Salvador falls victim to significant biometric data breach
Researchers have recently discovered a massive data trove on a hacker forum that contains 144GB of biometric data for over 80% of the citizens of El Salvador. Amongst the data are full identification documents and numbers, contact information, and copies of the headshot pictures used for identification cards. If the stolen data is confirmed as legitimate, this would be the first data breach in history to compromise almost the entire population of a country.
BlackBasta ransomware confirms attack on Synlab Italia
In the weeks since a cyberattack forced staff at Synlab Italia to take several of their systems offline, the threat actors behind the ransomware-as-a-service, BlackBasta have confirmed that they were responsible and have leaked a small portion of the stolen data as proof. It is believed that BlackBasta was able to exfiltrate 1.5TB of customer and employee data, including sensitive medical records.
Android malware targets Finnish bank accounts
Officials for Finland's Transport and Communications Agency (Traficom) have recently sent out a notification to Finnish citizens that warns of malicious messages being sent from seemingly legitimate banking institutions, though they are tied to a new Android malware campaign. The messages are being distributed in Finnish and request the recipient to call a number which leads them into installing a fake McAfee security app, that then allows the threat actor to access any mobile banking apps on the victim’s device.
Brandywine Realty suffers ransomware attack
At the beginning of the month, staff at the Philadelphia-based realty trust, Brandywine Realty, were notified of some unauthorized activity on their network and promptly activated their security protocols. At least part of their network was encrypted during the incident and while the investigation is still ongoing, it is believed that some data was exfiltrated during the incident.
