Welcome to this new edition of Cyberhebdo, your weekly meeting to take stock of the cyberattacks that have marked world news.
Over the past week, we have identified seven major incidents reported in the international press, affecting various sectors and once again highlighting the continued vulnerability of digital infrastructure.
Countries affected by these attacks include the United Kingdom (GBR), Costa Rica (CRI), Germany (DEU), Pakistan (PAK) and the United States (USA). Notably, the United States stands out this week with two reported incidents, making it the country most represented in our review.
We remind you that our press review focuses on significant cyberattacks and does not cover DDoS attacks or website defacements.
21/11/2024 – Blue Yonder (USA)
Software company Blue Yonder, which provides services to supermarket chains in the US and UK, was the victim of a ransomware attack that disrupted its managed services environment. British retail giants Morrisons and Sainsbury have been affected, while major American supermarket chains Albertsons and Kroger, which also use Blue Yonder's services, have yet to comment on the incident. Blue Yonder is working to recover its systems, but has not yet provided a timeline for restoration. (source)
25/11/2024 – Hof Medical Center (IT GAVE)
The Hof Medical Center, located on Eppenreuther Straße in Germany, was the victim of a cyberattack on Monday morning, affecting three doctors' practices and their subsidiaries. Since then, the electronic systems no longer work. Response measures and consequences for patients are under review. (source)
25/11/2024 – Wirral University Hospital (GBR)
A Merseyside hospital, Arrowe Park Hospital, linked to Wirral University Hospital, has declared a “major incident” due to an IT security breach, forcing patients to only attend emergency cases. Business continuity processes are in place to maintain patient safety, but wait times in the emergency department and assessment areas will be longer. Hospital employees reported electronic systems were offline, making it difficult to manage records and results. (source)
26/11/2024 – Alder Hey Children’s NHS Foundation Trust (GBR)
Alder Hey Children's NHS Foundation Trust has released a statement regarding reports of a data breach within their hospital. It is investigating the incident, claimed under the banner of INC Ransom, and is taking measures to protect patient data. No further details were provided on the nature or extent of the breach. Screenshots shared by the cybercriminals suggest that the incident dates back to, at most, November 26. Limited operational impact suggests lack of encryption. (source)
26/11/2024 – Farooque Motors Limited (DFML) Council (PAK)
Dewan Farooque Motors Limited (DFML) in Pakistan was the victim of a cyberattack that corrupted its data and crashed its IT servers, leading to the cancellation of a board meeting. Company data, particularly from the first quarter of 2024, needs to be restored, which will take time. Following this attack, the company's stock price fell by 3.37%. (source)
27/11/2024 – Recope (CRI)
La Refinadora Costarricense de Petróleo (Recope), Costa Rica, confirmed that it was the victim of a ransomware attack on November 27, but assured that fuel distribution would not be affected. Security protocols have been activated and the impact of the attack is being assessed. The Ministry of Science and Technology (Micitt) is closely monitoring the situation and working with Recope to resolve the incident. (source)
27/11/2024 – Hoboken (USA)
The city of Hoboken, New Jersey in the United States, was the victim of a ransomware cyberattack, leading to the closure of the town hall and the suspension of online services. Local authorities and police departments are investigating the incident to determine how to safely restore services. Residents have been informed that street cleaning services and municipal court hearings have been canceled for the day. (source)
Press review produced in part with ChatGPT. The explanations can be read here.