Recently, ransomware attacks have occurred frequently in logistics, medical, financial and other fields in many countries, and have affected the normal operations of these fields. The following content is compiled based on public information and takes stock of recent major cyber attacks.
On July 5, 2023, the computer system operator of Nagoya Port in Japan stated that a hacker group headquartered in Russia attacked Nagoya Port, which has the largest cargo throughput in Japan and is responsible for handling part of Toyota's import and export business.
The Nagoya Port Transport Association said the organization, LockBit 3.0, had made a ransom demand in exchange for system restoration, and the police had launched an investigation. Its operator, the Nagoya Port Authority, said the port was still unable to load and unload containers from trailers. The company plans to resume port operations on the morning of July 6.
The system failure occurred around 6:30 a.m. on July 5 when an employee was unable to start a computer, according to the Port Authority. A message indicating that the computer system was infected with ransomware was somehow sent to the printer. Ransomware is malware that encrypts data and demands payment in exchange for restoring access.
The port is a hub for the import and export of Toyota. The automaker said it was unable to load and unload vehicle parts due to the malfunction. But the company added that so far its production has not been disrupted, nor has the logistics of finished vehicles because it is managed using a different computer system.
The port has been the largest in Japan since 2002. According to the operator, its cargo throughput will reach 177.79 million tons in 2021.
This is not the first time the port of Nagoya has suffered a cyber attack. In September 2022, the port's website was temporarily shut down after the Russian group Killnet launched a distributed denial-of-service (DDoS) attack.
On July 4, 2023, a hacker known as Neo_Net has been identified as the perpetrator of an Android mobile malware campaign targeting global financial institutions, specifically Spanish and Chilean banks.
The campaign, which took place between June 2021 and April 2023, resulted in the theft of more than 350,000 euros and the disclosure of personally identifiable information on thousands of victims. Major banks including Santander, BBVA, Caixa, Deutsche Bank, Crédit Agricole and ING were among the prime targets.
Neo_Net is a Spanish national living in Mexico who has built a reputation as a seasoned cybercriminal involved in various illegal activities such as selling phishing panels and exfiltrating data. The hackers also offer a service called Ankarex, which focuses on SMS phishing campaigns targeting multiple countries. The campaign started with SMS phishing, using scare tactics to trick recipients into clicking on a fake landing page. These pages closely resemble legitimate banking apps and employ various defenses to evade detection.
Additionally, hackers are also defrauding bank customers by tricking them into installing rogue Android apps masquerading as security software. The Ankarex platform, accessible via ankarex[.]net, allows users to initiate their own SMS scam campaigns by specifying the content of the SMS and the target phone number
On July 3, 2023, ARx Healthcare of the United States stated that the company suffered a cyber attack in 2022, which may have exposed the personal details of more than 40,000 people, many of them children. It's unclear why it took so long to disclose this information.
The Kansas-based health care provider made the disclosure on its website and on July 3 notified the Maine Attorney General's Office, which is responsible for any data breach involving its residents. The Act imposes strict reporting requirements.
According to the attorney general, only 526 Maine residents were affected, bringing the total number of potential victims to more than 40,000, and it's unclear whether those were all patients or if that number also included a third person who may have been infected. Details of third party contractors. Remains on the ARx's internal system.
It seems certain that the health care company suffered a system breach in March 2022 that exposed information including child patient names, prescription information, insurance and account numbers, physician names and, in some cases, Social Security numbers. Details.
ARx disclosed this information in a notification letter sent to affected parties on June 30, 2023, and claimed that based on their investigation and dark web monitoring, there was no evidence that this information was misused. It took ARx more than a year of investigations to reach its final conclusion after ARx employee email accounts were compromised and accessed by an unauthorized third party" cyber breach occurred.
After discovering the incident, ARx disabled the account, contained the interference, hired an industry-leading cybersecurity firm to complete the investigation, and expedited key initiatives to strengthen our systems and security protocols.
ARx’s disclosure letter to the patient’s parents added: “Based on the findings of its investigation, ARx has determined that personal information belonging to the child was contained in a file within the email account and may have been accessed by an unauthorized third party. The company offers parents a year of free credit monitoring and identity theft protection.
ARx claims that since the attack, the company has hardened its systems and protocols for employees, patients, and customers by implementing a threat monitoring system, a proactive vulnerability management program, proactive system scans, and a significant investment in its security operations.