[Security Weekly] New Zealand’s Central Bank Suffers Data Breach Following Supply Chain Attack

2nd Week of January 2021

 

1. New Zealand’s central bank suffers data breach following attack on Accellion

The Reserve Bank of New Zealand, the country’s central bank, suffered a data breach that may have compromised sensitive personal and commercial information.

The bank disclosed the incident on January 10, stating that the data breach was caused by a cyberattack at its file sharing service provider Accellion, an American cloud solutions company. The bank had been using the Accellion FTA (file transfer application) product to share sensitive information with relevant stakeholders. The attack on Accellion likely compromised these shared documents, some of which contain sensitive personal and commercial information, as revealed by the bank.

The attackers possibly exploited a vulnerability in Accellion’s software, which was patched in mid-December. This again shows the importance of keeping software up-to-date at all times.

The Reserve Bank later mentioned that the attack did not affect its main operations, and that the impacted systems were temporarily taken offline as investigations continue.

This was the second attack on New Zealand’s financial sector in the past six months. Back in August 2020, New Zealand’s stock exchange NZX was hit by a massive DDoS attack that halted trading for nearly a week.

Sources: Reuters, DW, ZDNet, Infosecurity

 

2. Networking device vendor Ubiquiti exposes user account details

Ubiquiti, an American manufacturer of both wired and wireless networking devices, sent out a notification email on January 11 alerting its users of a potential data breach.

According to the notification, Ubiquiti detected unauthorized access to its cloud database server, which was hosted by a third-party provider. The database contained the account details of Ubiquiti’s online management console — a platform used by its customers to manage their devices remotely. All users of its products were required to register for the service.

The exposed account details included names, email addresses, salted and hashed passwords, as well as home addresses and phone numbers of those who provided them. The company did not reveal how many users were affected.

Ubiquiti further reassured that it had not detected any unauthorized access to the customers’ user accounts. Nevertheless, it asked all customers to change their passwords and turn on two-factor authentication (2FA).

Sources: ZDNet, Bleeping Computer

 

3. EMA confirms leak of Pfizer and BioNTech’s COVID-19 vaccine data

On January 12, the European Medicines Agency (EMA) officially acknowledged a leak of data related to Pfizer and BioNTech’s COVID-19 vaccine, after threat actors successfully gained unauthorized access into the agency’s IT system back in December 2020.

EMA is the EU’s agency in charge of medicine approval. According to its public statement, unidentified hackers gained access to documents relating to COVID-19 vaccines and later leaked related information on the internet. The EMA has reported the case to law enforcement, and is continuing its investigations.

EMA reassured that the approval and distribution process of the vaccines was not affected by the leak. However, it remains unknown whether the attackers were financially motivated or state-sponsored.

Sources: Threatpost, Infosecurity

 

4. Business jet manufacturer Dassault Falcon hit by Ragnar Locker ransomware

US-based business aircraft manufacturer Dassault Falcon disclosed a data breach incident that may have compromised the personal information of its employees as well as their family members. Dassault Falcon is a subsidiary of French aerospace giant Dassault Aviation, maker of the Dassault Rafale multirole fighters.

Dassault Falcon stated that the ransomware operators had gained access to its IT systems since June 2020 and remained silent for six months until being discovered by the company on December 6, 2020. During this time, the attackers exfiltrated sensitive information of its employees, including their names, dates of birth, passport information, social security numbers, driver’s licence numbers, bank account numbers, and the beneficiary information of their dependents.

The company sent out a data breach notification to its employees on December 31, 2020, and claimed that affected systems had been taken offline while cybersecurity experts work on resolving the issue. It appeared that a number of other subsidiaries of Dassault Aviation were also affected.

Ragnar Locker ransomware later claimed responsibility for the attack. It is unclear how much ransom was demanded and whether negotiations were made.

Sources: Bleeping Computer, Latest Hacking News

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security