[Security Weekly] UK’s Royal Mail Halts International Deliveries After LockBit Ransomware Attack

royal mail

January 2023, Issue II


1. UK’s Royal Mail halts international deliveries due to LockBit ransomware attack

Royal Mail, a major postal service and courier company in the United Kingdom, suffered an attack by a LockBit ransomware affiliate, forcing it to shut down all international mail and parcel deliveries.

After the attack took place on January 11, Royal Mail was not able to send letters and parcels to overseas destinations. It also experienced a significant delay in receiving international letters and parcels. Fortunately, domestic deliveries were unaffected. Printers at one of the company’s distribution sites started printing ransom notes under the name of “LockBit Black Ransomware”.

LockBit Black is the latest version of LockBit’s encryptor (LockBit 3.0), containing features from the BlackMatter ransomware, which shut down in early 2022 due to pressure from law enforcement. The LockBit ransomware gang later claimed on a Russian-speaking forum that one of its affiliates is responsible for the attack. However, the incident hasn’t been listed on LockBit’s official leak site, making it unclear whether it was an official operation.

Sources: ZDNet, Bleeping Computer


2. Norton LifeLock discloses data breach from credential stuffing attack

Norton LifeLock, a set of consumer cybersecurity and identity theft protection software owned by Gen Digital, released a data breach notification via the Office of the Vermont Attorney General, stating that some customer accounts have been accessed by an unauthorized third party.

Gen Digital said that its own systems were not compromised, suggesting that the attackers may have purchased leaked login credentials of other services from the dark web. The company detected a large volume of login attempts on December 12, indicating a credential stuffing attack.

Gen Digital confirmed that 6,450 customer accounts were impacted in this incident. By accessing these accounts, the attackers could have easily obtained the users’ full names, phone numbers, and mailing addresses. Moreover, the attackers could have possibly also accessed the users’ password managers, potentially stealing the login credentials of other accounts.

To prevent credential stuffing attacks, both businesses and consumers are strongly advised to set up multi-factor authentication (MFA) for their accounts and services. To learn more, see iSIGN+, a single sign-on (SSO) MFA solution for business use.

Sources: SC Media, TechCrunch, HIPAA Journal


3. Maritime classification society DNV suffers ransomware attack affecting 1,000 ships

DNV, a Norwegian-based classification society that provides solutions and software to over 12,000 ships and offshore units worldwide, suffered a ransomware attack on January 7.

The ransomware infected DNV’s ShipManager software, which is used by its customers to monitor the operations and regulatory compliance of their fleets. Among 7,000 ships using the software, it was confirmed that about 1,000 ships belonging to 70 customers were impacted by the attack.

The Norwegian police and cybersecurity authorities have been investigating the incident. It is currently unclear how the attackers gained entry into the system. DNV has not commented on whether sensitive data were compromised.

Sources: Infosecurity, The Loadstar


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security