[Security Weekly] Ukrainian Government Suffers Massive Website Defacement Attack

ukraine government image

January 2022, Issue II


1. Ukrainian government agencies suffer massive website defacement attack

Over 70 government websites of Ukraine were taken down in a massive website defacement attack on January 14, where the attackers replaced the main pages with a message “be afraid and expect the worst”.

The affected websites include those of the Ministry of Foreign Affairs, the Ministry of Education and Science, the Cabinet of Ministers, as well as many other public services, including digital vaccine certification. Ukraine’s Ministry of Digital Transformation attributed the attack to Russia, as tensions between the two nations have risen to an all-time high with growing worries of military conflicts. Russia, however, immediately denied the claim suggesting a lack of evidence.

Although the hackers also claimed to have stolen the personal data of Ukrainian citizens, the Ukrainian government reassured the public that no personal information was compromised. Still, Ukrainian cyberpolice said that the attack involved more than just website defacement, as it found out that many information resources were deliberately destroyed by the hackers.

Just a day prior to the attack, Microsoft released a report stating that a strain of ransomware-like malware was discovered targeting many organizations in Ukraine. It remains unclear whether this observation was related to the attack.

Penta Security’s logic-based web application firewall (WAF) WAPPLES has helped thousands of businesses protect their web applications from injections, website defacement, and sensitive data exposure. Click here to learn more about WAPPLES.

Sources: Threatpost, Infosecurity, The Guardian, National Post


2. Ransomware shuts down Maryland Department of Health for over a month

After a month of news coverage on the widespread outage of health services in Maryland, the state’s Department of Health finally made a statement on January 12 attributing the situation to a ransomware attack. 

The department stated that it first discovered server problems on December 4, after which large portions of IT infrastructure were disabled. Administrative and healthcare employees were unable to access databases and resources, resulting in a series of service disruptions and outages that remained largely unsolved for over a month.

The state was not able to compile and publish COVID-19 cases for the entirety of December. Issuance of new medical licences and death certificates was halted. Many hospitals had to go back to pen-and-paper documentation, while many patients had difficulties in claiming Medicaid benefits. Some HIV patients faced delays in receiving life-saving daily medications.

Even after a month, the attacker had not been identified. The department declared no intention of paying ransom demands.

Sources: ZDNet, Health IT Security


3. Luxury fashion giant Moncler attacked by novel AlphV/BlackCat ransomware

Moncler, an Italian luxury fashion brand known for its winter jackets, became one of the first victims of the newly established ransomware-as-a-service (RaaS) operation named AlphV (a.k.a. BlackCat).

Moncler stated that the intrusion occurred during the last week of 2021, which immediately disabled its IT systems and caused an outage of logistics and sales services. Shipments and e-commerce only resumed after ten days.

On January 18, after Moncler refused to pay the $3 million ransom demand, the AlphV ransomware operators released stolen data on its leak site, which included the personal data of Moncler’s current and former employees, suppliers, business partners, and customers, as well as corporate files including income statements and invoices. 

Moncler confirmed the data breach and informed the Italian Data Protection Authority, but reassured its customers that no payment card information was leaked. 

With its first appearance in December 2021, AlphV is regarded as one of the most sophisticated RaaS in the market.

Sources: Bleeping Computer, TechRadar Pro


4. Cyberattack at FlexBooker compromises 3.7 million customer records

FlexBooker, an online booking and scheduling software, disclosed a data breach that impacted 3.7 million personal records of those who made booking requests. FlexBooker is used by B2C businesses like physicians, lawyers, accountants, hair shops, where it processes booking requests and synchronizes them with the business calendar.

Following a DDoS attack on December 23, the company said its AWS servers were compromised and parts of its customer and system data were accessed and stolen. The attack immediately caused a service outage that took 12 hours to restore with the help of Amazon. All affected customers were notified.

A hacker group self-named Uawrongteam claimed responsibility for the attack and shared samples of stolen files on a hacking forum. The attackers claimed to have stolen names, phone numbers, emails, driver’s licences, and hashed and salted passwords.

Sources: ZDNet, Bleeping Computer


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security