Welcome to our latest monthly review of cyber attacks and data breaches. In May 2022, we found 77 publicly disclosed security incidents accounting for 49,782,129 breached records.
As ever, you can find thefull list of incidents on our sister site. In this blog, we take a closer look at the cyber threat landscape in Europe.
German library crippled by ransomware
One of the largest library services in Germany, the EKZ Bibliotheksservice, announced at the start of the month that its systems had been infected with ransomware.
In an FAQ on its website, the Reutlingen-based organisation said that many of its services were rendered unavailable.
Customers were unable to rent e-books, audio books and digital copies of magazines, nor were they able to make requests online or by phone.
The attack severely affected Onleihe, a popular app that connects users via EKZ’s service to local libraries. The app is used by universities across Europe, and its users account for roughly 40% of Germany’s e-book usage.
Onleihe reported that its copy-protected e-books had been deleted in what it described as a “process error”. It said that the books would need to be re-encrypted and uploaded to its systems, a task that it was making “incremental progress” towards completing.
The LockBit ransomware gang have taken credit for the attack, publishing stolen data on the dark web. The group tends to infiltrate organisations by exploiting purchased access, unpatched vulnerabilities, insider access and zero-day exploits.
Reports of the attack broke several days after the information was published. It’s likely that the announcement was made after the EKZ Bibliotheksservice decided not to pay the ransom demand, hence the information being published online.
If this is the case, it was a smart decision. Security experts urge organisations not to negotiate with cyber criminals, because there is no guarantee that they will honour their promise once they have been paid.
Additionally, paying the ransom doesn’t automatically make the problem go away. It will still take time to restore the compromised data and make up for the lost time during the infection, while the organisation must still report the incident as per their GDPR (General Data Protection Regulation) compliance requirements.
Greenland’s health service comes under attack
At the start of the COVID-19 pandemic, a collective of ransomware groups promised not to target healthcare facilities. The decision reflected a glimmer of humanity from a cadre of criminals who have previously not been shy about crippling charities, schools and small businesses.
Their promise didn’t last long. The Irish health service was targeted by the Conti ransomware gang last year, in the most high-profile of a series of attacks against hospitals and healthcare facilities.
Now that the pandemic is subsiding, attackers are taking even greater liberties targeting the sector, with Greenland’s national health centre becoming the latest victim.
The healthcare sector is among the most vulnerable to ransomware, because cyber criminals know that organisations cannot afford even minor delays.
If staff are locked out of their systems, it jeopardises the health of patients and places an even larger burden on doctors, nurses and administrative staff.
Patients throughout Greenland were told to expect longer waiting times than usual and that some appointments might have to be cancelled.
The attack appears to have been conducted by the same group that infiltrated the country’s government in March.
Far-right French website investigated after leaking Muslims’ personal data
A criminal investigation has been launched after the far-right website Fdesouche allegedly leaked files containing personal data on several notable Muslim figures.
The information relates to journalists, imams and activists, as well as members of the left-wing political party France Insoumise, including its leader Jean-Luc Melanchon.
The leak occurred in September 2021, and is now being investigated following a complaint made by the activist Taha Bouhafs.
According to the complaint, more than 100 people are affected by the incident – although it’s not the first time that Fdesouche has leaked personal data.
In November 2019, the website published the names and professions of a group of Muslim activists who backed a public demonstration against Islamophobia. And in 2017, the group reportedly leaked the contact details of people working with organisations supporting migrants and refugees.
Pierre Sautarel, one of Fdesouche’s editors, said that the website had not done “anything illegal” and that the information was already in the public domain.
However, it is not that simple. The group likely collected the information with web scraping; this is an automated process for gathering information from websites. A bot or web crawler inspects a web page to detect relevant information, which could include people’s names and contact details.
Consider, for example, how many websites contain people’s personal information. Social networking sites are the most common place to find such data, but many websites also contain a ‘contact us’ page that lists the names, job titles, email addresses and phone numbers of their employees.
Web scraping isn’t prohibited under the GDPR, but you must follow its requirements when obtaining and protecting the information.
This means you must document a lawful basis for processing, and implement appropriate technical and organisational controls to prevent data breaches. Crucially, you are also responsible for protecting that information; as such, deliberately leaking the information is a GDPR violation.
According to the Paris prosecutor’s office, the investigation is being handled by the Banditry Repression Brigade, a special unit of France’s Ministry of Interior.
Are you prepared for a cyber attack?
If you’re facing a cyber security disaster, IT Governance is here to help.
OurEmergency Cyber Incident Response Serviceprovides the support you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
Get started
