InfoSec Round-Up: Feb 26th

Jet Maker Attacked, Central Bank System Downed & Medical Data Leak

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Jet Maker Hit with Ransomware

Bombardier, one of the world’s largest manufacturers of business jets, has been struck with a ransomware attack in which product blueprints were stolen.

Employing around 16,000 people and with revenues of $6.5 billion, Bombardier announced that an unauthorised party had gained access and extracted data by exploiting a vulnerability affecting a “third party file transfer application”.

Believed to be the work of the Clop ransomware syndicate, the gang stole the personal and confidential data of employees, customers and suppliers, as well as posting stolen designs, schematics and flight tests reports to their ‘data-leak’ site.

The compromised software in question is Accellion FTA, a legacy files-transfer service used to share sensitive files with people outside of the organisation; a software which has been involved in multiple data breaches in the last year.

In the statement, the company noted, “Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised. The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers.”

Adding, “With the ever-increasing number and sophistication of cybersecurity attacks on corporate groups, Bombardier remains committed to maintaining the integrity of its IT infrastructure and safeguarding employee, client and supplier information.”

US Central Bank System Downed

The system used by the US central bank to process payments crashed this week following an operational error, leading to several hours of disruption to services.

Normally processing more than $3.5 trillion each day, the problems were resolved within a matter of hours, though the incident has, for some, raised concerns over the reliability of the processes that facilitate such a large volume of vital financial transactions.

Simply referring to the cause as an “operational error” the Federal Reserve warned customers that a backlog of transactions had built up during the period of disruption, advising clients that “the backlog of files may take time to clear.”

In a statement, a Treasury Department official noted, “While root cause is currently being evaluated, there is no indication that the issue is the result of a cyberattack”. Adding that they “would not expect there to be financial consequences for individual account holders because of the temporary disruption.”

Medical Data Leak

The sensitive medical data of nearly half a million French citizens has been stolen and leaked by a malicious gang of hackers.

The exposed data, which includes names, phone numbers, social security numbers and extremely sensitive medical information, is believed to have been stolen from around 30 different medical laboratories across France.

The thefts are believed to be linked via a particular type of medical administrative software published by Dedalus Healthcare Systems Group., though this has yet to be confirmed by the affected parties.

Having been leaked online following a reported ‘falling out’ amongst the hackers, this is second leak of French medical data this month, with 50,000 healthcare staff account details discovered on a hacking forum only days ago.

Speaking about the incident, COO of Dedalus, Didier Neyrat stated, "We have set up a crisis cell group as we are taking this seriously, and we will work in partnership with our clients to understand what has happened."

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.