In an unsettling new phase of the cybersecurity era, Russia’s ground war in Ukraine and behind-the-scenes war on the internet have dovetailed into an upswing of cybercrime that may or may not be politically motivated.
Time will tell how this online maneuvering ultimately plays out, but for the moment tension abounds as the cybersecurity community anticipates the next big attack.
Unsurprisingly, several of the most notable security incidents to hit the news cycle in March relate to the conflict, but there were more traditional cyberthieves and some positive cybersecurity outcomes in the news mix too. Let’s look at some of the top stories from the last month in the shady corners of the internet
March’s Most Notable Cyber Attacks
PressReader Attack Takes the News Offline
Newshounds around the world were confounded when more than 7,000 online newspapers, magazines, and information sources were halted by an early March attack. Vancouver-based PressReader, the world’s largest online distributor of news publications, issued a statement on March 4 informing users of a “cybersecurity incident” that interrupted the availability of many leading news titles. Impacted publications included hundreds of small-market and local news outlets across the U.S., Canada, Oceania, and Europe, as well as major players like The New York Times and The Washington Post.
While PressReader was tight-lipped about the nature of the attack and whether ransomware was involved, observers have noted the attack came just days after the company announced it was giving free access to its news sources to users in Ukraine. That, of course, led to speculation that the cyber attack may be linked to pro-Russian hacking groups. PressReader was able to restore most of its functionality by March 6 and the investigation into the incident continues.
Records Exposed: Unknown, but 7,000 + websites disabled
Type of Attack: Unconfirmed
Industry: Publishing, journalism
Date of Attack: March 3-6, 2022
Location: Vancouver, British Columbia
Key takeaway: We’ve seen a recent rise in incidents in which hackers tapped off vast international operations by attacking key pieces of an organization’s infrastructure. That this attack was likely politically motivated only underlines the necessity of a comprehensive security program that consistently monitors every aspect of a business’s day-to-day functions.
Hackers Jack $600 Million in Crypto from Gamers
The always interesting cryptocurrency landscape developed a few more rough patches in March, as the blockchain gaming platform Ronin Network fell victim to a large-scale cyberheist. Ronin’s Axie Infinity mobile game, which allows players to earn digital coins and NFTs as they fight Pokemon-style battles, has become hugely popular in the crypto community recently. That high-profile popularity likely made Axie Infinity an especially tempting target for hackers, who the company believes first breached their system during a huge swell in traffic volume in November 2021.
While such quick growth would tend to be a positive thing for a tech business, it also meant that Ronin’s cybersecurity controls could not keep up with the influx of users. A temporary loosening of security standards helped the platform successfully scale to accommodate the volume of players, but it also left the door open for bad actors who compromised the security system’s validator nodes and eventually made off with roughly $600 million worth in cryptocurrency in March. While Ronin’s parent company Sky Mavis is working with international authorities to recover the stolen funds, players are not holding their breath.
Records Exposed: Cryptocurrency transactions
Type of Attack: Blockchain breach
Industry: Gaming, cryptocurrency
Date of Attack: November 2021 to March 2022
Location: Singapore
Key takeaway: The same sense of unregulated innovation that attracts devotees to the cryptocurrency and NFT space also attracts plenty of others with bad intentions. Highly visible crypto businesses are juicy targets for cyberthieves waiting for opportunities like the one Ronin made available in November. Taking higher risks means investing in tighter security, and organizations that don’t abide by that can expect similar losses.
Ransomware Shuts Down German Gas Stations
In an already fraught February for gasoline providers and users worldwide, a cyber attack on a German oil and gas company injected even more uncertainty into the situation. An attack on two oil-related subsidiaries of energy giant Marquard & Bahls disrupted IT services across the company’s many holdings. This forced the temporary closure of approximately 200 gas stations across Germany and left companies like Shell scrambling to reroute supplies and switch to alternate oil sources.
The details of the attack are not yet divulged, such as whether ransomware was involved. Even so, investigators say this hack has the earmarks of the notorious BlackCat cybercrime gang, the Russian group thought to be responsible for last year’s damaging Colonial Pipeline attack.
Sadly, the current international situation suggests that more energy industry incidents of this nature are likely in the coming months and years.
Records Exposed: Unknown, but IT operations halted across several companies
Type of Attack: Unconfirmed
Industry: Fuel distribution
Date of Attack: February 2022
Location: Germany
Key takeaway: There are not many bad situations that can’t be made worse by a dose of cybercrime. With international uncertainty about gas prices and supplies running rampant, this is an industry that can ill afford further disruptions. That makes it all the more appealing a target for criminals, especially those with political motivations. Organizations need to be aware of their status as high-value targets and bulk up their security accordingly.
Microsoft Squelches a Potentially Damaging Breach
The cybersecurity industry generates a lot of troubling news every month, so it’s always nice to read a success story on occasion.
To that end, a March 20 data breach on Microsoft by the international hacking group known as Lapsus$ succeeded in accessing some of the tech giant’s internal materials, but Microsoft’s security team was apparently able to shut down the threat before any damaging or high-value data was stolen.
A March 22 statement from Microsoft claimed that only a single account was compromised. That would bear the marks of methods frequently employed by Lapsus$, which operates primarily via phishing, extortion, and other forms of social engineering mayhem rather than large-scale data theft or ransomware attacks. The quick action of Microsoft’s security team may have saved the company considerable headaches, considering that the hacking group’s past high-profile victims include major organizations such as UbiSoft, Samsung, Nvidia, and the government of Brazil.
In fact, a concurrent Lapsus$ breach of the identity security company Okta led to considerable reputational damage — along with, however, the arrest of several of the alleged hackers.
Records Exposed: Unknown, but limited to a single account
Type of Attack: Unconfirmed, likely phishing or socially engineered
Industry: Information technology
Date of Attack: March 20, 2022
Location: Redmond, Washington
Key takeaway: Sometimes the cybersecurity picture can appear so bleak that it seems pointless to even attempt to defend against digital criminals. However, this incident illustrates the critical importance of a responsive and up-to-date security solution in times of trouble.
While the Lapsus$ group appears to be comparatively less malicious than some larger state-sponsored cybercriminals, they have an impressive roster of takedowns in their portfolio. Only a top-notch security detail prevented Microsoft from being added to that dubious rolodex.
From necessities like fuel and news to luxuries like online gaming, every industry is a potential target for online thieves and political saboteurs. Companies have more at stake than simply paying a substantial ransom—every unexpected interruption in service or pilfered crypto investment means major losses of reputation and trust.
Customers can only take having their personal information and finances handled without appropriate care for so long before fleeing to the competition. So, organizations need to up their cybersecurity game to help ensure they stay protected. The stakes are too high to do anything else.
Additional Resources
- Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn, and YouTube
- Visit arcticwolf.com to learn more about our security operations solutions
- If you’re ready to get started, request a demo or get a quote today
