Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

Breach Roundup: Russia Suspected of Severing Undersea Cables

Also: VPN Vulnerabilities Attract Hackers, Hackers Use Swiss Mail to Send Malware
Breach Roundup: Russia Suspected of Severing Undersea Cables
Image: Shutterstock / ISMG

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Russia suspected in Baltic Sea cable sabotage, ransomware attackers drawn to VPNs and hackers spread malware through Swiss snail mail. An AI training company reported a cybertheft of $250,000 and a U.S. space technology company reported a breach. Microsoft said it will pay big bucks for AI vulnerabilities and the U.S. Department of Agriculture had a success story with multifactor authentication.

See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks

Russia Suspected In Baltic Undersea Cable Disruption

Undersea communication cables in the Baltic Sea suffered physical damage this week in what European governments said could be a case of Russian sabotage. One 700-mile long severed cable that connected Finland and German led foreign ministers of the two countries to say on Monday that the incident "raises suspicions of intentional damage." They did not directly implicate Russia, but said that Russia's war of aggression against Ukraine endangers European security.

"Nobody believes that these cables were severed by accident," Germany’s minister of defense, Boris Pistorius, told reporters Monday ahead of a meeting of European security officials in Brussels, reported the New York Times.

Finnish telecom Cinia, whose C-Lion1 cable with Germany was cut, said Thursday that a repair vessel was en route from France and should restore the cable by the end of this month. Finland routes telecommunications through multiple routes, it said, so "the impact of a single cable failure depends on the resilience of the service providers' connections."

A spokesperson for telecom Telia Lithuania told CNN a 135-mile long cable connecting it to Sweden was cut on Sunday morning. The disruption reportedly diminished Lithuanian internet capacity by a third but network engineers have since rerouted connections to make up the difference.

The disruptions came weeks after U.S. officials told CNN that Russia has stepped up military activity around key undersea cables. A Kremlin spokesman on Wednesday denied Russian involvement.

American military intelligence agencies responded Thursday to European developments with a warning to defense companies to be on alert for indicators of Russian sabotage. Indicators leading up to a potential attack include photographic or video surveillance including through drones, network penetrations and insiders who seek physical or digital access "beyond their normal duties," the agencies said.

VPN Vulnerabilities Drive Surge in Ransomware Attacks

Badly secured or outdated VPNs were the attack vector for more than a quarter of ransomware attacks launched over the summer, according to an analysis from Corvus Insurance.

A report from the cybersecurity insurance underwriter said telemetry from claims data showed a surge in VPN attacks used for initial access. From April through June, VPNs constituted the initial attack vector in only about 5% of cases, a figure that jumped to 29% from July through September. The company blamed obsolete software and common usernames such as "admin" or "user" and a lack of multi-factor authentication.

"Attackers are focused on finding the path of least resistance into a business, and in Q3, that entry point was the VPN," said Jason Rebholz, CISO at Corvus Insurance.

Ransomware hackers generally show no sign of slowing down, the underwriter also warned. It detected only a marginal quarter-over-quarter increase in attacks, but the continuously high volume of attacks "appears to be driven by a broad-based, 'organic' increase in ransomware attacks."

Five major ransomware groups - RansomHub, Play, LockBit 3.0, Meow and Hunters International - accounted for 40% of all tabulated attacks. RansomHub saw a 160% increase in victims, while LockBit's activities sharply declined after law enforcement action earlier this year.

Hackers Spread Malware Through Swiss Mail

Swiss authorities are warning confederation residents not to fall for a fake mailing purportedly from the state metrological office urging recipients to download a "severe weather warning app" through a QR code. The link actually results in Coper - also known as Octo2 - malware being downloaded onto Android devices. "When the supposed ‘Severe Weather Warning App’ is installed, the malware attempts to steal sensitive data such as access data from over 383 smartphone apps, including e-banking apps," said the Swiss National Cyber Security Center.

AI Training Company Reports Theft

Artificial intelligence company iLearningEngines reported a $250,000 cyber theft, revealing that hackers breached its network, redirected a wire transfer and deleted email messages. While the funds haven't been recovered, the company said that the now-contained breach will only have short-term financial implications and is unlikely to affect its annual results. The company serves over 1,000 clients in sectors such as healthcare and education, reporting a revenue of $135.5 million last quarter.

Library of Congress Email Systems Hacked by Alleged Foreign Actor

The U.S. Library of Congress reportedly disclosed a cybersecurity breach. The breach affected email communications between congressional offices and library staff, including those from the Congressional Research Service, between January and September.

The library, the world's largest, serves as the research library for the U.S. Congress and manages copyright law through the U.S. Copyright Office. The compromised emails only involved communications between congressional offices and library staff. House and Senate email networks, as well as U.S. Copyright Office systems, were not affected by the attack.

Maxar Space Systems' Employee Data Compromised

Space technology company Maxar Space Systems informed employees that their personal information was compromised in a data breach discovered on Oct. 11. A threat actor had unauthorized access to Maxar's network for about a week before the breach was detected.

The compromised system contained personal data, including names, addresses, gender, Social Security numbers, business phone numbers, job titles, department, supervisor details and other employment-related information. The breach did not involve bank account details or dates of birth.

Maxar identified that the hacker used a Hong Kong-based IP address but has not disclosed further details about the incident or the number of people affected.

Microsoft Launches a New Bug Bounty Initiative to Boost AI Security

Microsoft unveiled a new bug bounty offering up to $4 million in rewards for security researchers who find novel vulnerabilities in "high-impact areas, specifically cloud and AI."

The event, dubbed "Zero Day Quest," involves an invitation-only onsight hacking event and a research challenge open to all comers, which runs through Jan. 19. Microsoft said it is also permanently doubling bounty rewards for AI-related vulnerabilities.

USDA Implements Phishing-Resistant MFA with FIDO for Secure Access

The U.S. Department of Agriculture is touting its deployment of phishing-resistant multi-factor authentication using Fast IDentity Online protocols to prevent breaches.

With over 130,000 employees, USDA faces the challenge of seasonal workers who can't use standard, federally issued personal identity verification cards. USDA turned to FIDO, a cryptographic authentication protocol that provides secure, passwordless access and is integrated into devices, operating systems and browsers. The solution was implemented for employees ineligible for PIV cards or who worked in environments where PIV cards were impractical.

FIDO adoption helped 40,000 registered users securely access key systems such as Microsoft 365, VPNs and single sign-on applications. The move prevents common MFA bypass attacks such as phishing, SMS interception and push bombing.

USDA's centralized technology infrastructure, including Microsoft Entra ID, scaled the role of the solution across the agency.

Other Stories From Last Week

With reporting from Information Security Media Group's Rashmi Ramesh in Bengaluru, India and David Perera in Washington, D.C.


About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.