February 14, 2024  — 

MSP cybersecurity news digest: Feb. 14, 2024

Energy giant Schneider Electric hit by Cactus ransomware attack

Schneider Electric, a major player in energy management and automation, with $28.5 billion in revenue for the first nine months of 2023, fell victim to a Cactus ransomware attack, resulting in the theft of corporate data, as confirmed by insiders. The company employs over 150,000 people worldwide.

The attack targeted the Sustainability Business division, causing disruptions to Schneider Electric’s Resource Advisor cloud platform that persist to date. Reports suggest terabytes of corporate data were pilfered during the attack, with the ransomware group now demanding payment to refrain from leaking the stolen data.

Although the specific nature of the stolen data remains undisclosed, the Sustainability Business division advises enterprise clients on renewable energy solutions and aids them in navigating climate regulatory frameworks globally. Notable clients potentially affected by the breach include Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo and Walmart.

Global fintech firm EquiLend offline after recent cyberattack

EquiLend, a global financial technology firm based in New York, reported a cyberattack resulting in the disruption of its operations as some systems were taken offline. EquiLend, founded in 2001 by a consortium of global banks and broker-dealers, operates worldwide, facilitating over $2.4 trillion in monthly transactions through its securities lending trading platform.

The incident involved the detection of unauthorized access to the company’s network, prompting EquiLend to initiate an investigation and implement security measures to restore affected services. Third-party cybersecurity experts have been enlisted to assist in the investigation and expedite the restoration process.

While EquiLend has not confirmed any data exposure or theft, the LockBit ransomware group claimed responsibility for the attack. This development occurred less than a week after EquiLend announced its acquisition by U.S. private equity firm Welsh, Carson, Anderson & Stowe, with the FBI warning of ransomware gangs targeting companies involved in time-sensitive financial events, such as mergers and acquisitions.

Hyundai Motor Europe hit by Black Basta

Car maker Hyundai Motor Europe, a Germany based division of Hyundai Motor Company, fell victim to a Black Basta ransomware attack, with attackers claiming to have obtained 3 TB of corporate data.

Initially, the company attributed the issues to routine IT problems. However, upon further investigation and disclosure of additional information regarding the data theft, Hyundai confirmed the cyberattack.

The company stated that they are currently investigating the unauthorized access to a portion of their network, with collaboration from external cybersecurity experts and legal authorities.

Data breaches at Viamedis and Almerys impact 33 million in France

Data breaches have impacted over 33 million individuals in France, with Viamedis and Almerys, two health care payment service providers, at the center of the incident.

These companies offer healthcare and insurance solutions, managing sensitive data for reimbursement purposes within France’s intricate insurance system. Viamedis disclosed the breach a week ago, citing exposure of beneficiary and health care professional information, including names, dates of birth and social security numbers, among others.

Almerys, though not yet officially confirmed, has also been reported to have suffered a breach impacting millions. While financial data was not compromised, the exposed information poses risks of phishing, identity theft and insurance fraud, prompting CNIL (France’s data protection authority) to initiate an investigation into the incident and ensure compliance with GDPR regulations.

Lurie Children’s Hospital took systems offline after cyberattack

Lurie Children’s Hospital in Chicago faced disruptions in its IT systems following a cyberattack, leading to delays in medical care. The hospital, known for its vital pediatric services, with over 360 beds and a vast medical staff, announced the incident on its website and social media platforms, stating that network systems were taken offline as a precautionary measure.

Despite the challenges posed by the cyber incident, the hospital stated that it remains committed to providing safe and quality care to its patients, advising those in need of immediate medical attention to dial 911 or visit the nearest emergency department. While scheduled procedures have been delayed, and certain services like ultrasound and CT scans are inaccessible, the hospital continues to prioritize emergency situations and operate on a first-come, first-served basis.

Despite no ransomware gangs claiming responsibility, the incident underscores the ongoing threat faced by health care organizations, with some cybercriminal groups disregarding guidelines prohibiting attacks on hospitals in pursuit of financial gain.