SECURITY NEWS: Bleeping computer

 Just three and then some . . . 

Hackers attack UK water supplier but extort wrong company

OkBy 

Bill Toulas 

South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.

As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn’t impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.

“This is thanks to the robust systems and controls over water supply and quality we have in place at all times, as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis,” explains the statement published on the company’s site.

Also, South Staffordshire Water reassures its customers that all service teams are operating as usual, so there’s no risk of extended outages due to the cyberattack.

Clop misidentifies victim?

Meanwhile, the Clop ransomware gang claimed Thames Water as their victim via an announcement on their onion site today, alleging to have accessed SCADA systems they could manipulate to cause harm to 15 million customers.

Thames Water is UK's largest water supplier and wastewater treatment provider, serving Greater London and areas surrounding river Thames.

The hackers allege to have informed Thames Water of its network security inadequacies and claim that they acted responsibly by not encrypting their data and only exfiltrating 5TB from the compromised systems.

Part of Clop's claims in the gang's data leak extortion site

However, following a supposed collapse in the negotiations of the ransom payment, the actors published the first sample of stolen data that includes passports, screenshots from water treatment SCADA systems, driver’s licenses, and more.

Thames Water has officially disputed these claims via a statement today, saying that reports of Clop having breached its network are "cyber-hoax" and that its operations are at full capacity.

One key detail in the case is that among the published evidence, Clop presents a spreadsheet with usernames and passwords, which features South Staff Water and South Staffordshire email addresses.

Published evidence pointing to SSW

Additionally, BleepingComputer observed, one of the leaked documents sent to the targeted firm is explicitly addressed to South Staffordshire PLC.

As such, it’s very likely that Clop misidentified their victim or that they are attempting to extort a much larger company using false evidence.

This attack comes during dire drought times for UK consumers, with eight areas in the country imposing water ration policies and hosepipe bans.

Cybercriminals don’t pick their targets randomly, as hitting water suppliers during harsh drought periods could apply insurmountable pressure to pay the demanded ransom.

For this to happen, though, Clop has to redirect its threats to the correct entity, but considering the publicity the matter has taken, it’s probably too late for that.

 

• August 16, 2022
 
• 05:05 AM
 
• 0

✓ 1  

SECURITY, GAMING

CS:GO trading site hacked to steal $6 million worth of skins

CS.MONEY, one of the largest platforms for trading CS:GO skins, has taken its website offline after a cyberattack allowed hackers to loot 20,000 items worth approximately $6,000,000.

• BILL TOULAS
 
• AUGUST 16, 2022
 
• 09:59 AM
 
•  1

✓ 2 

• 
   
  SECURITY

  Malicious PyPi packages aim DDoS attacks at Counter-Strike servers

  A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server.

  • BILL TOULAS
   
  • AUGUST 15, 2022
   
  • 06:03 PM
   
  •  0
• 
   
  SECURITY

  Twilio hack exposed Signal phone numbers of 1,900 users

  Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month.

  • IONUT ILASCU
   
  • AUGUST 15, 2022
   
  • 05:46 PM
   
  •  0
• 
   
  SECURITY, MICROSOFT

  Microsoft disrupts Russian hackers' operation on NATO targets

  The Microsoft Threat Intelligence Center (MSTIC) has disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM that targets propland organizations in NATO countries.

  • LAWRENCE ABRAMS
   
  • AUGUST 15, 2022
   
  • 02:22 PM
   
  •  0
• 
   
  SECURITY

  Russian hackers target Ukraine with default Word template hijacker

  Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notoriousOk

✓ 3 

• 
   
  SECURITY

  Callback phishing attacks see massive 625% growth since Q1 2021

  Phishing is constantly evolving to bypass user training and email protections, and as threat actors adopt new tactics with better success ratios, quarterly stats reflect interesting threat trends on multiple fronts.

  • BILL TOULAS
   
  • AUGUST 15, 2022
   
  • 10:32 AM
   
  •  0