Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Dutch Firm. Show all posts

Dutch Threat Experts Issues Warning to Companies Regarding Ransomware Attack

 

Thousands of companies have received alerts about a global ransomware attack from the Dutch cybersecurity agencies. The perpetrators, known as the Cactus Gang, hail from Eastern Europe and have been operating since the end of last year.

The gang infiltrated the companies' networks because the companies used a Qlik Sense server. The Dutch experts stated they noticed that many of these systems are susceptible to ransomware attacks. The professionals work for Fox-IT of Delft, Northwave of Utrecht, Responders of Amsterdam, and ESET of Sliedrecht. 

The attackers were able to breach the security systems of 122 firms, at least ten of those based in the Netherlands. The security specialists exchanged details regarding the situation and realised that victims were being attacked in the same manner each time. The four companies reported their findings to the Dutch authorities.

Around 5,200 Qlik Sense servers are in use around the world, with around 3,100 of them vulnerable. According to Dutch security organisations, "the cooperation has potentially helped prevent a maximum of 3,100 victims of the Cactus Gang.”

Only recently have police, prosecutors, and security officials begun sharing details regarding ransomware attacks. This is why the collaboration project, Melissa, was established last year. Since then, additional operations against cybercriminals have been accomplished successfully. "Mutual confidence has grown strongly as a result of this," security expert Willem Zeeman from Fox-IT stated.

The Digital Trust Centre (DTC), which is part of the Ministry of Economic Affairs, notified Dutch enterprises so that they might take precautions. The Dutch Institute for Vulnerability Disclosure (DIVD) notified foreign cyber organisations, such as the American Cybersecurity & Infrastructure Security Agency (CISA) and the FBI. 

Ransomware attacks have wreaked havoc on numerous Dutch businesses and institutions in recent years. The victims included the Dutch football association KNVB, the VDL Group, Maastricht University, Hof van Twente, RTL Nederland, the Dutch Organisation for Scientific Research (NWO), and Mediamarkt. 

In the majority of cases, a ransom was demanded. Last year, the Digital Trust Centre notified more than 140,000 Dutch companies of specific cyber threats.

Chinese Hackers Lurked for Over Two Years to Steal NXP's Chipmaking IP

 

Chinese-affiliated hacker group Chimaera secured access to the network of the massive Dutch semiconductor company NXP for more than two years, from late 2017 to the start of 2020, NRC reported.During this time, the notorious hackers allegedly stole intellectual property, including chip designs; however, the full extent of the theft has yet to be revealed. NXP is Europe's largest chipmaker, and the scale and scope of the disclosed attack is alarming. 

The report claims that the hackers lurked in the company's network for almost 2.5 years before the breach was discovered; the Dutch airline Transavia, a subsidiary of KLM, was the target of a similar attack. In September 2019, hackers gained access to Transavia's reservation systems. The NXP hack was discovered as a result of communications with NXP IPs found during an investigation into the Transavia hack. The attack uses the ChimeRAR hacker tool, which is one of the defining characteristics of the Chimaera hacking group. 

To gain access to NXP, the hackers first used credentials extracted from previous data leaks on platforms such as LinkedIn or Facebook, and then used brute force attacks to guess passwords. They also got around double authentication by changing phone numbers. The attackers were patient, only checking for new data to steal every few weeks, and then snuck the data out by uploading encrypted files to online cloud storage services such as Microsoft's OneDrive, Dropbox, and Google Drive. 

Being a significant player in the global semiconductor market, NXP gained even more clout in 2015 when it purchased the American company Freescale. NXP is well-known for creating secure Mifare chips for Dutch public transport in addition to secure components for the iPhone, specifically Apple Pay.

NXP claims that the breach did not cause material damage, despite acknowledging that its intellectual property had been stolen. The company cites the complexity of the stolen data as a barrier to easy design replication. According to the NRC, the company felt no need to notify the public as a result. 

NXP apparently strengthened its network security after the breach. The business tightened its internal data accessibility and transfer policies and upgraded its monitoring systems. These preventative measures were meant to avert future incidents of the same kind, preserve the network's integrity, and protect the company's valuable intellectual property.