The Port of Nagoya, Japan’s busiest ocean terminal, was hit by a ransomware attack on July 4th, causing the port’s operations to be temporarily suspended. An employee noticed anomalies in the system, leading to the discovery of a ransomware infestation. The port authority is working to restore service and expects to have operations back to normal by July 6th. The attack remains under investigation, and no group has claimed responsibility thus far.
In related news, the US Department of Energy (DOE) was targeted by the Cl0p ransomware gang through the exploitation of the recently disclosed MOVEit file-transfer vulnerability. Multiple government agencies were compromised, including two DOE entities: Oak Ridge Associated Universities and the Waste Isolation Pilot Plant in New Mexico. The DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA) about the incident.
Cl0p also breached Schneider Electric and Siemens Energy using the same vulnerability. Siemens confirmed that no critical data was compromised, and operations remained unaffected. Schneider Electric is currently investigating the cyberattack claim.
The manufacturing and production sectors have seen an increase in ransomware attacks, with compromised credentials and exploited vulnerabilities being the top causes. However, the manufacturing industry has shown a lower propensity to pay ransoms, with more organizations opting to use backups for data recovery. Nonetheless, the percentage of organizations paying high ransoms has increased compared to the previous year.
The Canadian Centre for Cyber Security (CSC) recently released a threat assessment, stating that Russia-aligned threat actors are likely to target Canada’s oil and gas sector to weaken support for Ukraine. The CSC identified bottlenecks in the oil transmission and processing stages as potential targets for cyber threat actors.
The US Government Accountability Office (GAO) published a report highlighting the lack of cybersecurity measures in place for nuclear weapons and manufacturing systems. The National Nuclear Security Administration (NNSA) is still in the early stages of addressing cyber risks in its operational technology and nuclear weapons IT environments.
In the realm of cybercrime, a hacker on a Russophone cybercrime forum is allegedly offering access to a Maxar Technologies US military satellite for $15,000. However, the credibility of this claim is questionable.
Dragos, an industrial security company, released four key lessons for securing the electrical power grid. These include the importance of visibility, network segmentation, secure remote access, and avoiding shared credentials.
Finally, an update on the COSMICENERGY malware reveals that it may not be an immediate threat after all. Initially thought to have the potential to disrupt electrical distribution and critical infrastructure, further research suggests that COSMICENERGY may have been a Russian red teaming tool used in exercises to simulate an electric infrastructure attack.
Overall, these developments highlight the growing threat of ransomware attacks in critical sectors such as energy and manufacturing. It is crucial for organizations to strengthen their cybersecurity measures and remain vigilant against evolving cyber threats.