Mirai Security | Cyber Security Blog

Security Impurities: News of the Week (November 9th - 15th)

Written by Alex Morgan | Nov 28, 2022

Next aisle, please: The Sobeys’ hack and how it could have been much worse

Sometimes, good security practices have a funny way of revealing their value, a truth seen with this week’s leading news.

Empire Company Limited, the grocery retail giant that runs Sobeys, Safeway, and many more brands was hit by the Black Basta ransomware. This ransomware, which has been tied to the Russian hacking group FIN7, has primarily attacked Empire’s pharmacy systems, encrypting their data and impeding the fulfillment of prescriptions. Also, they have been asking for payouts from affected stores to have this stolen data unencrypted and returned to them.

While this attack has dealt a major blow to Empire’s pharmacy services, most of Empire’s grocery operations - along with their point-of-sale (PoS) and payment systems - are still operational, having been set up on a different, isolated network.

This network segmentation is a practice highly recommended by many cybersecurity professionals. Due to Empire investing time and resources into this process, this attack was far less consequential than it could have been. Sure, Sobey’s shoppers may not have been able to get their medications because of this attack. But, due to network segmentation, they were free to impulse-buy to their heart’s content.

Medibank called a ransomware gang’s bluff. It didn’t work.

While was not reported in the Sobey’s hack if any ransoms were paid, companies (and their cyber insurance) have begun to take a harder line against ransomware attackers, negotiating price points or flat-out refusing to pay these ransoms. It is costing them dearly.

Such is the case with Medibank, Australia’s largest health insurance provider. In October, they suffered a ransomware attack where the data of 9.7 million current and former customers was stolen. After releasing a statement in which they argued there was only a “limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published," Medibank’s chickens came home to roost.

This week, the stolen data has begun surfacing on the dark web. This data includes full names, addresses, contact information, and even passport numbers for some of Medibank’s users. A colossal error on the part of Medibank - this opens them up to fines, civil suits, and a significant loss of consumer confidence. This shows why attempting to call a ransomware gang’s bluff is a terrible idea.

If companies continue to gamble with their reputations and customer data, these leaks will continue to happen. The setbacks will be equal to or greater than the cost of the original ransoms. When the stakes are this high, it does not pay for companies to be stubborn.

Impersonating tech support reps: FBI’s new alert

This week is International Fraud Awareness Week, and we would be remiss if we didn’t include at least one fraud story in this cycle. The FBI recently issued a consumer alert warning for fraudsters impersonating tech support representatives for subscription renewal scams.

Claiming to be representatives from a high-priced subscription service their targets were unaware they were paying for, these scammers glean personal and financial information from their targets while trying to ‘end’ these fake subscriptions.

These types of social engineering tactics are nothing new. In fact, they were instrumental in the recent Uber hack. They highlight the human risk factor when it comes to cybersecurity. No matter how good a person or organization’s security apparatus is, poor cybersecurity training can always be a weak link. In 2022, not having some level of cybersecurity literacy opens you and your organization up to a litany of attacks.

This International Fraud Awareness Week, remember to practice vigilance and common sense when navigating the digital landscape.