Top Cyber Stories for April 2022 – Cyber Stories
Funky Pigeon Cyber Attack
Funky Pigeon, a UK online gifts and greetings cards store was the target of a cyber attack that saw the company suspend taking new orders and move its systems offline. The website had not resumed full operations as at May 3, about two weeks since the incident was first reported on. It is still not clear who was responsible for the attack as investigations are still in progress.
The incident was discovered less than two weeks after an attack on The Works, a UK discount retailer focused on arts, crafts and books. There is no evidence so far that the two attacks are related.
While the company maintains there is no evidence customer payment data was exposed, this could change as more information on the extent of the breach becomes available. The online store wrote to all customers of the preceding 12 months disclosing details of the attack. Funky Pigeon is a subsidiary of FTSE 250 index retailer WHSmith.
Ransomware Attack on Costa Rican Government
The Costa Rican government was the subject of a ransomware attack in mid-April that crippled its computer systems. The Russian-speaking hacker gang Conti has claimed responsibility for the incident though the Costa Rican government has not confirmed the origin.
Conti is also known to rent out its ransomware as a service to affiliates and other criminal groups around the world in exchange for a commission or service fee. The hacking group claimed responsibility for attacks on Panasonic Canada and Nordex that took place during the same month..
Despite demands for a ransom payment, none has been paid out as yet as the Costa Rican government grapples with deploying workarounds as well as damage control from disclosed information. The value of the ransom demanded has not been undisclosed.
Earlier in the month, Finland’s government was the target of a DDoS attack. The attacks came in the wake of Finland’s stated intent to join NATO following Russia’s invasion of Ukraine.
Cybersecurity Negligence Lawsuit
Mailchimp’s parent company Intuit is the subject of a lawsuit triggered by a cybersecurity breach that is believed to have caused the theft of a Trezor user’s cryptocurrency. Trezor is one of the most widely used hardware cryptocurrency wallets. Mailchimp is a leading email marketing platform.
The lawsuit was filed by the Trezor user in a northern California federal court. They claimed to have fallen victim of an elaborate phishing attack that saw the loss of tokens worth about $87,000 from their wallet. Intuit’s other products include QuickBooks, TurboTax, Mint and Credit Karma.