Welcome reader to your CybersecurityHQ report.

Headlines

Hyundai Motor Europe has been hit by a ransomware attack in January, attributed to the Black Basta gang, a group with ties to Russia. This gang reportedly stole around 3TB of data from Hyundai's German division. Hyundai initially noticed IT issues in January and has since confirmed the incident as a ransomware attack. The company is taking steps to investigate the breach with external cybersecurity and legal experts. This isn't Hyundai Europe's first encounter with cybersecurity threats. A previous attack in April exposed customer data in France and Italy.

Black Basta is best known for its more than $100 million in Bitcoin ransoms made since 2022, as well as its connections to the Conti ransomware gang.

In Korneuburg, a small town in Lower Austria near Vienna, a ransomware attack has severely disrupted municipal operations, affecting services as critical as funerals. The cyberattack left the town's data inaccessible and halted the issuance of death certificates along with other administrative systems, as reported by the local newspaper NÖN.

Despite extortion attempts on the darknet, the details of the ransom demands remain vague. The town's deputy mayor, Helene Fuchs-Moser, confirmed receiving a ransom note but expressed the town's resistance to paying the extortionists. The cyberattack, discovered on February 2nd by the head of the town's IT department, Christopher Kremlicka, also compromised the town's backup systems, which were considered secure as of the last review in December.

A cybersecurity company named Bitdefender discovered an alarming new type of malware attacking Mac computers. It’s called RustDoor, and it gains access by impersonating Visual Studio. Most likely, it’s been at play since at least November 2023. RustDoor is connected to two big ransomware groups, Alphv/BlackCat and Black Basta (who showed up in our first story in this newsletter), some of the most notorious ransom gangs in the world.

Bitdefender found a few versions of RustDoor, all designed to steal files and information from computers. These versions can take files and compress them to ZIP, exfiltrating an enormous amount of information. RustDoor can even pretend to be other apps and spoof administrator password dialogs.

Interesting Read

This interview with Jamieson O’Reilly discusses adversary simulations. It’s one of the more fun and engaging tasks for any cybersecurity professional, and in this discussion, you’ll learn how to amplify these practices to make the most out of them.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team