Month: December 2024

A massive cyberattack led the state of Rhode Island to take down its online portal used by residents to obtain social services such as SNAP and Medicaid benefits, as well as health insurance purchased through HealthSource RI.

The cyberattack began on December 5, 2024, when Deloitte, the developer and maintainer of RIBridges system, alerted state officials to suspicious activity. Initially, it was unclear whether sensitive data had been accessed. Over the following days, Deloitte implemented additional security measures while investigating the breach.

On December 10, hackers provided a screenshot of file folders as proof of their access, prompting Deloitte to confirm that the RIBridges system had been compromised. Further analysis revealed a high probability that the stolen files contained personally identifiable information (PII). By December 13, Deloitte identified malicious code within the system, leading the state to shut down RIBridges to mitigate further damage and begin remediation.

While the exact infiltration method is still under investigation, early findings suggest that the attackers exploited vulnerabilities in the system’s architecture, likely either through phishing emails targeting administrative accounts or through unpatched software weaknesses. The malware deployed by the cyber criminals enabled unauthorized access and allowed the attackers to exfiltrate data unnoticed for several days.

The FBI and other federal agencies are assisting in the investigation, while Deloitte works to remediate the vulnerabilities and restore RIBridges

Read more about it here.

On December 4, 2024, hacker group Brain Cipher added Deloitte UK to its Tor-based leaked web site. The gang claimed to have stolen one terabyte of compressed data from the company.

A Deloitte spokesperson addressed these claims, stating that the source of data is a single client’s system, which is not connected to the company’s network. The company emphasized that “No Deloitte systems have been impacted”, based on their ongoing investigation.

The hackers are threatening to make the stolen files available unless a ransom is paid, and it set a deadline of December 15 for Deloitte to respond.

The Brain Cipher hacker group has been active since at least April 2024. On June 20, 2024, the group targeted an Indonesian data center, causing the disruption of around 210 critical government services, including customs and immigration. The cyber attack also caused significant airport delays. The Brain Cipher ransomware group initially demanded an $8 million ransom but later released the decryptor for free.

Read more about it here.

Ugandan officials confirmed on November 28, 2024 that the national central bank suffered a security breach by financially motivated threat actors. State minister for finance Henry Musasizi confirmed the hack and said the police’s Criminal Investigations Department and the Auditor General were probing the incident.

State-owned New Vision newspaper reported that hackers, identifying themselves as “Waste”, accessed the bank’s IT systems and illicitly transferred the funds into accounts in Japan and the UK. It is quite possible that the hack was a result of an insiders job. In total, the hackers stole 62 billion Ugandan shillings ($16.8 million) from the central bank. One batch of about $7 million was sent to a bank account in the UK; it was subsequently frozen and is now considered as recovered. A second batch of about $6 million was sent to a bank in Japan; it has not been recovered because the fraudsters on the Japanese side presented “solid and sufficient” paperwork to prove that their transaction was legit.

Read more about it here.