200 municipalities and regional governments in Sweden have been severely disrupted following a ransomware attack on IT systems supplier Miljödata.
The company, which supplies HR systems to around 80% of the country’s municipal governments, discovered the breach on Saturday 23rd August, authorities said.
"The government is receiving ongoing information about the incident and is in close contact with the relevant authorities," said Swedish minister for civil defence Carl-Oskar Bohlin.
"CERT-SE, which has the task of supporting Swedish society in handling and preventing IT security incidents, has offered advice and support to both the company in question and the affected customers."
Bolin said the country's national cybersecurity center is coordinating disclosure to the relevant authorities, and that a police investigation is underway. The full effects of the breach have not yet been established, he added.
However, regions including Halland and Gotland have warned citizens that their personal data may have been affected. Halland said its Adato sick leave management system, Stella work-related injury reporting system, and Novi HR management system are currently down.
The Gotland region, meanwhile, uses four Miljödata systems, handling medical certificates, rehabilitation plans, occupational injuries, and more.
“Region Gotland is one of many regions and municipalities that are affected by the cyber attacks that Miljödata is exposed to,” said the region's HR Director Lotta Israelsson,
"At present, there are extensive investigations at Miljödata to investigate the extent of the attack and we are in continuous contact with the supplier."
No ransomware group has claimed responsibility for the attack. However, Miljödata has reportedly received a ransom demand of 1.5 bitcoin - just $163,245 - implying that it's unlikely to be one of the big players.
“The attack in Sweden shows the reality that for cyber criminals, targeting supply chain vulnerabilities is one of the most effective levers to cause disruption at scale," said Andrew Lintell, general manager, EMEA, at Claroty.
"By compromising a single IT system supplier can cripple vital functions and processes in one strike."
Miljödata attack the latest to target public sector
Supply chain attacks on government organizations are on the rise around the world, and Sweden is no exception.
Last year, for example, Swedish IT services and cloud hosting provider Tietoevry was hit by a ransomware attack, again involving HR systems, that affected businesses and government agencies including Sweden’s national government service center.
"For municipalities and other public-sector entities, this event shows the urgent need to treat third-party and supply chain security as a core pillar of resilience," said Lintell.
"That means maintaining full visibility into all connected systems and taking on the responsibility of continuously assessing the security posture of vendors. It is key to enforce least-privilege access and ensure that contingency plans are in place to keep essential operations running even when a trusted provider is compromised."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Nearly one-third of ransomware victims are hit multiple times, even after paying hackers
- Ransomware victims are refusing to play ball with hackers
- Ransomware payments are banned in the public sector: should businesses still pay?
-
How the UK is leading Europe at AI-driven manufacturingIn-depth A new report puts the country on top of the charts in adopting machine learning on the factory floor in several critical measures
-
US data center power demand forecast to hit 106GW by 2035, report warnsNews BloombergNEF research reveals a sharp 36% jump in energy forecasts as "hyperscale" projects reshape the American grid
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
