Enjoying our content? Subscribe:
Top 10 Cybersecurity Breaches in Sweden
Learn about the state of cybersecurity in Sweden and the 10 biggest breaches in this country.
The growing awareness of potential threats among businesses and governments has made cybersecurity technologies the top priority across a variety of countries, and Sweden is not an exception. According to the most recent statistics, Sweden refers to one of the most well-connected countries in the world, with over 93% of households having access to the Internet.
However, along with the rising connectivity of different devices, Sweden-based companies also start realizing the need for protecting their systems from security incidents of different types, such as penetrations, hacking attacks, malware, and many others. Falling victim to ransomware will not only bring in reputational damage but also can negatively affect the workflow and result in notable financial losses for the company.
According to Truesec's overview, the number of cyberattacks in Sweden shows an apparent increase over the past years: compared to 2019 and 2020's performance, the attacks have tripled, resulting in over 30 billion SEK ($2.66 billion). The increasing tendency of ransomware attacks will be preserved during the upcoming decades, as the attacks are getting more severe, come on very rapidly, and hit the most vulnerable points of the company.
To adapt to the new realities and comply with the current EU Directive on the security of network and information systems, the Swedish government introduced a national strategy for cyber security in 2017 with several strategic areas, aimed at the enhancement of incident prevention capacity and systemic security. Additionally, the Comprehensive Cyber Security Action Plan 2019-2022, presented in March 2020 has provided add-on guidance on securing the key infrastructure, efficient response to the threats before, during, and after the attacks, and outlined the basics of coordination between the domestic/overseas companies and law enforcement agencies.
Regardless of these measures, a large number of Sweden-based companies continue falling victim to ransomware attacks. The most common causes can be divided into internal, such as insufficient systems security, lack of technical expertise, or checkup systemic in victims, and external, which mainly depend on the tactics of the attackers.
Being aware of the most typical strategies criminals use to profit, enterprises can get some insights on how to secure their companies from upcoming attacks and minimize the damages if any occur. In this article, cyberlands.io experts will explore the most high-profile cases of cyber attacks on Swedish companies, analyzing their causes, effects, and results on performance.
However, along with the rising connectivity of different devices, Sweden-based companies also start realizing the need for protecting their systems from security incidents of different types, such as penetrations, hacking attacks, malware, and many others. Falling victim to ransomware will not only bring in reputational damage but also can negatively affect the workflow and result in notable financial losses for the company.
According to Truesec's overview, the number of cyberattacks in Sweden shows an apparent increase over the past years: compared to 2019 and 2020's performance, the attacks have tripled, resulting in over 30 billion SEK ($2.66 billion). The increasing tendency of ransomware attacks will be preserved during the upcoming decades, as the attacks are getting more severe, come on very rapidly, and hit the most vulnerable points of the company.
To adapt to the new realities and comply with the current EU Directive on the security of network and information systems, the Swedish government introduced a national strategy for cyber security in 2017 with several strategic areas, aimed at the enhancement of incident prevention capacity and systemic security. Additionally, the Comprehensive Cyber Security Action Plan 2019-2022, presented in March 2020 has provided add-on guidance on securing the key infrastructure, efficient response to the threats before, during, and after the attacks, and outlined the basics of coordination between the domestic/overseas companies and law enforcement agencies.
Regardless of these measures, a large number of Sweden-based companies continue falling victim to ransomware attacks. The most common causes can be divided into internal, such as insufficient systems security, lack of technical expertise, or checkup systemic in victims, and external, which mainly depend on the tactics of the attackers.
Being aware of the most typical strategies criminals use to profit, enterprises can get some insights on how to secure their companies from upcoming attacks and minimize the damages if any occur. In this article, cyberlands.io experts will explore the most high-profile cases of cyber attacks on Swedish companies, analyzing their causes, effects, and results on performance.
#1 Swedish Transport Agency Admits a Data Leak
A massive sensitive data exposure occurred in July 2017 at Swedish Transport Agency. The company was initially outsourcing its databases to IBM in the Czech Republic, but it became known that the lack of security clearances resulted in the industry's largest security incident.
According to the statement by the Transport Agency, the exposed data included the weight capacity of all roads and bridges, details of all government and military vehicles, personal data of fighter pilots, police force members, members of the Swedish military's most secret units, and everybody in Sweden's witness protection program, which severely violates the National Security Act, Personal Data Act, and Publicity and Privacy Act.
After the incident was revealed, the company was urged to implement a wide range of security measures to provide limited data access and strengthen the security of its internal systems.
According to the statement by the Transport Agency, the exposed data included the weight capacity of all roads and bridges, details of all government and military vehicles, personal data of fighter pilots, police force members, members of the Swedish military's most secret units, and everybody in Sweden's witness protection program, which severely violates the National Security Act, Personal Data Act, and Publicity and Privacy Act.
After the incident was revealed, the company was urged to implement a wide range of security measures to provide limited data access and strengthen the security of its internal systems.
#2 Vårdguiden 1177 Healthcare Line Leaked the Recordings of Over 170,000 Hours of Calls
In February 2019, it came to be known that over 2.7 million calls to a medical advice service were exposed on an open web server provided by Swedish company Voice Integrate Nordic AB. During the investigation, the analysts have revealed that calls dating back to 2013 were stored unencrypted and could be potentially accessed by third parties with only a web browser used.
Upon the incident discovery, the company's server had been shut down. However, some of the call files were discovered to be downloaded from seven IP different addresses, with over 20 of those containing personal information identifying the caller or their phone numbers. The company representatives informed us they've started working with the affected regions and subcontractors "to analyze the problem and ensure it is rectified".
Upon the incident discovery, the company's server had been shut down. However, some of the call files were discovered to be downloaded from seven IP different addresses, with over 20 of those containing personal information identifying the caller or their phone numbers. The company representatives informed us they've started working with the affected regions and subcontractors "to analyze the problem and ensure it is rectified".
#3 Gunnebo Informs About a Data Breach, Exposing Over 38,000 Files
The Sweden-based company specialized in enhanced security solutions for buildings informed about the massive data exposure that occurred in August 2020.
According to the official press release, the ransom managed to obtain sensitive data including drawings of bank vaults, monitoring and alarm equipment, and security functions for ATMs. The attackers also copied the sensitive data from the Riksdag (the national legislature and the supreme decision-making body of Sweden) and classified drawings of the Swedish Tax Agency's office in Sundbyberg.
Upon the incident discovery, the company immediately informed the local regulatory authorities and all the affected parties, and initiated an internal investigation to study the causes and improve the system's security posture.
Nevertheless, the incident awareness came to light only a few months after, in October 2020, which was explained by the need to take immediate actions to limit the potential impact. That is why the company has managed to end with minimal disruption to operations only.
According to the official press release, the ransom managed to obtain sensitive data including drawings of bank vaults, monitoring and alarm equipment, and security functions for ATMs. The attackers also copied the sensitive data from the Riksdag (the national legislature and the supreme decision-making body of Sweden) and classified drawings of the Swedish Tax Agency's office in Sundbyberg.
Upon the incident discovery, the company immediately informed the local regulatory authorities and all the affected parties, and initiated an internal investigation to study the causes and improve the system's security posture.
Nevertheless, the incident awareness came to light only a few months after, in October 2020, which was explained by the need to take immediate actions to limit the potential impact. That is why the company has managed to end with minimal disruption to operations only.
#4 Insurance Firm Admits Data Breach: 1 Million Swedes Affected
Folksam Group, One of Sweden's biggest private insurers, confirmed it gained access to private data in a breach that occurred in November 2020. Due to this incident, the client data of over 1 million Swedes were shared with Facebook, Google, Microsoft, LinkedIn, and Adobe companies.
According to the Folksam official comments, the company was trying to analyze the customer data to improve the service personalization, but occasionally, shared the personal information with third parties. The internal audit has uncovered the leaked data including various insurance payments and social security numbers of their clients, which heavily violates the private data security regulators.
Upon the incident discovery, Folksam admitted they have "immediately stopped sharing this personal information and requested that it be deleted", yet informed the local regulatory authorities and affected parties about the data breach and security measures to be followed.
According to the Folksam official comments, the company was trying to analyze the customer data to improve the service personalization, but occasionally, shared the personal information with third parties. The internal audit has uncovered the leaked data including various insurance payments and social security numbers of their clients, which heavily violates the private data security regulators.
Upon the incident discovery, Folksam admitted they have "immediately stopped sharing this personal information and requested that it be deleted", yet informed the local regulatory authorities and affected parties about the data breach and security measures to be followed.
#5 Coop Supermarkets Shut Due to the Colossal Cyberattack
Coop Sweden informed that over 800 of its stores will be closed due to a massive cyberattack in July 2021, as a result of which some of the point-of-sale tills and self-service checkouts stopped working.
According to the press release, the supermarket chain became one of the multiple organizations affected by the attack on a large software supplier. The investigation report uncovered the ransom initially targeted Florida-based IT company Kaseya before spreading through corporate networks that also use this software.
Upon the incident discovery, most of the Coop stores were forced to stop operation, and it took several days to reboot the system and recover after the attack. The most recent official comments provided by Kesaya uncover, that the threat artists responsible for the breach are the Russia-linked REvil ransomware gang.
According to the press release, the supermarket chain became one of the multiple organizations affected by the attack on a large software supplier. The investigation report uncovered the ransom initially targeted Florida-based IT company Kaseya before spreading through corporate networks that also use this software.
Upon the incident discovery, most of the Coop stores were forced to stop operation, and it took several days to reboot the system and recover after the attack. The most recent official comments provided by Kesaya uncover, that the threat artists responsible for the breach are the Russia-linked REvil ransomware gang.
#6 Volvo Cars Report a Massive Data Compromise
In December 2021, Swedish manufacturer Volvo Cars reported one of its file repositories had been breached as a result of a cyberattack. During the internal investigation, experts discovered that the criminals managed to remain in full control and steal the research and development data of the company's R&D property. However, the Volvo Cars' representative has reassured the public that the breach was likely to have no "impact on the safety or security of its customers' cars or their personal data". For the owners of the latest car models, this is really critical, since the over-the-air (OTA) updates being delivered to customers' vehicles can contain private information.
After the incident, Volvo immediately took security countermeasures including steps to prevent further access to its property, and notified relevant authorities. This incident has significantly affected the company's operation, sending its stock falling 3.5 percent in Stockholm, to 72.44 kronor ($8.00).
After the incident, Volvo immediately took security countermeasures including steps to prevent further access to its property, and notified relevant authorities. This incident has significantly affected the company's operation, sending its stock falling 3.5 percent in Stockholm, to 72.44 kronor ($8.00).
#7 Securitas Exposed Over 1.5 Million Files as a Result of a Data Breach
In January 2022, a leading security services provider of on-site guarding and risk management confirmed a massive data breach, exposing the private data of its clients within Latin America in the aviation industry.
According to SafetyDetectives, the cause for the target data breach was one Amazon S3 bucket left unsecured, exposing over 1.5 million files or employee PII and sensitive data of at least four airports in Colombia and Peru.
Overall, the bucket contained information about Securitas' employees and airport employees, ID card scan copies and other unmarked images, full names, photos, occupations, and national ID numbers. Along with this, the files exposed also contained the data from Securitas mobile apps, which were mainly used for helping with incident reporting and other internal tasks.
The independent experts suppose, that the breach could affect the organizations and employees across several industries, affecting their workflow performance, security, and the safety of people who ensure the security of travelers and staff in the airport, if any criminals or terrorist organizations accessed the data.
According to SafetyDetectives, the cause for the target data breach was one Amazon S3 bucket left unsecured, exposing over 1.5 million files or employee PII and sensitive data of at least four airports in Colombia and Peru.
Overall, the bucket contained information about Securitas' employees and airport employees, ID card scan copies and other unmarked images, full names, photos, occupations, and national ID numbers. Along with this, the files exposed also contained the data from Securitas mobile apps, which were mainly used for helping with incident reporting and other internal tasks.
The independent experts suppose, that the breach could affect the organizations and employees across several industries, affecting their workflow performance, security, and the safety of people who ensure the security of travelers and staff in the airport, if any criminals or terrorist organizations accessed the data.
#8 Swedish ICRC Confirmed a Data Breach: Over 500,000 People Affected
Another massive data breach in January 2022 was confirmed by the International Committee of the Red Cross (ICRC). According to the official press release, the ICRC's servers containing personal data of over 515,000 people worldwide had been hacked.
According to the comments from official sources, the data leaked included personal information of thousands of people connected to the Red Cross in some way: missing people and their families, detainees, and others receiving services from the Red Cross due to armed conflicts, natural disasters, or migration.
Upon the incident discovery, Swedish Red Cross initiated a comprehensive investigation to analyze the background of the attack, the threat actors responsible, as well as the possible scenarios the incident can result in. Fortunately, none of the systems were affected but, according to the GDPR regiment, the company immediately reported all the affected parties and regulatory authorities about the incident.
According to the comments from official sources, the data leaked included personal information of thousands of people connected to the Red Cross in some way: missing people and their families, detainees, and others receiving services from the Red Cross due to armed conflicts, natural disasters, or migration.
Upon the incident discovery, Swedish Red Cross initiated a comprehensive investigation to analyze the background of the attack, the threat actors responsible, as well as the possible scenarios the incident can result in. Fortunately, none of the systems were affected but, according to the GDPR regiment, the company immediately reported all the affected parties and regulatory authorities about the incident.
#9 A Massive Cyber Attack at Axis Communications
In February 2022, a high-profile cyber attack was confirmed by Axis Communications, a Sweden-based network camera, and related hardware solutions provider. According to the official information, as a result of the attack, the company was forced to shut down its public-facing services to minimize the potential impact.
In the updated press release, Axis Communications commented that the attack involved social engineering and account takeovers, with the ransom, managed to bypass the multi-factor authentication and elevated their access to compromise internal directory services.
The decision of shutting down the services resulted in disruption to Axis's employee and partner services. The investigation has discovered the file-encrypting malware, but fortunately, no servers have been affected or personal data obtained. According to the security experts' overview, the ransomware attempted to make a profit only by threatening to leak or sell data stolen.
Until the forensic incident investigation is completed and the internal systems are fully secured, the company has informed its clients about operating in a "restricted mode".
In the updated press release, Axis Communications commented that the attack involved social engineering and account takeovers, with the ransom, managed to bypass the multi-factor authentication and elevated their access to compromise internal directory services.
The decision of shutting down the services resulted in disruption to Axis's employee and partner services. The investigation has discovered the file-encrypting malware, but fortunately, no servers have been affected or personal data obtained. According to the security experts' overview, the ransomware attempted to make a profit only by threatening to leak or sell data stolen.
Until the forensic incident investigation is completed and the internal systems are fully secured, the company has informed its clients about operating in a "restricted mode".
#10 Kry International AB Was Breached: IMY Initiates the Investigation
In June 2022, the Swedish Authority for Privacy Protection ('IMY') announced the investigation regarding Kry International AB's data security breach reported recently. The Swedish telehealth provider Kry self-reported about the massive patient data leakage to Facebook on May 27, 2022, informing that doctors 'and patients' contact information leaked to Facebook.
Previously, the company was working on the telehealth service for digital patient calls, and the leakage could possibly occur due to a technical error. According to the latest official information, the company immediately reported the matter to the Swedish authority for privacy protection and described the error as "very unfortunate".
Previously, the company was working on the telehealth service for digital patient calls, and the leakage could possibly occur due to a technical error. According to the latest official information, the company immediately reported the matter to the Swedish authority for privacy protection and described the error as "very unfortunate".
Conclusion
As you can see from the infamous experience of Sweden-based companies, digital security is not the second aspect that can be overlooked nowadays. Regardless of your business size, the field of operation, and performance specifics, strengthening the security of your enterprise ensures its smooth operation and growth, yet minimizes the chances of reputational or financial damages.
If you are looking for a reliable partner to enhance the security of your business, cyberlands.io is always here to help. Our crew of reputable penetration testers and talented cybersecurity specialists are ready to provide first-class support for nearly any enterprise, covering all their requirements and needs.
Contact us today to discover the most efficient opportunities to secure your business online with cyberlands.io!
If you are looking for a reliable partner to enhance the security of your business, cyberlands.io is always here to help. Our crew of reputable penetration testers and talented cybersecurity specialists are ready to provide first-class support for nearly any enterprise, covering all their requirements and needs.
Contact us today to discover the most efficient opportunities to secure your business online with cyberlands.io!
Cyberlands.io Team