Last week, there were data breaches and cyber attacks, with governments worldwide and other industries such as manufacturing, airlines, and the news industries being impacted as well. Furthermore, updates on former IT security analyst impersonating a ransomware gang, Meta’s fines from the EU, new vulnerabilities and a once-legit but now malicious Android app have been found.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. IT security analyst admits impersonating ransomware gang to pocket ransom payments. Former IT security analyst, Ashley Liles, at Oxford Biomedica admitted that he attempted to hijack a cyber attack against the company to divert the ransom payments to him instead of the original external attacker. He was found to have accessed the private emails of a board member more than 300 times, altered the original blackmail email, and changed the payment address provided by the original attacker. After it was revealed that unauthorized access to private emails came from Liles’ home, SEROCU officers arrested him and conducted a search on his property. Liles initially denied involvement, until he pleaded guilty just last week during a Reading Crown Court hearing. Ashley Liles will return to court on 11 July 2023, to hear his sentence. Meta has been fined $1.3 billion over data privacy breaches. Ireland’s Data Protection Commission announced that Meta has been fined $1.3billion over their handling of users’ data. The EU has previously warned Meta for the transference of Facebook users’ data to the US servers, stating that the data were not sufficiently protected from American spy agencies. They have given Meta a 5 month grace period to stop transferring users’ data. Meta has stated they plan to appeal the ruling. Italy’s Industry Ministry hit by a cyberattack. The Italian Industry Ministry’s web applications and portal were hit by a cyberattack last Friday, causing them to be out of order. They put out a statement stating that technicals were working to “mitigate the consequences” and initial checks showed no data had been stolen. City of Augusta, Georgia cyber attacked by BlackByte ransomware gang. The city of Augusta, Georgia has confirmed that their IT system outage was caused by unauthorized access of their system. Currently, investigation is underway to determine whether any data has been stolen. A statement from the mayor, Garnett Johnson, clarified that recent media reports about the ransomware gang demanding $50 million from the city are false. Although BlackByte has claimed to have stolen 10GB of data after listing the city on their data leak site. Rheinmetall, automotive and arms manufacturer, confirms BlackBasta ransomware attack. Rheinmetall AG, a German automotive and arms manufacturer, confirmed that they have suffered a BlackBasta ransomware attack. This was after BlackBasta posted Rheinmetall on their extortion site along with samples of stolen data which they claimed to be from Rheinmetall. Samples of stolen data include passport scans, non-disclosure agreements, purchase orders and technical schematics. However, Rheinmetall clarified that the attack only impacted their civilian department, and not the military department. Scandinavian Airlines hit by cyberattack - Hackers demands $175, 000. Scandinavian Airlines (SAS) was hit by a cyberattack last Wednesday, resulting in their app and website being shut down for over 22 hours. Anonymous Sudan reportedly has demanded a ransom of $175,000. This is not the first time SAS has faced an IT breach - with SAS being breached by the same group which has leaked SAS’s customer data and wreaked havoc as passengers were logged into others’ accounts allowing them to access others’ personal data. Philadelphia Inquirer cyber attack led to operations disruption. Daily newspaper, the Philadelphia Inquirer has confirmed that they were hit by a cyberattack in their network, which has led to operations disruption - whereby newspaper circulation was halted, and publishing and updating stories were disrupted with intermittent delays. The Inquirer’s Johnathan Lai said that this incident “was the greatest publication disruption to Pensslyvania’s largest news organization since the blizzard of Jan.7-8, 1996”. As of now, they cannot provide information regarding the identity of the attacks and if employee’s and customers’ private information has been stolen. Currently, investigations are underway. Latitude cyberattack to cost the company up to AU$105 million. Latitude Group anticipates that their recent cybersecurity incident will cost up to AU$105 million. This includes a 5-week period of being forced to stop or severely restrict the opening of new accounts. Furthermore, as key systems were shut down, the company was unable to contact customers who had not paid their bills during this period. This expected cost does not include any potential costs the company could incur from “regulatory fines, class actions, future system enhancements or an assumption of insurance proceeds''. Latitude also stated that it would make less income and would take higher provisions for bad debts due to the shutdowns in its collection area worsening a trend towards rising bad debts. On Friday, Latitude Group released a statement that estimated that the total containment and remediation costs from the attack will add up to AU$7 million. On Friday, Latitude shares fell 4.2% to AU $1.24. Barracuda warns users of a zero-day flaw exploited that has breached their Email Security Gateway appliances. Barracuda, an email protection and network security services provider, warned users of a zero-day vulnerability that has been exploited to breach the company’s Email Security Gateway (ESG) appliances. Barracuda are used by more than 200,000 organizations globally, including companies such as Delta Airlines, Samsung, Kraft Heinz and Mitsubishi. After identification of the flaw, Barracuda deployed a patch across all ESG devices worldwide the next day. A second fix has also been released as part of their “containment strategy”. Barracuda did not disclose the scale of the attack but has stated that affected users have been directly contacted with a list of actions to take. It is highly recommended that their customers review their environments, just to ensure that their network has not been breached. CISA has also warned government agencies of this flaw, and federal agencies are required to fix the bugs and check their networks for intrusion. Legit android screen-and-recorder app turned into mic-snooping malware - and Google Play missed it. It has been found that Google Play has missed a once-legit Android screen-and-audio recorder app, iRecorder, that has been updated to include a malicious code that listened in on device microphones. Potentially tens of thousands of people have downloaded the software before ESET researchers found the hidden malware and alerted Google, which has since pulled the app from their store. Although it has been pulled, researchers note that the recording app remains available on some alternative and unofficial Android app markets. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|