Last week, breaches and cyberattacks occurred across several industries from the public sector, communications, retail, electric power, gaming, automotive to the healthcare industry, with devastating consequences such as major outages and data leaks. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Okta amidst hackers stole all customer support users’ data during a recent cyber breach. Okta, a U.S. access and identity management giant, admits that hackers stole information on all users of its customer support system in a network breach 2 months ago. The company notified customers that the hackers downloaded a report which contained data of clients that use its customer support system. The compromised data includes the clients’ names and email addresses. In some cases, the hackers may have also accessed the client’s phone numbers, usernames and details of some employee roles. Okta’s follow-up analysis also found that the hackers accessed “additional reports and support cases” which contained the contact information of all Okta-certified users and some Okta Customer Identity Cloud customer contacts. Some Okta employee information was also included in these reports but the company has not confirmed how many of their employees are affected. Okta said in a statement that there is no evidence as of current that this information is being actively exploited, but notified their customers as the compromised file increases their risk of phishing and social engineering attacks. The company also emphasised that none of their government customers were affected by the breach, and that their Auth0 support case management system was not impacted. Okta advises all customers to use multi-factor authentication and to use phishing-resistant authentication such as physical security keys. The British Library has started contacting customers as the Rhysida ransomware group leaks most of the stolen data. The Rhysida ransomware group has published most of the data they claimed to have stolen from the British Library a month after the attack was disclosed. From a cursory look of the files leaked, it appears to show data related to various British Library departments, functions and stakeholders. Rhysida’s website indicates that 490,191 files are included in the leak - totalling 573 GB. The site appears to show that 90% of the data has been uploaded, alongside a small message that suggests at least some of the data was sold. The British Library has posted an update on their website confirming Rhysida’s claims and advised customers to change similar passwords used on other websites. According to disclosure notices sent to customers, Rhysida has accessed the library’s CRM databases, and “at a minimum” contain names and email addresses of most of its customers. Customers’ postal addresses or telephone numbers may also be included if a customer used certain library services (which was not specified). The British Library has posted on their blog, which is separate from the downed website, the services that are and are not available, which has largely remained unchanged since the previous status updates. Other than the restoration of their Wi-Fi networks and card payment terminals. Line operator reports massive data breach that compromised 440,000 personal records. LY Corp reported a massive data breach on Monday which resulted in 440,000 items of personal data being leaked. This includes more than 300,000 linked to Line messaging app users. This was the result of unauthorised access to an affiliate’s computer system in October. The leaked users’ data includes their age group, gender and some of their service use histories. Information regarding the company's business partners and employees were also leaked, such as their names, email addresses and affiliations. However, the company did state that financial information such as users’ bank accounts and credit cards were not leaked, as well as their chat messages. They also have found no reports of misuse so far. The company confirmed the data leak occurred on 29 October but took a month to announce as they required time to confirm the scale of the breach. LY Corp has also reported the case to the relevant authorities, and are also contacting users, business partners and impacted customers of the leak. Certis Security Australia suffered an email breach: Compromising personal information of employees and partners. Certis Security Australia, a physical security company, has suffered a breach in their email system. The company stated that no customer data was affected, however the personal information of some employees and partners has been accessed. The information accessed includes their names, birth dates, addresses, phone numbers and tax file numbers. The company had “isolated and removed access” to their email systems by the unauthorised actors to reduce the likelihood of damage to their systems or data loss. They also engaged with a third party cyber security specialist to provide them with assistance. Capital Health Hospitals suffers a cyberattack causing IT outages. Capital Health Hospitals and physician offices in New Jersey are suffering from IT outages after a cyberattack hit the non-profit organisation’s network earlier this week. The healthcare system manages 2 hospitals (Regional Medical Center & Capital Health Medical Center), an outpatient facility, and dozens of New Jersey primary and specialty care practices. Capital Health confirmed that both hospitals are currently accepting incoming patients under protocols established for system downtime. The non-profit stated that they are currently prioritising safe patient care, while working to restore the network and address the impact of this cyberattack. Capital Health is working with third-party forensic and IT experts to restore the impacted services. They also had notified the relevant authorities immediately after the cyberattack was detected. As of now, surgical schedules are minimally impacted, with outpatient radiology being unavailable, and neurophysiology and non-invasive cardiology testing being rescheduled. Capital Health expects that their systems will continue to be down for at least another week, and could not provide a timeline for when the ongoing issues will be resolved. Dollar Tree suffers third-party data breach: Close to 2 million individuals’ personal information affected. Dollar Tree, a discount chain, was impacted by a third-party data breach that affected 1,977,486 people after ZeroedIn, a workforce analytics service provider, was data breached. ZeroedIn detected that the threat actor had unauthorised access to certain systems between 7-8 August. After investigation, they determined that some of the files accessed or stolen by the attackers contained personal information. The accessed data pertained to certain customers, including Dollar Tree and Family Dollar. ZeroedIn notified Dolar Tree of the incident after determining that some of the compromised information pertained to “certain individuals associated with them”. The personal information stolen includes the names, birth dates and social security numbers of applicants, current and former employees of Dollar Tree. ZeroedIn may face a class-action lawsuit over this breach as data breach lawyers at Console & Associates announced that they are investigating the matter on behalf of impacted individuals. A ransomware attack on Ardent hospitals caused disruption in 6 states. Ardent Health Services, a healthcare provider that operates 30 hospitals across 6 U.S. states, disclosed that their systems were hit by a ransomware attack. The incident led to the provider to take their entire network offline, suspending all user access to their information technology applications - this includes corporate servers, Epic software, internet and clinical programs. They have also reported the incident to relevant authorities and hired external experts to investigate the extent and the impact of the attack. Impacted hospitals are currently diverting all patients requiring emergency care to other hospitals in their area, but they can still provide medical screening and stabilising care to patients arriving at their emergency rooms. Patient care services are still active in Ardent’s clinics, although certain non-urgent elective surgeries have been temporarily halted as they are working to restore encrypted systems. Ardent will be directly contacting individuals requiring rescheduling of appointments or procedures. Ardent could not provide a definitive timeline for the restoration process. Ardent has also yet to confirm if any patient health or financial data has been compromised during the attack as investigations are still ongoing. Slovenia’s largest power provider, HSE, suffered a ransomware attack. Slovenian power company, Holding Slovenske Elektrarne (HSE), has suffered a ransomware attack that compromised its systems and encrypted files. Although the company has said the attack did not disrupt electric power production. The local news reported that the HSE suffered a ransomware attack on 22 November, with the company containing it on 24 November. The company has reported to the relevant authorities and are engaged with external experts to mitigate the attack and prevent the virus from spreading to other systems across Slovenia. A statement has also been issued that no operational disruption or significant economic damage is expected. According to spokespersons, the impairment is limited to the websites of Sostanj Thermal Power Plants and the Velenje Coal Mine. Ransomware attack on ‘Ethyrial: Echoes of Yore’ game wiped all players' accounts. A ransomware attack on ‘Ethyrial: Echoes of Yore’ game destroyed 17,000 players’ accounts, deleting their in-game items and progress. As announced on the game’s official Discord server, ransomware actors attacked the main server and encrypted all data - this includes local backup drives, and demanded payment for the encryption key. The game developers did not trust that paying the ransom would guarantee the encryption key, hence they decided to rebuild the server and create new account and character databases. The game developers have also stated that they will manually restore everything (the players’ items and progress) that was lost during the attack when the servers are back up. The game developer also promised that they will increase the frequency of taking offline account database backups, implement a P2P VPN for remote connections to the development server, and whitelisting specific IPs which are allowed access to the development server. DP World confirms data stolen in early November cyberattack. DP World, an international logistics giant, confirmed that data was stolen during the 10 November cyberattack. The company found that some of their files were accessed by the attackers, and a “small amount” of data was exfiltrated from DP World Australia network. Investigations showed that customer data were not affected, however some of the impacted data did include the personal information of current and previous employees of DP World Australia., However, the company stated no ransomware payloads or encryption was used during the attack. Regarding the impact of the cyberattack, DP World established that the cyberattack only affected its Australian business. All impacted individuals will be notified to take the appropriate measures, and they will also receive support from a specialist team and service coverage to mitigate identity theft and fraud risks. YanFeng Automotive Interiors suffers from a cyberattack: The QiLin ransomware group claims responsibility. YanFeng, one of the world’s largest automotive parts suppliers, has suffered a cyberattack, which the Qilin ransomware group claims responsibility for. Earlier this month, it was reported that Yanfeng was impacted by a cyberattack that directly affected Stellantis, forcing the car company to stop production at its North American plants. Although the Chinese company remained unresponsive to inquiries, its main website was inaccessible until 28 November. The Qilin ransomware group has claimed the attack on Yanfeng by adding them to their data leak site. They have published multiple samples to prove their alleged access to Yanfeng systems and files. This includes financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports. The threat actors have threatened to release all the possessed data, but no specific deadline was set. A U.S. water facility was breached via exposed Unitronics PLCs. CISA (Cybersecurity & Infrastructure Security Agency) warns that hackers breached a U.S. water facility via hacking into Unitronics programmable logic controllers (PLCs) exposed online. PLCs are essential control and management devices, and hackers compromising them would have severe consequences, such as being able to contaminate water supply by altering chemical dosing or even halt water supply. Luckily the water facility attack did not compromise portable water safety for the served communities. CISA did emphasise that the water facility was breached as hackers took advantage of poor security practices rather than exploiting a zero-day vulnerability in a product. CISA has recommend system administrators to:
The Japanese Space Agency, JAXA, hacked in a cyberattack over the summer. The Japanese Aerospace Exploration Agency (JAXA) suffered a cyberattack over the summer, which may have put sensitive space-related technology and data at risk. The security breach was discovered this autumn when the law enforcement authorities alerted JAXA that their systems were compromised. In a press conference, Chief Cabinet Secretary of Japan Hirozaku Matsuno, revealed that the attackers gained access to the agency’s Active Directory (AD) server, which is a crucial component that oversees JAXA’s network operations. The server likely contains critical information such as employees’ credentials. JAXA is now working with the government cybersecurity experts and law enforcement to determine the extent of the compromise. Apple fixes 2 new iOS zero-day vulnerabilities in emergency updates. Apple has released emergency security updates to fix 2 zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that are being exploited in attacks. These vulnerabilities impact iPhone, iPad and Mac devices. The 2 vulnerabilities were found in the WebKit browser engine, and allows attackers to gain access to sensitive information via an out-of-bounds weakness, and gain arbitrary code execution via a memory corruption bug on vulnerable devices. The emergency update will address the security flaws for devices running iOS 17.1.2, iPad 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. It is highly recommended that all users of these devices update their devices immediately. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|