Last week has been dominated by MOVEit data-theft attacks and their impacts on various organizations. Not only that, last week has been dominated by ransomware attacks and data theft in various countries and industries. Furthermore, vulnerabilities in various organization’s networks and systems that would be detrimental have been detected.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Microsoft links Clop ransomware gang to MOVEit data-theft attacks. The Microsoft Threat Intelligence team announced that they have linked the Clop ransomware gang to recent cyber attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. The attacks are believed to have begun on 27th May, with BleepingComputer observing numerous organizations are having their data stolen during the attacks. Clop ransomware gang has also confirmed that they are behind the MOVEit Transfer data-theft attacks. Although Clop did not share how many organizations were breached, they did notify BleepingComputer that if the ransom were not paid, victims would be displayed on their site. They also confirmed that they have yet not to extort the victims. They also told BleepingComputer that any data from the military, children’s hospitals and governments were deleted. Another confirmed huge U.S medical data breached after Fortra cyber attack. Intellihartx, a Tennessee-based company that handles patient payment balance and collections has filed with the Maine attorney general’s office that 489,830 patients personal information were stolen during the Fortra mass cyberattack, which was their vendor. Personal information stolen were the patient's names, addresses, birth date and social security numbers. Other information stolen were the patient's medical billing, insurance information, diagnosis and medication. Clop ransomware group claimed responsibility for the mass ransomware attack on Fortra’s GoAnywhere file-transfer software. This mass attack has affected more than a hundred organizations, including Hatch Bank (digital financier), Rubrik (security giant) and the City of Toronto. To add on, millions of patient’s health information were also stolen during this mass attack with NationBenefits patient’s data stolen. Impact of Clop’s ransomware attack prompted the U.S Department of Health and Human Services to publish an alert to warn that Clop was targeting the healthcare industry. University of Manchester cyber attacked - data ‘likely’ stolen. University of Manchester have warned staff and students that they suffered cyberattack whereby it is likely that the hackers have likely stolen data from the University’s network. University of Manchester discovered the breach on 6th June, and had immediately launched an investigation. As of 11 June, staff and students are not required to reset their passwords, but they highly advised staff and students to be vigilant against any potential phishing attacks. The University of Manchester has also announced that this data breach is unrelated to the recent MOVEit transfer cyber attack or the associated data breach at Zellis. Cortina Watch’s data leaked by hacker - includes customer’s details and sales tactics. The cyberattacker that stole Cortina Watch’s data via illegally accessing one of their servers, has carried out the threat to release the information online which includes customers’ contacts and addresses. This was after Cortina Watch did not engage with the cyberattacker, and did not pay the ransom of US$50,000. It was found that more than 7GB of data, which includes details of customers, staff, vendors and the company’s operations, were uploaded on a file-sharing site on Thursday. Personal information leaked included customers’ contact information, addresses and birth dates. This exposed information included the names of at least 12 Malaysian datuks. Details exposed in the leak were also usernames and passwords for company and staff accounts, with many administrator accounts sharing the same password. Furthermore, the company’s watch inventory, sales tactics and orders were also uploaded. British Airways, the BBC, Boots and Aer Lingus breached due to MOVEit transfer vulnerability. British Airways, the BBC, Boots and Aer Lingus, has been data breached due to the MOVEit mass data-theft attacks, which has impacted Zellis, a UK-based payroll provider. Zellis confirmed that 8 of their clients were impacted, which included the 4 companies listed above. The total exposed employee data were over 100,000. Exposed data included all data employees provided for payroll purposes which included employees’ names, addresses, birth dates, UK National Insurance number, bank details and phone number. The BBC has confirmed that company ID and national insurance numbers were compromised but they did not believe that their employee’s bank details had been exposed. Current and former staff at Aer Lingus were also affected, although the airline stated that no phone numbers, and no financial or bank details were exposed in this incident. Eisai, a pharmaceutical company, discloses a ransomware attack. Eisai, a Japanese pharmaceutical company, was hit by a ransomware attack last Saturday night. After which, Eisai set up a company-wide task force, and are working with external experts and law enforcement officials. The company is currently investigating if there was a possibility of data leaks. As a response to the cyber attack, Eisai has taken some of their computer systems, both in and out of Japan, offline. Goldheart, a jewellery chain, data breached - almost 42,000 customers affected. Goldheart, a jewelry chain under Catalist-listed Aspial Lifestyle, announced on 5th June that they were data breached. This affected close to 42,000 of their customers that were logged prior to November 2022. Personal information exposed included customers’ names, addresses, emails, phone numbers and birth dates. Although luckily, no financial data such as credit card information or passwords has been compromised. Goldheart has stated that they had launched an investigation, and has also taken steps to mitigate any further illegal access. This included suspending their e-commerce website, securing their systems, and working with external experts and relevant authorities. Goldheart had also notified all affected customers of the incidents, as well as the Personal Data Protection Commissioner, and reported the incident to the police. Honda API flaws exposed customers’ data, internal documents and dealer panels. Honda’s e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. This would allow anyone to access unrestricted admin-level data access on the firm’s network. This flaw was discovered by Eaton Zveare, a security researcher, who had breached Toyota’s supplier portal a few months back by leveraging similar vulnerabilities. Information exposed included:
This was reported to Honda on 16 March 2023, and on 3rd April 2023, Honda has confirmed that all problems had been resolved. Microsoft’s Azure portal down following claims of DDoS attacks. The Microsoft Azure Portal is down as a cyber attacker claims to be targeting the site with a DDoS attack. Although the website portal is down (error notifications when customers tried to access the portal), the mobile app appears to be unaffected. The Microsoft Azure status page stated that they are aware of the incident and were attempting to mitigate the issue. As of 9th of June, the Azure portal appears to be live again and stable. Microsoft has not disclosed the underlying reason for the outrage, other than stating that they applied more load balancing processes to the service. This was not the only DDoS attack on Microsoft this week, whereby other Microsoft web portals for Outlook.com and OneDrive also suffered outrages at the same time. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|