Get Top CyberNews – Shields🛡️Up

October 2023

FBI: Crippling ‘Dual Ransomware Attacks’ on the Rise

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage. The FBI has issued a warning about a rising ransomware trend in which separate attacks are conducted just hours or days apart — otherwise known as “dual ransomware attacks.” The phenomenon makes sense: After an initial ransomware attack, an organization or company is still reeling from the breach and is at its weakest point, making a second attack to its already compromised system all the more harmful.

September 2023

MGM reeling from cyber ‘chaos’ 5 days after attack as Caesars Entertainment says it was hacked tooRansomware gang claims credit for Sabre data breach

Sabre is a travel reservation system and major provider of air passenger and booking data, whose software and data is used to power airline and hotel bookings, check-ins and apps. Many U.S. airlines and hotel chains rely on the company’s technology. The Dunghill Leak group claimed responsibility for the apparent cyberattack in a listing on its dark web leak site, alleging it took about 1.3 terabytes of data, including databases on ticket sales and passenger turnover, employees’ personal data and corporate financial information.

The group posted a portion of the files they allegedly stole, claiming the full cache will be made “available soon.”

August 2023

Top U.S. cyber official offers ‘stark warning’ of potential attacks on infrastructure if tensions with China escalate

David Pekoske, the director of the Transportation Security Administration, which oversees the security of U.S. pipelines, ports, railways and aviation, said at the panel that critical infrastructure operators need to prepare for such cyberattacks immediately not to be caught off guard in the future.

“Time is not our friend in this quest. We need to move very, very quickly. That’s why we’ve moved so quickly and so have our industry partners,” Pekoske said. “We need to be ready now.

U.S. taps cyber pros to develop AI cybersecurity tools

The Defense Department is putting up $18.5 million to encourage US cybersecurity professionals to find novel ways to use artificial intelligence to safeguard the country’s critical infrastructure and government systems. The Defense Advanced Research Projects Agency (DARPA) Cyber Challenge kick started a two-year cybersecurity challenge at the Black Hat conference in Las Vegas August 2023.

July 2023

July 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

NCSC-Certified Cyber Incident Planning and Response… Contact Cyber Management Alliance… Headquartered in London UK, Cyber Management Alliance Ltd. is a world leader in cybersecurity consultancy and training. We have enabled over 750 enterprise clients in 38 countries, including FIFA, NHS, Capita, BNP Paribas and Unilever, across all verticals to strengthen their cyber defenses…. Cyber Management Alliance is also renowned globally as the creator of the UK’s NCSC-Certified training courses in Incident Response…. Date: 1 August 2023…

June 2023

Saw some of the biggest cybersecurity breaches, attacks and eye-catching news stories this year. Here’s a complete roundup of all the recent cyber attacks, data breaches and ransomware attacks that made it to the news in June 2023.

Here’s a complete roundup of all the recent cyber attacks, data breaches and ransomware attacks that made it to the news in June 2023.

The MOVEit cyber-attack and updates on the May Barracuda incident have made striking headlines this month.

As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks.

May 2023

May 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

ABB

Global automation company ABB fell victim to a cyberattack in May 2023. The criminal group Black Basta attacked the corporation through its Windows Active Directory, compromising hundreds of company devices.

This ransomware attack first became apparent on 7 May, when the company’s operations were halted internally. So far, it is not specified whether ABB paid the ransom, or if there was even one, however, private information was leaked. Additionally, in order to prevent criminals from affecting other networks, the company temporarily stopped all VPN connections.

Black Basta is based in Russia and, since 2022, it has regularly targeted both public and private organizations all around Europe, hitting 44 victims in just a year, according to a Trend Micro Report. Cyber-criminals in general often act via double extortion tactics, which usually see a company’s data encrypted so that the organization can be compelled into communicating with the gang to reach a deal.

Headquartered in Switzerland, ABB is one of the global leaders in the robotic systems field, employing over 100,000 people. In addition, it works closely with over 40 US-based engineering, manufacturing, research and service facilities operating alongside the US Army Corps of Engineers and Federal Civilian agencies.

Lacroix

The cyberattack against Lacroix, which happened in May, caused the company’s virtual infrastructure to be encrypted. It also forced Lacroix to close three out of eight sites around the globe for a week since they cannot function without the digital component. In particular, the company’s manufacturing center in Beaupréau, a German site in Willich and a factory in Zibra were targeted. These three factories were responsible for 19% of the company’s total sales in 2022.

Like in ABB case, it is also unclear whether a ransom has been paid or even demanded.

April 2023

April 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

March 2022

WHITE HOUSE FACT SHEET: Act Now to Protect Against Potential Cyberattacks

WH Smith

In the March WH Smith cyberattack, hackers managed to access and leak sensitive employee information from the retailer. No other data was accessed, however, as customer accounts were stored on a different system, WH Smith said at the time.

“WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” the company said in an alert issued to the London Stock Exchange. The accessed information included employee names, addresses, national insurance numbers and dates of birth.

It came less than a year after WH Smith was hit by another cyberattack, which forced the greeting card company Funky Pigeon, owned by the retailer, to go offline as a precaution. It had to contact all customers it had dealt with in the previous year to notify them, but no data breach or leak occurred.

ChatGPT

On 20 March, 1.2% of ChatGPT Plus subscribers were targeted during a nine-hour-long outage where their payment-related data was stolen.

Co-founder and CEO Sam Altman tweeted: “We had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating. A small percentage of users were able to see the titles of other users’ conversation history. We feel awful about this.”

An OpenAI spokesperson wrote: “In the hours before we took ChatGPT offline, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.”

Officials took the application offline after they found a bug in an open-source library, which is what ultimately allowed the users to see other users’ information.

February 2023

Recent Cyber Attacks, Data Breaches & Ransomware Attacks February 2023

NCSC-Certified Cyber Incident Planning and Response… Contact Cyber Management Alliance… Headquartered in London UK, Cyber Management Alliance Ltd. is a world leader in cybersecurity consultancy and training. We have enabled over 750 enterprise clients in 38 countries, including FIFA, NHS, Capita, BNP Paribas and Unilever, across all verticals to strengthen their cyber defences…. Cyber Management Alliance is also renowned globally as the creator of the UK’s NCSC-Certified training courses in Incident Response….

January 2023

Royal Mail

On 12 January 2023, Royal Mail announced it was the victim of what it described as a “cyber incident” at the hands of the Russian ransomware gang LockBit. The company said: “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.” While overseas shipping was halted, national postage had some minor delays too. Services resumed two months later, but at the end of February 2023, the criminals released data belonging to Royal Mail’s staff in order to pressure the company to pay its ransom.

This came after the gang had already given an ultimatum to Royal Mail, saying that it would be “the last chance to prevent leaks of [Royal Mail] information. We are ready to make a discount, remove the stolen information and provide a decryptor for $40m,” LockBit wrote. “There will be no more delays, after the timer expires all the data will be released.”

LockBit leader is “really upset that [Royal Mail] didn’t pay” says Jon DiMaggio chief security strategist and ransomware researcher at Analyst1. “He wants them to pay,” DiMaggio said. “He feels that the organization has the money but spends it unwisely and that they should pay him instead. That was something that he said in one of the criminal forums.”