3.9 min to readNews and UpdatesCloud ServicesDigital Workplace

Cyber security update, July

Ravi Bindra
Ravi BindraCISO
A man using a tablet in a server room.

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber Security Update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

The Land Registry agency in Greece experienced a limited data breach targeting its IT infrastructure involving the compromise of employee terminals and the theft of 1.2 GB of administrative documents.

The Superior Court of Los Angeles County closed 36 courthouse locations due to a ransomware attack, affecting both internal and external systems. The attack, unrelated to a Windows systems outage, led to the immediate disabling of all network systems to contain the breach.

In another data breach, a threat actor leaked personal information of over 442,000 Life360 customers by exploiting a flaw in the login API, exposing names, phone numbers, and email addresses. Life360 faced an extortion attempt after attackers breached a Tile customer support platform, leading to the theft of sensitive customer information, although no financial or login credentials were compromised.

The Walt Disney company experienced a data breach, with sensitive information from their internal communications on Slack being leaked by hacker group NullBulge. Cybersecurity experts speculate that the breach may have occurred due to security misconfigurations, weak passwords, or vulnerabilities in third-party integrations with Slack.

AT&T suffered a massive data breach where threat actors stole call and text records of nearly all its mobile customers; however, the stolen data does not include sensitive personal information such as names or Social Security numbers. The data theft was conducted through compromised credentials on AT&T's Snowflake account, which is part of a recent wave of attacks targeting Snowflake customers. This has led to mandatory multi-factor authentication enforcement to prevent future breaches.

Evolve Bank & Trust suffered a data breach affecting 7.6 million Americans after an employee clicked on a malicious link, leading to unauthorized access to their database. Evolve is providing credit monitoring and identity protection services to affected individuals and advises vigilance against unsolicited communications.

In another data breach, TeamViewer, a popular remote access software company, has reported a breach in its internal corporate IT environment. The cybersecurity firm NCC Group claims the breach was carried out by a Russian state-sponsored hacking group called Midnight Blizzard. Despite TeamViewer's assurance that its product environment and customer data are unaffected, concerns remain due to the widespread use of its software.

In another significant data breach, India's leading cryptocurrency exchange WazirX faced alleged transfer of about $234 million worth of digital assets to a different address, as crypto exchanges continue to face the regulatory heat. The cyber-attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents.

A cyberattack in the Ukrainian city of Lviv caused a two-day heating outage for over 600 apartment buildings, highlighting the vulnerability of critical infrastructure to malicious hackers. The FrostyGoop malware targeted industrial control systems, demonstrating a growing effort to disrupt essential services using sophisticated cyber tactics.

Cyber security awareness

Microsoft worked with CrowdStrike and other stakeholders to address a global software update issue impacting 8.5 million Windows devices. Collaboration with cloud providers like Google Cloud Platform and Amazon Web Services was undertaken to share awareness and inform ongoing conversations. The event highlights the interconnected nature of the tech ecosystem and the importance of safe deployment and disaster recovery mechanisms.

Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email integrity and security. The new capability aims to protect email domains from impersonation, ensure secure message delivery, and enhance email reputation through compliance with the latest security standards.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited critical vulnerability in GeoServer's GeoTools plugin, allowing remote code execution. The flaw, tracked as CVE-2024-36401, enables attackers to execute arbitrary code. The vulnerability affects approximately 16,462 GeoServer servers globally, making it crucial for both public and private organizations to prioritize patching to prevent potential compromises.

Cyber security intelligence

IBM has secured a five-year contract with USAID to enhance cybersecurity across the Europe and Eurasia region, with an initial funding of $26 million. The contract aims to strengthen USAID's Cybersecurity Protection and Response program, leveraging IBM's global experience and leadership in cybersecurity services to combat cyber threats.

IBM and Microsoft are strengthening their cybersecurity collaboration to simplify and modernize security operations for clients embracing hybrid cloud and AI. The collaboration will provide clients with advanced threat detection and response capabilities, leveraging IBM's TDR Cloud Native service and Microsoft's comprehensive security technology portfolio.

IDC reports that the 2024 Paris Olympic Games will drive a $94 million increase in cybersecurity services spending in France due to the high risk of cyber threats. This spending aims to protect the extensive network of systems connected to the Games. The cybersecurity efforts will also extend to critical infrastructure and businesses across France and Europe, with an additional $57 million expected in the rest of Europe.

Hot topic of the month:

On July 18, the cybersecurity firm CrowdStrike issued an update that inadvertently affected IT systems around the world. While this situation did not originate from Microsoft, it has influenced the broader Microsoft ecosystem. Microsoft shared the measures they’ve coordinated with CrowdStrike and other partners to address the issue and assist customers.

A blue and purple background with waves on it.

5 steps of a successful cyber security awareness program

Cyber-criminals aren’t only targeting vulnerabilities in your infrastructure – they’re targeting your employees too. Learn how awareness can stop them.

5 steps of a successful cyber security awareness program

Cyber-criminals aren’t only targeting vulnerabilities in your infrastructure – they’re targeting your employees too. Learn how awareness can stop them.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.