6 min to readNews and UpdatesCloud ServicesDigital Workplace

Cyber security update, August

Ravi Bindra
Ravi BindraCISO
An image of a blue and green hallway with neon lights.

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organisations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber Security Update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

AUGUST

Toyota suffered a data breach, resulting in the theft of 240GB of sensitive data, including information on employees, customers, contracts, and financial details. This incident follows previous data breaches at Toyota, including a ransomware attack and cloud misconfigurations. The company has implemented measures to prevent similar leaks in the future.

Halliburton, one of the world's largest providers of services to the energy industry, has faced a cyberattack that forced it to shut down some of its systems. The company has activated its cybersecurity response plan, notified law enforcement agencies, and is working on restoring affected devices. This incident raises concerns about the vulnerability of critical energy infrastructure to cyber threats.

FlightAware, a leading flight tracking platform, experienced a data security incident due to a configuration error, potentially exposing users' personal information. The exposed data may include user IDs, passwords, email addresses, and additional personal details, prompting the company to require password resets for affected users.

AutoCanada has reported a cybersecurity incident that affected its internal IT systems. The company has taken immediate action to address the incident, including engaging cybersecurity experts for containment and investigation. The full impact, including any data access, is still being determined, and business operations might face disruptions until systems are fully restored.

The Security Service of Ukraine has reported that attackers, posing as the SSU, used malicious emails to infect over 100 government computers with AnonVNC malware. The emails contained a fake document list and linked to a malicious archive. Multiple cyberattacks targeting Ukraine's critical infrastructure, including heating systems and energy providers, have been linked to Russian threat groups like Sandworm and used malware such as FrostyGoop and Industroyer2.

Evolution Mining, a major gold producer in Australia and Canada, experienced a ransomware attack. The company has enlisted cybersecurity experts to address the issue, and they have contained the attack. Despite the disruption, Evolution Mining expects no significant impact on its operations. The incident has been reported to the Australian Cyber Security Centre, and no ransomware groups have claimed responsibility.

Chinese hacker groups APT31 and APT27 are behind the EastWind cyberattacks targeting Russian government organisations and IT companies. The EastWind campaign employs updated versions of the CloudSorcerer backdoor and introduces a new backdoor named PlugY, making detection challenging.

Another data breach for CSC ServiceWorks exposed the personal information of over 35,000 individuals, including sensitive data such as financial and health information. The company took measures to secure its systems, notified law enforcement, and offered free credit monitoring and identity theft protection to the affected individuals.

In another data breach, American building security giant ADT has experienced a cybersecurity incident after threat actors leaked allegedly stolen customer data on a popular hacking forum. The ADT data breach has raised concerns about the security of customer information, although the company has reassured its users that the impact on its core services and sensitive data is minimal.

The Ronin Network's bridge was exploited by white hat hackers, leading to the withdrawal of $12 million in ETH and USDC, but a critical security measure prevented even greater theft. The exploit was caused by a recent update to the bridge's governance process, allowing unauthorised actors to bypass the required vote threshold of bridge operators, prompting the pause of the bridge for 40 minutes.

The ruling party of South Korea, People Power Party, claims that North Korean hackers have stolen crucial information about the country's main battle tank, K2, and spy planes Baekdu and Geumgang.

In another significant security breach, National Public Data's exposed millions of individuals' sensitive personal information, including social security numbers and contact details. The leaked database, potentially sourced from public records, has led to a class action lawsuit against the operator of the service, Jerico Pictures.

McLaren Health Care hospitals experienced a ransomware attack, leading to disruption of IT and phone systems, potentially compromising patient information. The ransomware operation, INC Ransom, has targeted a wide range of organisations, including healthcare, government, and industrial entities.

A critical security flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to gain administrator privileges, posing a severe risk to over five million active installations. The vulnerability, tracked as CVE-2024-28000, stems from a weak security hash and allows attackers to spoof their user ID, creating a potential avenue for privilege escalation and site takeover.

The Grand Palais Réunionha des musées nationaux in France experienced a ransomware cyberattack, causing operational disruptions at the museum and its bookstores, but the Olympic events proceeded without issues. The cyberattack may have originated from the hijacked account of a collaborator, with the threat actors demanding a ransom in cryptocurrency, but no ransomware group has claimed responsibility for the attack.

In another data breach, Mobile Guardian, a digital classroom management platform, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. The breach impacted North American, European, and Singaporean instances of the platform, leading to restricted access for students and suspension of the service.

Cyber security awareness

Microsoft will host cybersecurity summit to address issues of global IT outage caused by a faulty update from CrowdStrike. The outage affected nearly 8.5 million Windows devices and disrupted operations across industries. The summit will include government representatives and focus on creating a more resilient cybersecurity ecosystem.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a guide called Secure by Demand, which helps organisations buying software understand the cybersecurity approach of software manufacturers. The guide provides questions to ask when buying software, ways to integrate product security into procurement, and resources to assess product security maturity.

CISA recommends disabling the legacy Cisco Smart Install (SMI) feature to prevent ongoing attacks leveraging the protocol. Admins should implement better password protection measures for Cisco network devices to prevent exploitation of weak password types. Threat actors targeted Cisco switches by exploiting the SMI protocol, leading to unauthorised access, data exfiltration, and system configuration file tampering.

The Cybersecurity and Infrastructure Security Agency (CISA) has released a "Software Acquisition Guide for Government Enterprise Consumers" to help stakeholders navigate software assurance requirements in the cyber-supply chain risk management lifecycle. The guide aims to address vulnerabilities and weaknesses in software supply chains, providing federal guidance and a list of questions to mitigate risk exposure from third-party software.

Cyber security intelligence

IBM Consulting has introduced generative AI capabilities through its Cybersecurity Assistant to accelerate alert investigation and response for clients, reducing manual tasks and empowering security analysts. The new capabilities include historical correlation analysis to speed up threat investigations and a conversational AI engine to streamline operational tasks, improving overall security posture for clients.

Google Cloud has introduced new security capabilities including threat hunting services and enhanced application protection features. Mandiant has released its latest Cyber Snapshot Report covering various security strategies and measures. Google Cloud has expanded its security controls and capabilities for identity and access management, data security, and network security, with a focus on compliance for regulated cloud customers.

Hot topic of the month: Human element remains biggest threat

At the heart of digital sovereignty lies the fundamental need for robust data control and security, making it the logical starting point for our exploration of AWS solutions. SoftwareOne takes a deeper dive into which SoftwareOne and AWS services and frameworks can help your organisation’s digital sovereignty requirements today. Read our recent blog, “Digital sovereignty: How AWS and SoftwareOne can help” to learn more.

A blue ocean with sunlight shining through the water.

What is digital sovereignty and why does it matter to your business?

We help businesses of all sizes to protect their data and systems from cyber-attacks. Whether you need help developing a cyber security strategy, implementing security solutions, or monitoring your security posture, we can help.

What is digital sovereignty and why does it matter to your business?

We help businesses of all sizes to protect their data and systems from cyber-attacks. Whether you need help developing a cyber security strategy, implementing security solutions, or monitoring your security posture, we can help.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.