Cyber security update, November

Organisations around the world are constantly impacted by cyber security attacks. Every month we round up the latest breaches and cyber security news to help you stay on top of malware and ransomware threats. Read and share our monthly Cyber security bulletin to learn how other organisations have been impacted, how they responded and why a proper security strategy is paramount.

Latest security breaches

No sector is immune from cyber criminals. This month we’re looking at examples from different sectors that have recently been impacted by data breaches and ransomware attacks.

Healthcare is a regular target for cyber criminals due to the sensitive data health organisations hold about patients. Welltok, a healthcare SaaS provider, experienced a significant data breach that compromised the personal information of nearly 8.5 million patients in the U.S., while Truepill, a B2B pharmacy platform, suffered a data breach affecting over 2.3 million individuals, exposing sensitive personal information such as full names, medication types, and demographic details.

The public sector is another key target, impacting both citizens and public sector employees as these recent examples show. A cyber attack shut down the Washington State Department of Transportation’s website causing disruptions in accessing real-time travel information. Current and former employees of the Canadian government including Canadian Armed Forces members, and Royal Canadian Mounted Police personnel, had their sensitive information exposed due to a data leak. The British Library, sponsored by the British Department of culture, media and sport, and one of the largest libraries in the world, was the victim of a ransomware attack that resulted in the exposure of internal human resources data. The ransomware group has claimed responsibility, setting a starting price of 20 bitcoins (approximately $750K) as a ransom with seven days deadline.

Two organisations in the travel sector recently experienced data breaches, putting customers data at risk. Marina Bay Sands luxury resort in Singapore suffered a significant data breach, impacting 665,000 customers' loyalty program data. The resort has launched an investigation, strengthened its systems, and reported the incident to relevant authorities, but it is unclear if it was a ransomware attack. Taj Hotels group also suffered a massive data breach, potentially exposing personal information of around 1.5 million people.

Retailers aren’t exempt from attack. AutoZone, a leading automotive parts retailer, suffered a data breach as part of the Clop MOVEit file transfer attacks, compromising the data of nearly 185,000 individuals. Samsung disclosed a data breach that occurred on its UK online store. The breach was discovered in November 2023 and impacted customers' contact information. This is the third cyber security incident impacting Samsung in two years, raising concerns about the company's ability to protect customer information and fulfil its security promises.

Manufacturers are also affected. Kyocera AVX Components Corporation experienced a data breach, exposing personal information of over 39,000 individuals, following a ransomware attack. The breach involved the encryption of systems and resulted in the theft of personal data, including full names and social security numbers. Meanwhile, aerospace manufacturer Boeing is dealing with a cyber incident that targeted its parts and distribution business. This comes after the Russia-linked LockBit ransomware group claimed responsibility for a cyberattack on Boeing and threatened to publish sensitive data if a ransom demand was not met. Yamaha Motor Philippines also suffered a ransomware attack, resulting in the unauthorised access and leakage of employees' personal information.

Cyber security intelligence

Cyber actors linked to the Democratic People’s Republic of Korea (DPRK) are increasingly targeting software supply chain products to attack organisations around the world, the UK and the Republic of Korea have warned. The new joint advisory warns of actors from DPRK leveraging zero-day vulnerabilities and exploits in third-party software to gain access to specific targets or indiscriminate organisations via their supply chains.

Microsoft released multiple security patches as part of its Patch Tuesday, in which three zero-day vulnerabilities were also patched. One of the zero-day vulnerabilities was CVE-2023-36025, which affected the Windows SmartScreen function. This vulnerability was given a severity rating of 8.8 (High) and was actively exploited by threat actors in the wild.

Hot topic of the month:

GenAI and cyber security

It’s been a year since ChatGPT was publicly released. But how has the explosion of GenAI impacted cyber security? According to a new report out from the UK government - Safety and Security Risks of Generative Artificial Intelligence to 2025 - the risk is significant. Overall, the report says that generative AI is more likely to exacerbate existing risks rather than create completely new threats in the coming years. However, cyber attacks, fraud, scams, and impersonation are all expected to grow as GenAI makes it easier for less sophisticated cyber criminals to conduct previously unattainable attacks. Synthetic media will erode trust in government, which will impact political systems and societies. Even physical systems will be under threat as GenAI is increasingly embedded.

This is an area to watch and prepare for, particularly as organisations create their own GenAI strategies.