Top news stories this week
- Trust-bust. Adidas and M&S breaches caused by third-party compromise.
- Sine of the times. MathWorks targeted in a cyberattack during exam season.
- Game over. Major law enforcement operations take down cybercriminal infrastructure.
- Mind the gap. DragonForce exploits SimpleHelp software vulnerabilities to breach MSP.
- Unveiled. Mediclinic appears on data leak site of ransomware group Everest.
- Six going on thirty. Hacker caught after six years, faces up to 30 years behind bars.
1. Adidas and M&S data breaches caused by third-party compromise
The sportswear giant Adidas has said customer data was stolen after a threat actor compromised a third-party customer service provider. Separately, UK-based retailer Marks & Spencer has confirmed that cybercriminals accessed its systems via a third party. Tata Consultancy Services is reportedly conducting an internal investigation to determine whether it was the gateway for the cyberattack on M&S.
So what?
Organisations should ensure that they carefully vet, monitor and constantly re-assess the security of their third-party service providers to protect their own businesses from cyber security incidents and data breaches.
[Researcher: Milda Petraityte]
2. MathWorks suffers ransomware attack during exam period
US-based education software provider MathWorks, the creator of MATLAB and Simulink, has confirmed it suffered a ransomware attack that disrupted its services and users worldwide. The incident occurred during a critical exam period, impacting students and professionals who rely on MathWorks’ tools for academic and engineering tasks.
So what?
This incident underscores the importance of a robust business continuity plan (BCP), as clear and pre-defined protocols are necessary to restore systems quickly, communicate transparently, and keep essential operations running.
[Researcher: Katarina Zotovic]
3. Law enforcement carry out Operation Endgame and Luma Stealer takedowns
Law enforcement agencies from various countries have taken down 300 servers worldwide, neutralised 650 domains, and issued arrest warrants for 20 key threat actors. First launched in May 2024, Operation Endgame is an ongoing effort that targets infrastructures assisting in providing initial or consolidating access for ransomware, aiming to disrupt the cyber kill chain at its source.
Separately, Microsoft collaborated with law enforcement agencies globally to disrupt the Luma Stealer malware, one of the most notorious information stealers.
So what?
Though threat actors often regroup, law enforcement agencies worldwide are significantly disrupting cybercriminal activities by targeting and dismantling key infrastructure, making it a crucial effort.
[Researcher: Aditya Ganjam Mahesh]
4. DragonForce exploits SimpleHelp software vulnerabilities to breach MSP.
The DragonForce ransomware group has exploited a chain of vulnerabilities in the remote monitoring and management (RMM) platform SimpleHelp to breach a managed service provider's (MSP) system. Ransomware groups are increasingly targeting MSPs due to their potential to breach their clients via a ‘supply chain’ attack.
SO WHAT?
Patch management is essential to reduce the risk of compromise. Ensure RMM tools are patched regularly and immediately after fixes are released.
[Researcher: Tlhalefo Dikolomela]
5. Healthcare provider Mediclinic appears on Everest data leak site
The Everest ransomware group has claimed an attack on South Africa-headquartered Mediclinic, threatening to leak 4GB of stolen documents and employee data unless a ransom is paid. Mediclinic operates hospitals globally and the incident has caused disruptions in multiple facilities, affecting patient platforms and internal communications.
So What?
While some ransomware groups prohibit targeting of healthcare providers, they are still targeted because of their low tolerance for downtime and the sensitive data they hold.
[Researcher: Lena Krummeich]
6. Hacker caught after six years, faces up to 30 years behind bars
The perpetrator responsible for a ransomware attack on the city of Baltimore in May 2019 pleaded guilty this week to multiple hacking charges. This hacker was also behind attacks on other municipalities in New York, Oregon and North Carolina. He could face up to 30 years in prison, with sentencing set for August.
SO WHAT?
Threat actors should be reminded that arrests can and will happen – even years later, with significant accompanying penalties.
[Researcher: Lester Lim]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
