24 March 2023

4 min read

Ferrari discovers data breach | Cyber Intelligence Briefing: 24 March

March 2023
Ferrari discovers data breach | Cyber Intelligence Briefing: 24 March placeholder thumbnail

 

Top news stories this week

  1. Stalled. Ferrari confirms IT systems were accessed in data breach.
  2. Under attack. LockBit targets cities in California, Michigan, and Ohio.
  3. Crackdown. Ukrainian police and American law enforcement arrest cyber criminals.
  4. Supplier slip-up. Latitude Financial and NBA suffer data breach from third-party suppliers.
  5. Double the ransomware. Ransomware incidents doubled in Europe’s transport sector in 2022.
 

 

1. Ferrari discovers data breach

Ferrari has confirmed a threat actor accessed its IT environment after receiving a ransom demand to not leak stolen data. Although the nature of the stolen data has not been confirmed, Ferrari has notified affected customers of the breach.

So what?

Implementing effective logging and monitoring solutions in your environment allows you to identify threats before they become incidents. 

 


 

2. US cities named on ransomware leak site

The LockBit ransomware group has threatened to release stolen data of three US city governments following a series of attacks targeting the American public sector. The criminal group has named the City of Oakland, City of Allen Park, and the Regional Government of Port Clinton on its dark web leak site. The targeted cities have not yet made any ransom payments.

 

So what?

Mitigating the threat of ransomware can be a challenge. Carrying out a ransomware readiness assessment is a great first step in understanding where your organisation is exposed, and how the risk of initial compromise can be reduced.

 

 

3. Ukrainian malware developer arrested; owner of leak site detained 

Ukraine’s cyber police have arrested the individual responsible for developing a remote access trojan malware that infected over 10,000 computers. The attacker promoted and disguised the malware as a gaming application. Once installed, the attacker could remotely control 600 computers at one time.

Separately, American law enforcement has arrested the alleged owner of major leak forum Pompompurin. The site’s administrators have stated it will continue to operate as normal, despite its owner's absence.

So what?

Whilst global law enforcement agencies are being proactive in their efforts to curb global cybercrime, organisations should remain focused on identifying their security weaknesses and the required security measures to reduce risk to a tolerable level.

 

 

 

4. Latitude Financial and NBA suffer data breaches

The Australian company Latitude Financial Services has confirmed a data breach affecting more than 300,000 of its customers. The threat actor stole a Latitude employee's login credentials from a third-party vendor and used them to steal customer documents from two other service providers.

Separately, the National Basketball Association (NBA) confirmed a data breach of a third-party newsletter service that held access to its customers' personal information.

So what?

Organisations should conduct regular vendor assessments to evaluate how their sensitive information is being stored and secured. Furthermore, appropriate security controls for third-party access must be implemented.

 

 

 

Cyber Security Insights Report

 

5. European transport sector ransomware incidents doubled in 2022

The European Union Agency for Cybersecurity (ENISA) Transport Threat Landscape report reveals that ransomware and data breaches were the most prevalent cyber threats affecting Europe's transportation sector in 2022. Ransomware incidents almost doubled, while data breaches and leaks dropped by over 50 percent. Data-related threats remained the second most common category, with attackers continuing to target credentials, personal information, and intellectual property.

So what?

While the ENISA report is focused on the transport sector, ransomware remains pervasive across multiple sectors. Backing up important data and storing them offline will greatly reduce the impact of a ransomware attack.

 

 

Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Authors

Miles Arkwright
Miles Arkwright
Associate, Cyber Advisory
Jon Seland
Jon Seland
Senior Analyst, Incident Response

Jon Seland is a cyber security senior analyst in S-RM’s incident response UK team. He has experience in a variety of ransomware and business email compromise incidents.

Jon holds a GCFE certification and a Master of Commerce in Occupational Psychology at Stellenbosch University.

Miles Arkwright
Miles Arkwright

Associate, Cyber Advisory

Jon Seland
Jon Seland

Senior Analyst, Incident Response

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.