Top news stories this week
- Top gear. Damages to UK economy following Jaguar Land Rover attack reported.
- Weakest link. Muji and the Ministry of Defence affected by supply chain attacks.
- Patch or pay. WatchGuard devices remain vulnerable and CISA confirm exploit of Oracle flaw.
- No service. Europol disrupts cybercrime as a service platform and SpaceX disables Starlink devices linked to scams.
- Not a game. Hacking group Crimson Collective claim Nintendo breach.
- Privacy fallout. Guernsey medical provider MSG fined GBP 100,000 for data breach.
1. Damages to UK economy following JLR attack reported.
Following the widely reported cyber attack on Jaguar Land Rover , Cyber Monitoring Centre (CMC) assessed the damage to the British economy to have reached GBP 1.9 billion. CMC analysts have also classified this attack as a ‘Category 3’ event, impacting over 5,000 UK organisations, with other experts assessing the true financial damage even beyond that.
So what?
The interconnectedness of IT/OT systems, suppliers, and economies is a risk that threat actors actively exploit. Identifying these dependencies and applying targeted security measures is essential for limiting the impact of an attack.
[Researcher: Jenny Eysert]
2. The Ministry of Defence and retailer Muji affected by supply chain attacks.
The maintenance and construction contractor to the UK's Ministry of Defence, The Dodd Group, has suffered a ransomware incident and data breach. The cyber criminals managed to access and leak documents containing sensitive information about military assets in the UK, which were later posted on the dark web.
Separately, Muji has experienced disruptions to its online retail operations in Japan following a ransomware attack on their logistics and e-commerce supplier, Askul. No ransomware gang has claimed responsibility for the attack, and Muji is still investigating the extent of the incident.
So what?
Organisations should ensure that they build resilience within their supply chain and have processes and strategies in place to swiftly respond to supply chain incidents.
[Researcher: Milda Petraityte]
3. WatchGuard and Oracle critical vulnerabilities reported
Over 75,000 WatchGuard devices have been reported as vulnerable to a critical remote code execution flaw. Separately, CISA has confirmed hackers have been actively exploiting a flaw in Oracle E-Business Suite to enable access to internal systems and data.
So what?
Critical vulnerabilities remain exploitable long after disclosures if not patched immediately. Businesses should seek external specialist support upon seeing signs of compromise.
[Researcher: Lawrence Copson]
4. Europol dismantles SIM farm and SpaceX disables 2,500 devices linked to Myanmar scam compounds.
Europol announced the takedown of a SIM farm that operated as a cybercrime-as-a-service platform. The operation SIMCARTEL included the arrest of seven suspects, confiscation of 1,200 SIM box devices with 40,000 SIM cards, and over USD 800,000 frozen.
Separately, SpaceX disabled over 2,000 Starlink Kits that are suspected to be used by Myanmar scam centres.
SO WHAT?
Whilst this is a positive step from authorities and organisations to crackdown on illicit cyber activities, threat actors are adept at reacting swiftly to set up new infrastructure.
[Researcher: Jon Seland]
5. Hacking group Crimson Collective claim Nintendo breach
The emerging threat actor group Crimson Collective has claimed responsibility for compromising Nintendo’s web servers. Nintendo confirmed the breach but clarified that no internal business or development data, nor any customer personal or payment data was stolen.
So What?
Regular infrastructure penetration testing should be undertaken to identify vulnerabilities and misconfigurations before they can be exploited by threat actors.
[Researcher: Jack Woods]
6. Medical Specialist Group (MSG) fined GBP 100,000 after patient data stolen in cyber attack
Guernsey’s Office of the Data Protection Authority (ODPA) inquiry found MSG failed to install key security updates, maintained weak threat detection, and delayed its investigation following their August 2021 breach. Consequently, phishing attacks targeted thousands of compromised emails affecting patients. Authorities have now fined MSG GBP 100,000, with an additional GBP 25,000 suspended, contingent on the completion of an action plan.
SO WHAT?
Given the highly sensitive nature of healthcare data, this case serves as a reminder to organisations handling such information that slow responses to cyber incidents can lead to severe financial, legal and reputation consequences.
[Researcher: Ayomikun Olayinka]
