Top news stories this week
- Caught in a web. Two men linked to Scattered Spider plead guilty over TfL cyberattack
- Chain reactions. Cyberattacks ripple across Indian manufacturing sector hitting Tata and Bajaj
- Seized and scrambled. Takedowns by European and US authorities disrupt cybercrime operations
- Token takeover. LastPass among firms affected by Klue OAuth token theft
- No KDDIng. Japanese telecom provider reports major data breach affecting over 14 million accounts
- DBacle. Software update error causes major disruption on Deutsche Bahn rail network
1. Two men linked to Scattered Spider plead guilty over 2024 TfL cyberattack
Two men linked to the criminal group Scattered Spider pleaded guilty to carrying out a major cyberattack on Transport for London (TfL) in 2024, causing three months of disruption, affecting 10 million customers, and costing the operator GBP 39 million. One of the men also admitted to attempting hacks on US healthcare companies.
So what?
Detecting, investigating and prosecuting for such cybercrimes is complex and can take a long time, however law enforcement is able to trace malicious activities and hold the perpetrators accountable.
[Researcher: Milda Petraityte]
2. Indian manufacturing firms Tata and Bajaj hit by cyberattacks
Tata Electronics confirmed a cybersecurity breach after threat actor World Leaks allegedly posted confidential design documents, including those belonging to Apple and Tesla's next generation products on the dark web. In the same week, the Indian automaker Bajaj Auto also reported it had been hit by a ransomware attack.
So what?
Suppliers and manufacturing companies should ensure that confidential files of their clients are stored securely, using technological controls to ensure that no data leaves the organisation.
[Researcher: Harish Raghavan]
3. Takedowns by European and US authorities disrupt large-scale cybercrime operations
In the past week, a coordinated global crackdown targeted the infrastructure underpinning cybercrime operations. Europol-led action dismantled major malware “as-a-service” networks distributing SocGholish, Amadey and StealC malware, seizing servers and domains and recovering stolen credentials. Separately, US authorities seized cloud infrastructure linked to Southeast Asia-based scam networks, targeting a Cambodian-linked conglomerate accused of enabling fraud and money laundering.
So what?
These takedowns reflect a shift toward disrupting the full cybercrime ecosystem, from initial access malware through to large-scale scam operations. These takedowns are meant to disrupt the activities of cyber criminals as they continue to rapidly rebuild and adapt.
[Researcher: Jenny Eysert]
4. LastPass among firms affected by Klue OAuth token theft
LastPass disclosed a customer data exposure following a supply chain attack involving Klue, a market intelligence platform integrated with Salesforce and Gong. The compromised tokens were used to access CRM data at multiple affected organisations, including Recorded Future, Tanium and Huntress.
SO WHAT?
The breach highlights how the compromise of a single SaaS provider can cascade into widespread downstream exposure through trusted integrations, reinforcing supply chain risk as a key enterprise attack vector.
[Researcher: Jenny Eysert]
5. Japanese telecom provider reports major data breach affecting over 14 million accounts
Several internet service providers in Japan may have been affected by a cybersecurity incident disclosed by Japanese telecommunications company KDDI, which provides email systems to internet service providers. Threat actors exploited vulnerabilities in third-party software integrated into the email system, thereby accessing over 14 million email credentials associated with user mailboxes.
So What?
Companies affected by similar third party breaches should be on high alert for subsequent phishing attempts using stolen credentials.
[Researcher: Lester Lim]
6. Software update error causes major disruption on Deutsche Bahn rail network
An update to Deutsche Bahn’s communications system caused the abrupt shutdown of the national rail services across Germany leaving customers stranded. The disruption was confirmed to have resulted from a scheduled attempt to replace an ageing component in the railway’s internal communication network, which is an essential system required for trains to operate.
SO WHAT?
While timely patching is essential to mitigate vulnerabilities, organisations should apply appropriate measures to reduce the risk of downtime and disruptions when updating systems.
[Researcher: Ava Pearson]
