Top news stories this week
- Retail round up. Four arrested in connection with Scattered Spider attacks on UK retailers.
- Super-sized breach. McDonald's AI hiring platform suffers data breach due to weak password.
- In a flutter. Paddy Power and Betfair customer data breached in cyber incident.
- Who’s calling. US State Department warns of impersonation using AI tech on the rise.
- Systems down. Ransomware group SafePay attacks Ingram Micro.
- Show and tell. Swedish bodyguards’ workout data leaks Prime Minister’s movements.
1. Four people arrested in relation to M&S, Co-op and Harrods cyberattacks
UK authorities have arrested a 20 year old woman and three men aged 17 to 19 in connection with cyberattacks against retailers M&S, Co-op and Harrods. The suspects have been taken into custody for questioning. The cyberattacks caused major disruption, with M&S estimating approximately GBP 300 million in lost profits.
Separately, French authorities arrested the Russian professional basketball player Daniil Kasatkin for his role in acting as a negotiator for a ransomware gang.
So what?
Serious cyber disruption doesn’t just stem from sophisticated foreign actors, the threat landscape also includes homegrown young offenders capable of causing significant operational disruption. Read our Scattered Spider profile for further information.
[Researcher: Lawrence Copson]
2. McDonald's AI-hiring bot suffers data breach after hackers guess password 123456
Two security researchers were able to access sensitive data stored on McHire, McDonald’s AI-based hiring platform, by guessing that the password for the backend database was ‘123456’. After gaining access, researchers were reportedly able to exploit another vulnerability allowing them access 64 million records shared with an AI chatbot named ‘Olivia’, which included names, email addresses and phone numbers. The platform was built by a third party Paradox.ai.
So what?
It is essential to ensure that all internal and external facing systems and platforms are protected with strong passwords at a minimum and implement multi-factor authentication wherever possible.
[Researcher: James Tytler]
3. Paddy Power and Betfair confirm customer data breach
The betting giant Flutter, the parent company of betting brands Paddy Power and Betfair, has suffered a large data breach. The incident involved unauthorised access to a database containing records of up to 800,000 customers in the UK and Ireland. While no passwords or payment data was compromised, Flutter reportedly notified all impacted users.
So what?
Cybercriminals can use information taken from data leaks to attempt to conduct phishing attacks or identity theft.
[Researcher: Milda Petraityte]
4. AI deepfakes impersonate US government officials
The US State Department issued a warning to all embassies and consulates after an impostor posing as US Secretary of State Marco Rubio sent scam messages by text and voice mail to a US senator, a governor and at least three foreign ministers. Although these attempts were described as being “not very sophisticated”, the malicious use of AI and deepfake video technology is set to increase, with only one in four ordinary citizens able to accurately identify deepfakes videos, according to a recent survey in Singapore.
SO WHAT?
Users should use agreed upon verification procedures and continue to be prudent when interacting with unknown or unexpected parties.
[Researcher: Lester Lim]
5. IT giant Ingram Micro confirms service outage was due to ransomware attack
Ingram Micro, one of the world's IT largest distributors, has confirmed that a ransomware attack was behind a multi-day service outage which affected the company’s global operations over the 4 July public holiday in the US. The ransomware group SafePay claimed to have encrypted systems and accessed "sensitive and confidential information". Ingram Micro has begun restoring operations this week.
So What?
A comprehensive and well-rehearsed Business Continuity Plan is important to ensure effective and efficient recovery from cyber incidents and minimise disruption and down time.
[Researcher: Tlhalefo Dikolomela]
6. Swedish bodyguards’ workout data also leak Prime Minister’s movements
By uploading details of their running and cycling routes to fitness app Strava, secret service bodyguards for Swedish Prime Minister Ulf Kristersson reportedly exposed his location, routes and movements – including details of hotels and his private residences. The information leaked on Strava also showed Kristersson’s running routes and locations of overseas trips, including a private family holiday.
SO WHAT?
Cyber security awareness training must extend to use of social media and apps such as fitness trackers, with privacy settings reviewed to ensure these do not inadvertently expose sensitive data.
[Researcher: Nor Liana Kamaruzzaman]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
