Top news stories this week
- C’est une blague? Louvre security camera password was... “Louvre”.
- Bad days for Nikkei and Hyundai. Asian corporate giants experience data breaches.
- Pennetrated. University of Pennsylvania confirms extent of cyberattack.
- Dubious data. Apache OpenOffice negates alleged data compromise by Akira ransom group.
- Ticking financial bomb. Data breach costs compound for SK Telecom, Genea Pty and PSNI after cyber incidents.
- Bank trojan fallout. Ukrainian cyber criminal behind banking trojan extradited to US.
1. Louvre security camera password was... “Louvre”.
Investigations following the heist of crown jewels from the Louvre in Paris uncovered weaknesses in the museum’s security measures. France’s national cybersecurity agency conducted an audit in 2014 that revealed the password to the security camera system was simply “Louvre”. Staff confirmed that as of the time of the theft, some 11 years later, the password remained unchanged.
So what?
Whether systemic failure, oversight or bad practice, the consequences of this high-profile crime demonstrate the necessity of cybersecurity controls, including good password practices.
[Researcher: Lester Lim]
2. Asian corporate giants experience data breaches
On Tuesday, major Japanese corporation Nikkei announced a security breach resulting in exposed personal information for over 17,000 employees and partners. Initially announced in September, the breach occurred when attackers stole authentication credentials after infecting an employee device with malware. Nikkei has said that the stolen information does not fall under Japan's Personal Information Protection Law, which would require reporting.
Similarly, Hyundai AutoEver America is notifying individuals that their personal information was compromised during a breach that occurred in February. The affiliate of Hyundai Motor Group provides IT services and consulting to Hyundai and Kia including in-vehicle technology and corporate ERP.
So what?
Large organisations are not immune from being targeted by threat actors. Using unique passwords, rotating them frequently, and ensuring MFA is enabled are a few steps to help protect individuals from further compromise stemming from personal data breaches.
[Researcher: Steve Ross]
3. University of Pennsylvania confirms extent of cyberattack
The University of Pennsylvania has confirmed they were successfully breached after initially characterising a cyber incident as a “fraudulent email” campaign. Alumni and students received emails from Penn.edu addresses claiming the university had been hacked and data stolen, which the University as "obviously fake".
So what?
It is important for organisations to engage third party support to help manage communication strategy and avoid reputational damage when responding to cyber incidents.
[Researcher: Tlhalefo Dikolomela]
4. Apache OpenOffice negates alleged data compromise by Akira ransom group.
The Akira ransomware group claimed last week to have stolen 23GB of employee and financial data from the Apache Software Foundation. However, Apache Software addressed the allegations, explaining that, following internal investigations, they found no evidence that such data was stolen or even exists within their organisation.
SO WHAT?
In the event of a cyber incident, it is important that organisations remain calm and validate the claims made by threat actors, logically and technically, before publishing a response.
[Researcher: Jenny Eysert]
5. Data breach costs compound for SK Telecom, Genea Pty and PSNI after cyber incidents
South Korea's largest telecom provider SK Telecom announced 90% drop in profit for the third quarter due to losses that it experienced as a consequence of a data breach earlier this year. Additionally, the company faces the compensation charges of USD208 per person for the data breach to its 23 million subscribers.
Separately, compensations are also sought after by hundreds of customers of Australian fertility services provider Genea Pty Ltd for having their data posted on the dark web by cyber criminals earlier this year, and the staff of The Police Service of Northern Ireland (PSNI), when the personal details of the entire workforce were published in error in 2023.
So What?
The cost of a cyber incident is not limited to the price of system restoration, as it could compound to losses in profitability, user compensations or fines. Organisations should invest in cybersecurity resilience to reduce the cost of cyber incidents.
[Researcher: Milda Petraityte]
6. Ukrainian Extradited to US faces charges
A Ukrainian national, Yuriy Rybstov (aka “MrICQ”), has been extradited to the US for his involvement in the Jabber Zeus banking operation. The scheme not only targeted small to medium-sized businesses, but also used stolen information and social engineering to make fraudulent transfers to US bank accounts controlled by money mules.
SO WHAT?
Long running cyber crime operations are not immune from international law enforcement, however financial institutions should treat banking trojans and credential theft as systemic threats.
[Researcher: Ayomikun Olayinka]
