Top news stories this week
- The Akira wave. Significant rise in Akira attacks exploiting SonicWall SSL VPN.
- State of denial. Insurer in Canada rejects claim due to MFA implementation failure.
- Party time. Google, Pandora, KLM, and Air France confirm third party breaches.
- Whack-a-mole. BlackSuit ransomware infrastructure seized by law enforcement.
- Rolling the dice. Casino de Monte-Carlo hit by ransomware attack.
- Inference interference. NVIDIA patches critical Triton Inference server vulnerabilities.
1. Significant increase in Akira attacks leveraging SonicWall SSL VPN exploits
Since the end of July, S-RM has identified a significant increase in Akira ransomware cases that exploit a flaw in the SonicWall SSL VPN Gen 7. Initially suspected to be a zero-day vulnerability, SonicWall has clarified that these recent attacks are associated with a previously disclosed vulnerability, CVE-2024-40766.
So what?
Organisations using SonicWall SSL VPN should follow the advisory and immediately patch their software and reset passwords.
[Researcher: Aditya Ganjam Mahesh]
2. Canadian insurer denies claim due to MFA implementation failure
Taxpayers of the Canadian city of Hamilton, Ontario, are responsible for covering the entire costs of an CAD 18.3 million (GBP 10 million) ransomware attack after the city’s insurance provider denied its claim. The insurer refused to reimburse CAD 5 million (GBP 2.7 million) of the costs on the grounds that multi-factor authentication had not been fully implemented at the time of the attack.
So what?
It is crucial to maintain compliance with the terms of your insurance cover for it to be effective. Appropriately deployed MFA is a control required by almost all cyber insurance policies.
[Researcher: Lester Lim]
3. Google, Pandora, KLM, and Air France latest to confirm third party data breaches
Google, Pandora, KLM, and Air France have all confirmed data breaches resulting from a series of attacks on third party customer databases. At present, only Google has confirmed Salesforce as the source of its breach. The cyber criminal group ShinyHunter is suspected to be responsible for these attacks.
So what?
Organisations should routinely perform comprehensive assessments and maintain continuous monitoring of their third party relationships and security practices.
[Researcher: Lena Krummeich]
4. BlackSuit infrastructure seized by law enforcement
The servers and infrastructure of ransomware operation BlackSuit have been seized as part of the joint international law enforcement effort, Operation Checkmate. Despite this, some members of the gang, which was previously known as Royal before rebranding as BlackSuit in 2024, may have moved to Chaos ransomware.
SO WHAT?
While law enforcement takedowns can disrupt criminal gangs and their operations, there is still the risk that ransomware operators and their affiliates may migrate to other cyber criminal groups.
[Researcher: Milda Petraityte]
5. Casino de Monte-Carlo hit by ransomware attack
The cyber criminal group D4RK4RMY has claimed responsibility for a cyberattack on Monte-Carlo Societe des Baines de Mer, the operator of Casino de Monte-Carlo. The group alleges it accessed and stole a significant amount of sensitive customer and corporate data.
So What?
The hospitality sector should implement strong proactive cyber security measures, particularly given that customer data presents an attractive and lucrative target for cyber criminals.
[Researcher: Clay Palmer]
6. NVIDIA patches Critical Triton Inference server vulnerabilities
NVIDIA has released patches for vulnerabilities impacting its Triton Inference Server for Windows and Linux. The vulnerabilities, when chained together, may allow an attacker to take control of the servers, and steal valuable AI models and sensitive data.
SO WHAT?
The adoption of AI tools exposes organisations to new risks that require tailored security strategies to mitigate.
[Researcher: Jack Woods]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
