Top news stories this week
- Turning it up to 11. Threat actors observed raising the intensity of extortion tactics.
- In detention. Teenagers arrested following cyberattacks on London nursery chain.
- Trust among criminals. RedHat continues to suffer extortion demands as new criminal partnerships evolve.
- Underestimated, overexposed. SonicWall confirms all MySonicWall customers exposed.
- Unreadable. Avnet assures its data breach left stolen data unreadable.
- All bets are off! DraftKings user accounts compromised.
1. Threat actors observed raising the intensity of extortion tactics
Scattered Lapsus$ Hunters – an alliance of Scattered Spider, Lapsus$ and ShinyHunters – has issued a ransom payment deadline of today, 10 October, to 39 companies from which it claims to have stolen over 1 billion customer records. The group, understood to be behind the high-profile attacks on Marks & Spencer and Jaguar Land Rover, made the threat to companies which include Disney, FedEx, Toyota and McDonalds.
Separately, the same group is offering US$10 in Bitcoin to anyone willing to harass senior executives at organisations they claim to have breached into paying ransoms.
So what?
Companies should increase their vigilance around known tactics employed by these threat actors and safeguard their staff and systems against social engineering tactics, and ensure incident response plans are updated and practiced.
[Researcher: Lester Lim]
2. Two teenagers arrested following nursery cyberattacks whilst UK education under threat
Two teenagers have been arrested in connection with the recent spur of cyberattacks targeting a chain of London-based nurseries. The hackers attempted to extort their victims following their claims to have stolen addresses and images of approximately 8,000 children.
Concurrently, a recent report has shown the UK education sector is more likely to fall victim to cyberattacks than private businesses, with 6 out of 10 secondary schools having suffered an attack or breach over the past 12 months.
So what?
Cyberattacks targeting minors carry unique ethical, legal and reputational consequences, and emphasises that institutions caring for children must treat cyber security as a core duty.
[Researcher: Tlhalefo Dikolomela ]
3. RedHat continues to suffer extortion demands as new criminal partnerships evolve
The data breach of enterprise software giant Red Hat, which was previously compromised by criminal gang Crimson Collective, has attracted the attention of cyber criminals ShinyHunters. ShinyHunters allowed Crimson Collective to use its leak site to persist with (unsuccessful) attempts to extort RedHat.
Separately, the ransomware operators LockBit, Qilin, and DragonForce announced a ‘strategic’ partnership, likely in attempts to consolidate malicious activity, and share their techniques, resources and infrastructure.
So what?
Collaboration between threat actor groups complicates the attribution of the criminal activities and undermines confidence in sanction-related information about these threat actor groups.
[Researcher: Milda Petraityte ]
4. SonicWall reverses earlier compromise estimate and confirms all MySonicWall backups affected
SonicWall initially claimed fewer than 5% of cloud backup customers were affected by a recent breach, but later admitted that all customers using its MySonicWall cloud backup feature had had their firewall configuration files accessed. These backups contain firewall settings, policies and network configurations, prompting SonicWall to urgently conduct remediation.
SO WHAT?
Misestimating the extent of a breach can undermine customer trust, businesses should engage thorough investigation before committing to public statements.
[Researcher: Lawrence Copson]
5. Data breach at global electronic distributor Avnet
The global electronic components distributor Avnet confirmed a data breach involving unauthorised access to a database in the EMEA region. A threat actor claiming responsibility has declared the theft of approximately 1.3TB of compressed data related to Avnet's operations. However, Avnet have stated the stolen data is unreadable without their proprietary tools.
So What?
While propriety access control tooling can be effective in mitigating breach risks, organisations should implement monitoring plans to quickly respond to any unauthorised access.
[Researcher: Lena Krummeich]
6. DraftKings user accounts compromised
Customers of major US sports betting company DraftKings have had their accounts breached in a ‘credential stuffing attack’, where previously compromised passwords are reused from other accounts. DraftKings has advised its users to change their passwords and monitor their accounts for irregular activity.
SO WHAT?
Companies should implement robust access control mechanisms on both staff and customer accounts, most importantly the use of multi-factor authentication to mitigate password-based attacks.
[Researcher: Jack Woods]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
