Top news stories this week
- Itsy bitsy busy. Threat group linked to retail attacks now targeting insurance industry.
- Data withdrawn. UBS and Scania targeted in third-party security breach.
- Repackaged. 16 billion exposed credentials published on dark web.
- Cloudy access, phishy data. Airways hit with phishing and disruption within a week.
- Dodgy trades. Scammers use AI-deepfake Instagram ads to impersonate bank officials.
- Aftermath. 23AndMe fined with GBP 2.3 million by ICO after data breach in 2023.
1. Threat group linked to retail attacks now targeting insurance industry
Scattered Spider, the threat actor group behind recent UK and US retail sector attacks (and causing a 'category 2 systemic event' according to the UK's Cyber Monitoring Centre) has reportedly shifted its attention to the insurance industry. This group, believed to mainly consist of native English-speaking young adults, has been observed gaining initial access to large organisations through sophisticated social engineering techniques then deploying ransomware.
Possibly coincidentally, many insurance companies have disclosed or reported ransomware attacks in recent days.
So what?
To protect against social engineering attacks, organisations should review helpdesk policies and consider insisting on in-person verification for requests to reset passwords and MFA at the same time.
[Researcher: Lester Lim]
2. UBS and Scania data compromised in separate third-party security breaches
A cyberattack targeting ChainIQ, a third-party supplier, resulted in a data breach impacting Swiss bank UBS. Although the bank claimed no client data was affected, threat actor group World Leaks (previously known as Hunters International) published data of around 130,000 UBS employees on the dark web, including the direct phone number of the UBS CEO.
Swedish manufacturer Scania also suffered a data breach as cyber criminals broke into the network of its third-party external IT partner and targeted insurance related documents.
So what?
Third-party risk management (TPRM) is crucial for organisations using external vendors. It focuses on identifying, assessing, and mitigating risks tied to these relationships.
[Researcher: Aditya Ganjam Mahesh]
3. 16 billion user passwords leaked online in aggregated infostealer datasets
Security researchers have identified a data leak containing 16 billion passwords for various online services including Apple, Facebook, GitHub, and Google. The leak is an amalgamation of 30 old and new datasets and may contain some duplication, and other researches have played down its significance. The source of the leak is likely from infostealer malware, which is a kind of malicious software that steals sensitive information like passwords from end users’ devices.
So what?
Individuals should avoid reusing passwords on multiple services, use multi-factor authentication wherever possible, and consider using a password manager to secure their accounts.
[Researcher: James Tytler]
4. Cyber incident causes system disruption for Canada’s second largest airline WestJet
WestJet, Canada’s second-largest airline, suffered a cyber incident disrupting IT systems and led to customers being unable to access the company’s website and mobile app. Whilst they have not labelled this as a cyber attack at this stage, the company engaged law enforcement and third party assistance in its response.
SO WHAT?
Organisations should employ tried and tested cyber incident response plans to mitigate disruptions in operations following cyber incidents.
[Researcher: Nor Liana Kamaruzzaman]
5. Scammers use AI-deepfake Instagram videos to impersonate bank officials
Criminals are using fake advertisement on Instagram to pose as Canadian banks, including Bank of Montreal, Royal Bank of Canada and EQ Bank, in phishing campaigns. The ads look convincing as they use their official branding and colour scheme. AI-powered deepfake videos are also used to impersonate senior executives in an attempts to trick people into joining private WhatsApp groups.
So What?
Users should be aware of the rise of scams and phishing attempts on social media using artificial intelligence. It is important to be critical of financial schemes which appear to be too good to be true.
[Researcher: Milda Petraityte]
6. Giant DNA testing firm is fined with GBP 2.3 million fine by ICO
23andMe is facing a GBP 2.3 million fine from the UK Information Commissioner's Office (ICO) due to a data breach impacting over 155,000 UK residents in 2023. 23andMe failed to implement adequate security measures, leading to the exposure of sensitive information, including personal details, family histories, and health conditions.
SO WHAT?
Implementing strict security measures for sensitive personal and medical data is critical. The financial and legal fallout from these significant data breaches can last for years.
[Researcher: Lena Krummeich]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
