Top news stories this week
- Couture compromised. Prominent retailers Victoria’s Secret, The North Face, Cartier, and Tiffany & Co. suffer cyberattacks.
- What’s in a name? Tech giants agree to collaborate on threat actor taxonomies.
- Aussie rules. Australia forces disclosure of ransomware payments.
- Unexpected delivery. Indian grocery delivery startup KiranaPro left inoperable after cyberattack.
- Blocked. Operation Endgame takes down counter antivirus service AVCheck.
- Public pockets picked. 100,000 HMRC accounts hit and GBP 47 million stolen.
1. More retail giants targeted in wave of separate cyberattacks
Victoria’s Secret, The North Face, Cartier and Tiffany & Co. have all suffered cyberattacks in separate incidents resulting in data breaches and service disruptions. The North Face confirmed attackers leveraged credential stuffing – a technique where stolen login details from previous breaches are reused – to access customer accounts. Meanwhile, Victoria’s Secret has delayed releasing their Q1 earnings report as systems required to deliver this are impacted and remain unavailable. Cartier and Tiffany & Co. each confirmed they have contained the threats and hardened their environments, with limited impact on sensitive customer data.
So what?
Recent high-profile incidents highlight the need for retailer organisations to prioritise securing customer data, refining cyber security measures, and increasing consumer awareness.
[Researcher: Katarina Zotovic]
2. Tech giants team up on threat actor taxonomies
Microsoft and Crowdstrike announced this week an initiative to collaborate on mapping threat actor names and corresponding aliases to better align the cyber security industry. Along with Google subsidiary Mandiant and Palo Alto Networks Unit 42, this new framework will include common actors and their corresponding aliases, instead of forcing single naming conventions, facilitating improved collaboration, information sharing, and enhanced maturity across the industry.
So what?
Nation-state threat actor groups thrive on chaos and confusion during cyber incidents. This initiative will give security professionals a valuable resource in understanding their adversaries.
[Researcher: Stephen Ross]
3. Australia forces disclosure of ransomware payments
A new law in Australia will require the top 6.5% of registered businesses in the country to disclose within 72 hours the amount paid to cybercriminals following a data breach. Affected companies must report ransomware incidents to the Australian Signals Directorate, with failure to do so incurring fines under the country’s civil penalty system. Although several governments have proposed similar regulations, Australia is the first country to formally enact this into law.
So what?
Experts are divided on this development – while the government may gain insights into attacker profiles, the new law may not reduce the frequency of attacks – and also have the effect of publicly shaming breached organisations.
[Researcher: Lester Lim]
4. Indian startup KiranaPro left inoperable after cyberattack
Hackers attacked Indian grocery delivery startup, KiranaPro, deleting its sensitive customer data and application source code, rendering the app completely inoperable. The criminals reportedly accessed the root accounts of the startup's AWS cloud storage and GitHub by using a former employee's account.
SO WHAT?
Organisations must implement comprehensive employee offboarding procedures by disabling the accounts of departing employees and rotating any shared passwords.
[Researcher: Aditya Ganjam Mahesh]
5. Operation Endgame targets antivirus bypass website AVCheck
The U.S. Department of Justice and authorities in the Netherlands and Finland seized four domains as part of Operation Endgame, a global initiative launched in 2024 to combat and dismantle cybercrime networks. The domains, which now display official seizure notices, were used to help criminal developers improve malicious code. One seized domain, AVCheck, assisted malware developers in bypassing commercial antivirus detection.
So What?
Takedowns can heavily disrupt cybercriminal networks in the short term, by forcing threat actors to set up alternative services which is time consuming.
[Researcher: Lena Krummeich]
6. 100,000 HMRC accounts hit and GBP 47 million stolen
HRMC - the UK's tax, payments and customs authority – has disclosed cybercriminals posing as taxpayers claiming repayments in a series of phishing attacks resulted in a loss of GBP 47 million. Identity data previously stolen from HMRC systems was used to create PAYE accounts by the criminals to pay themselves a repayment or to access an existing account.
SO WHAT?
Strict online security measures should be in place to properly distinguish between legitimate users and impersonators.
[Researcher: Tlhalefo Dikolomela]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
