Top news stories this week
- Early retirement. Scattered Spider linked to new ransomware attacks despite retirement claims and member arrests.
- Unchained. Workers in Jaguar Land Rover supply chain face layoffs amid ongoing disruption.
- Who’s calling? Global telecoms respond to ransomware events.
- Insider cash out. FinTech companies Coinbase and FinWise victims of insider threats.
- Security Lapsus$. Google confirms compromise of data sharing platform.
- Sanction action. US sanctions cyber scam networks in Myanmar and Cambodia.
1. Scattered Spider linked to new ransomware attacks despite retirement claims and member arrests
A group of cybercriminals including Scattered Spider announced they were going dark in a post on BreachForums earlier this week. Despite this, security researches have linked the group to a recent intrusion targeting a US banking organisation.
Separately, two suspected members of Scattered Spider have been arrested and charged in the United Kingdom following an investigation into the hack of Transport for London (TfL) last year.
So what?
It’s not uncommon for high-profile threat groups to make false claims about retiring, especially when they feel pressure from law enforcement building up.
[Researcher: Milda Petraityte ]
2. Jaguar Land Rover cyberattack impacts supply chain workers’ jobs
A cyberattack on UK-based carmaker Jaguar Land Rover (JLR) is causing uncertainly over job security for workers at smaller companies involved in the manufacturing supply chain. According to the worker’s union Unite, employees facing layoffs or reduced pay have been told to apply for universal credit. The ongoing breach is reportedly costing JLR upwards of GBP 50 million per week.
So what?
In the absence of government support, businesses should consider cyber insurance as a risk mitigation strategy against the knock-on impact of major cyber incidents impacting key partners.
[Researcher: James Tytler]
3. Telecoms tackle threat actors with contrasting tactics
Major South Korean telecommunications companies, SK and KT Telecom, have each faced recent cyber incidents. SK Telecom denied the legitimacy of an alleged 100GB data leak following their incident in April this year, and KT Telecom have apologised whilst providing limited technical detail after confirming fraudulent mobile transactions have affected hundreds of users.
In parallel, UK based Colt Technology Services have estimated 8-10 weeks in recovery efforts will be required after suffering from a ransomware incident in August.
So what?
Organizations should offer clear responses and concrete recovery steps to help their customers react appropriately in the wake of data breaches; denials and incomplete explanations can erode trust between businesses and their customer base.
[Researcher: Steve Ross]
4. Coinbase and FinWise suffer insider breaches
Coinbase recently disclosed that an employee of third party customer support outsourcing firm TaskUs, bribed by cybercriminals, allegedly photographed customer data and sold the images for 200 USD.
Meanwhile, FinWise admitted that a former employee may have accessed sensitive customer records after their employment ended, affecting almost 700,000 people .
SO WHAT?
Insider threats consistently prove to be significant risks and can lead to large-scale exposure of personal data. Documented and efficient onboarding and offboarding processes should be enforced .
[Researcher: Lawrence Copson]
5. Google confirms compromise of law enforcement data sharing platform
Hackers linked to the Scattered Lapsus$ Hunters group created a fraudulent account in Google’s Law Enforcement Request System (LERS), a portal used by verified agencies to request user data. Google disabled the fake account, stated it made no requests and accessed no data, and has started investigating how the impersonation bypassed its verification process.
So What?
Organizations must implement rigorous identity verification measures and increased oversight in systems that grant powerful data access.
[Researcher: Jenny Eysert]
6. US sanctions cyber scam networks in Myanmar and Cambodia
The United States imposed sanctions on cyber scam operators in Myanmar and Cambodia, placing these cybercriminals alongside the likes of ransomware operators, advanced persistent threat groups and others facilitating cyber crime. The sanctioned entities included nine companies and individuals in Shwe Kokko, a town on the Thai border.
SO WHAT?
Sanctions are another tool countries can use to clamp down on cyber crime. Sanctions combat scam camps by imposing travel bans and asset freezes on individuals and entities linked to these operations, thereby disrupting their ability to operate and launder money.
[Researcher: Lester Lim]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
