Top news stories this week
- Cyber crisis on aisle 5. Whole Foods supply chain impacted by incident at distributor UNFI.
- Running low. UK blood supply still disrupted one year after cyberattack on pathology provider.
- I fought the law. Joint multi-national operations dismantle criminal networks across Asia.
- Leaky business. Database containing billions of records of Chinese citizens exposed.
- Patch now. Windows, Salesforce and Fortinet urge to patch latest identified vulnerabilities.
- I spy. Ransomware attacks increasingly using legitimate employee monitoring tools.
1. Whole Foods faces supply chain disruption after cyber incident at distributor UNFI
United Natural Foods, Inc. (UNFI), a major US health food wholesaler and primary distributor for Whole Foods, took some systems offline after a cyberattack caused temporary disruptions. Whole Foods customers have reported empty shelves and smaller deliveries whilst UNFI’s share value declined after the disclosure of the attack.
Separately, UK retailer Marks and Spencer have restarted their online operations after being disrupted for over six weeks due to a major ransomware attack in April.
So what?
The wave of recent cyberattacks on the retail sector has highlighted the potential for major disruption to supply chains. Organizations should conduct regular table top exercises to test their crisis response plans before they are needed.
[Researcher: Lawrence Copson]
2. UK blood supplies still disrupted one year after Synnovis ransomware attack
Following a ransomware attack last year that disrupted pathology services at several London healthcare organisations, the NHS has urgently called for blood donors to come forward in England. The incident has resulted in hospitals reporting depleted reserves and seeking urgent donations of O-negative blood type, which can be received by all patients, due to difficulties in quickly matching patients' blood types which led to the current shortage.
So what?
Cyberattacks can lead to unforeseen long-term consequences. To defend against evolving cyber threats, organizations must consistently invest in cyber security and foster a culture that prioritizes security awareness.
[Researcher: Aditya Ganjam Mahesh]
3. Joint multi-national operations by law enforcement dismantle Asian criminal networks
An INTERPOL-coordinated joint action, named Operation Secure, has dismantled over 20,000 malicious IP addresses or domains linked to 69 information-stealing malware variants. 32 suspects were arrested in Vietnam, Sri Lanka and Nauru in the operation which involved law enforcement agencies from 26 countries.
Separately, India’s Central Bureau of Investigation worked with the National Police Agency of Japan as part of an initiative called Operation Chakra V to dismantle illegal call centres found to be engaging in a sophisticated transnational tech support scam targeting Japanese users.
So what?
It is encouraging to witness increasingly frequent news of successful joint law enforcement actions, demonstrating cross-jurisdictional cooperation resulting in favorable outcomes.
[Researcher: Lester Lim]
4. Massive database of Chinese citizens' personal data exposed on cloud platform
Cybersecurity researchers discovered an exposed structured database containing billions of records, potentially impacting hundreds of millions of Chinese citizens. The database was not password protected and included documents with financial data, details from WeChat and AliPay, and other sensitive personal data. The source of the data is unclear, but the incident has been described as the largest ever data leak impacting China.
SO WHAT?
Organizations should regularly monitor the external perimeter of their cloud environments and ensure that sensitive databases are not left exposed and publicly accessible.
[Researcher: Tlhalefo Dikolomela]
5. Fortinet, Windows, and Salesforce urge patching for critical vulnerabilities
Fortinet has addressed a critical vulnerability impacting several of its products, including FortiManager, FortiAnalyzer, and FortiAnalyzer-Cloud. This vulnerability allows local attackers with low privileges to execute unauthorized code. Salesforce identified five zero-day vulnerabilities and 15 configuration issues in its Industry Cloud; three have been fixed, while two require customer action based on provided instructions. Lastly, Windows identified a critical vulnerability that allows attackers to get privileged access to systems.
So What?
These discoveries highlight the urgent need for constant vigilance and regular security updates to avoid exploitation by malicious actors.
[Researcher: Lena Krummeich]
6. Ransomware groups use legitimate employee monitoring software in attacks
There is an increasing trend of legitimate employee monitoring software tools being deployed during ransomware attacks. In one recent Fog ransomware attack on an Asian financial institution, threat actors used the tool Syteca to capture credentials and other sensitive information.
Separately, security researchers have observed the tool Kickider in Qillin and Hunters international ransomware attacks.
SO WHAT?
Threat actors increasingly avoid deploying malware and rely on legitimate tools during the consolidation and preparation phases of their attack to evade detection. Organisations should check for unusual installations or usage of employee monitoring software.
[Researcher: Mark Farley]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
