Surprise! The LockBit ransomware group has re-emerged, just days after a high-profile law enforcement operation seized control of its infrastructure and disrupted its operations.
Read more in my article on the Hot for Security blog.
Category: data breach
A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang.
Read more in my article on the Tripwire State of Security blog.
Heaven's above! Scammers are exploiting online funerals, and Lockbit - the "Walmart of Ransomware" - is dismantled in style by cyber cops.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
[By Richard Bird, Chief Security Officer, Traceable]
In the wake of the devastating cyber-attack on Kyivstar, Ukraine’s largest telecommunications service provider, it’s time for a blunt conversation in the boardrooms of global enterprises. As someone who has navigated the cybersecurity landscape for over 30 years, I’ve witnessed numerous security breaches, but the Kyivstar incident is a watershed moment. This isn’t just a breach; it’s a complete obliteration of a company’s internal infrastructure. And it happened to a company that was on high alert, operating in a war zone, and had heavily invested in cybersecurity.
The breach, attributed to the Russian military spy unit Sandworm, didn’t just disrupt services; it decimated Kyivstar’s core, wiping out thousands of virtual servers and causing communications chaos across Ukraine. The attackers demonstrated a frightening capability to exfiltrate a vast amount of personal data, including device location data, SMS messages, and potentially data that could lead to Telegram account takeover. This level of devastation doesn’t happen without exploiting fundamental weaknesses, and it points to a glaring oversight in many current cybersecurity strategies: the underestimation of API vulnerabilities.
Despite Kyivstar’s significant security investments, it’s evident that APIs and Layer 7 were not prioritized. This is a critical mistake that many are making. CEOs and CISOs around the world need to take their heads out of the sand. The Kyivstar breach is a clear demonstration of the catastrophic potential of modern cyber-attacks. It’s no longer about if your defenses will be breached, but when and how devastating it will be. The traditional approach to cybersecurity is no longer sufficient. We need to rethink our strategies, with a particular focus on securing APIs and fortifying every layer of our digital infrastructure.
This is a critical mistake that many are making.
The attack on Kyivstar took out mobile and home internet service for as many as 24 million people, signaling not just a corporate disaster but a national emergency. The financial implications were staggering, with nearly $100 million in revenue loss, underscoring the severe economic repercussions of such breaches. This incident should be a massive wake-up call. We’re not talking about mere data theft or temporary disruptions. The Russians have demonstrated that they can take down an entire company, exploiting the same vulnerabilities that threaten enterprises globally.
In response, hackers linked to Ukraine’s main spy agency breached computer systems at a Moscow-based internet provider, signaling a tit-for-tat in the cyber domain between Russia and Ukraine.
This escalation is not just a regional issue but a global one, serving as a stark warning to the West about the capabilities and intentions of state-sponsored cyber groups like Sandworm.
The Bottom Line
CEOs and CISOs around the world need to take their heads out of the sand. The Kyivstar breach is a clear demonstration of the catastrophic potential of modern cyber-attacks. It’s no longer about if your defenses will be breached, but when and how devastating it will be. The traditional approach to cybersecurity is no longer sufficient. We need to rethink our strategies, with a particular focus on securing APIs and fortifying every layer of our digital infrastructure.
The Kyivstar incident is a stark reminder of the evolving and increasingly destructive nature of cyber threats. As industry leaders, we must recognize this as a turning point and act swiftly to reinforce our defenses. It’s time to move beyond complacency and address the critical vulnerabilities that can lead to the downfall of our enterprises. The message is clear: bolster your cybersecurity or risk severe consequences. The choice is ours.
The post The Kyivstar Breach and Its Implications for Global Cybersecurity appeared first on Cybersecurity Insiders.
The office of South Korean president Yoon Suk Yeol has confirmed that North Korea hacked into the personal emails of one of its staff members.
Read more in my article on the Hot for Security blog.
Holy mackerel! AI is jumping on the religion bandwagon, ransomware gangs target hospitals, and what's happened to your old mobile phone number?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by "Ransomware Sommelier" Allan Liska.
A household name among American media companies, Verizon Communications on Wednesday began notifying employees that an insider may have gained access to their data. According to the breach notice to the Maine Attorney General, an unauthorized employee opened a file containing sensitive data of 63,206 other employees.
While customers are not believed to have been impacted in this breach, Verizon is warning that the exposed employee data could include Social Security Numbers, National Identifiers, full names, home addresses, DOBs, compensation information, gender, and union affiliations.
The unauthorized employee initially gained access to this document in September 2023, but Verizon did not discover the incident until December, almost 3 months later. At this time, it is unknown what the unauthorized employee may have done with the data, or if they intend to use it for nefarious purposes.
In the notification, Verizon states that there isn’t yet any evidence the data has been used maliciously. Fortunately, Verizon has taken steps to mitigate any potential fallout. In the statement, the company said, “We are working to ensure our technical controls are enhanced to help prevent this type of situation from reoccurring and are notifying applicable regulators about the matter.”
Verizon has also arranged for impacted individuals to receive free identity protection and credit monitoring services for 2 years.
“Verizon says they have no evidence the information was moved externally or used maliciously. Unless they are leaving out a key detail, this is about as innocuous as an ‘insider threat breach’ gets,” commented Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.
“I will say that this is a testament to the monitoring that Verizon is doing to have even noticed and acted upon it. I think it’s probably very common…and I mean happening all the time in most companies…that people who are not authorized to access particular data still do so. I remember this happening in companies I worked for 30 years ago. This is far from rare. What is different is that Verizon and many other companies are now looking for and monitoring these types of situations, and alerting impacted potential victims, if any. That’s progress!”
On the other hand, Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, explained the risks of insider threats, and some ways organizations can prevent it:
“Insider threats, whether intentional or inadvertent, represent a substantial and often underestimated risk to organizational security and data integrity. Insider threats are harder to discover and neutralize since they originate from within the organization’s trusted perimeter, unlike external threats, which may be more obvious and straightforward to detect. Of particular concern in insider attacks is the delayed detection of the breach. Organizations must utilize advanced threat detection tools to promptly discover and address any questionable activity or unusual network behaviour. Timely detection can significantly mitigate the impact of breaches and reduce the likelihood of prolonged exposure of sensitive data. Organizations, furthermore, must prioritize investments in staff training and awareness programs to educate employees about the importance of cybersecurity best practices.”
The question remains—was this incident the actions of a malicious actor, or was it simply an employee who clicked into the wrong document, never to think about it again? We may soon find out.
Roger Grimes wonders the same: “Did they simply look for it and stumble across it, or did they do something nefarious to access it? Either way, did Verizon address how it happened so it won’t happen in the future? That’s the question I put to any company suffering a data breach — how did it happen and was something done to prevent similar actions in the future?”
The post Verizon Breach – Malicious Insider or Innocuous Click? first appeared on IT Security Guru.
The post Verizon Breach – Malicious Insider or Innocuous Click? appeared first on IT Security Guru.
A significant cyber-attack has rocked France, with data from over 33 million individuals—roughly half of the country’s population—falling victim to this sophisticated breach earlier this month. This breach marks a potentially unprecedented event in the nation’s history, according to reports.
Yann Padova, a prominent data protection lawyer and former secretary general of France’s Data Protection Authority (CNIL), has raised alarm over the scale of the attack, estimating that nearly one in every two citizens could be impacted by the breach.
The targets of this digital onslaught were Viamedis and Almerys, two medical insurance providers, both succumbing to attacks within a mere five-day span. Initial investigations suggest that the data loss occurred as cybercriminals executed phishing attacks on unsuspecting employees, gaining access to credentials and subsequently infiltrating central record systems. Information such as social security numbers, marital status, dates of birth, insurance details, and policy coverage information were among the compromised data. Fortunately, critical data such as medical histories, postal addresses, contact details, and bank account information were stored on a separate server, safeguarding them from the attackers.
In response, the French CNIL has launched an inquiry into the cyber-attack and has determined that it was carried out by state-funded hackers. As efforts to recover from the incident are underway, certain services, including the “Tier Payment” system, will be temporarily unavailable to patients, and access to specific health records will be restricted.
Amidst this crisis, individuals are urged to exercise caution, verifying the authenticity of any communication requesting credentials and refraining from clicking on links provided in emails, messages, or calls. Vigilance is paramount in safeguarding against further breaches and protecting personal information from falling into the wrong hands.
The post France data breach triggers among half of the populace appeared first on Cybersecurity Insiders.
Two US insurance companies are warning that thousands of individuals' personal information may have been stolen after hackers compromised computer systems.
Read more in my article on the Hot for Security blog.
Data and software services firm Blackbaud's cybersecurity was criticised as "lax" and "shoddy" by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach.
Read more in my article on the Hot for Security blog.