It's the beginning of a new week, and that means a new round up of what's been going on in the world of cyber security and data protection over the last 7 days!
Pendragon Group, who operate over 200 UK car dealerships, has had their network breached by the LockBit ransomware gang. The group has rejected the criminal gang’s demands for a $60 million ransom, reporting the incident to both the police and the data protection office. Pendragon stated that their IT teams responded immediately, that the hackers were able to access only 5% of the company’s data, and that the breach did not impact the organisations ability to operate as normal. (Bleeping Computer)
Information commissioner John Edwards has warned that complacency is the biggest risk to UK business rather than the actions of organised criminal groups. Edwards stated that by ignoring crucial measures such as software patching, employee training, monitoring for suspicious activity and by failing to listen to warnings, organisations are leaving themselves vulnerable to attack. The statement was made as the Information Commissioner’s Office issued construction firm Interserve with a £4.4 million fine for its actions following a data breach that compromised 283 systems and 16 accounts, exposing over 100,000 employee records. (Computer Weekly)
The Hive Ransomware as a Service group has claimed responsibility for the recent breach at Tata Power, India’s largest integrated power company. Hive has been observed leaking exfiltrated data prior to encrypting Tata’s systems, which allegedly contains information including client contracts, agreement documents and other sensitive information such as emails and addresses. The leaking of data would indicate that Tata Power refused to pay Hive’s ransom demands. (The Hacker News)
Australian health insurance firm Medibank has disclosed that all of its customers personal information, including personal and health claims data, has been accessed by an unauthorised entity following a recent ransomware attack. As one of Australia’s largest health insurance providers, Medibank servers over 3.9 million customers across the whole country. The company is still analysing what specific data has been stolen and will directly notify any affected customers but has been contacted by a threat actor claiming to have stolen 200GB of data. (The Hacker News)
Hacking group Cranefly has been observed using a previously unseen technique to control their malware on infected devices. By manipulating Microsoft Internet Information Services (IIS) logs, the group is able to send commands to any backdoor malware on infected devices – Malware usually receives commands through network connections, however organisations usually monitor network activity. Server logs, on the other hand, are rarely monitored and therefore this reduces the chance that malware will be detected. Alongside monitoring server logs for web shells, IT teams should also now be wary of command strings (Bleeping Computer)
German copper producer Aurubis, the largest in Europe, has been forced to shut down its IT systems to prevent the spread of a cyber attack. Despite the disruption to their IT systems, production has not been impacted, and Aurubis is now working with local law enforcement to assess the impact of the attack. The company has said that they do not know how long it will take to get their systems back to normal, with the only way to reach the company now by phone, and while they have not provided any further details on the attack it carries all the typical signs of ransomware (Bleeping Computer)
Former Prime Minister Liz Truss’ personal phone was hacked by Russian agents during her term as Foreign Secretary, exposing top secret details of negotiations with foreign allies and also private conversations with Kwasi Kwarteng, another senior government minister at the time. The messages included secure information about the war in Ukraine, with up to a years worth being downloaded. The government has released a statement saying that there are robust systems in place to protect against cyber threats, and that ministers receive regular security briefings. (Reuters)