It's the beginning of a new week, and that means a new round up of what's been going on in the world of cyber security and data protection over the last 7 days!

 

24/10/22 - Pendragon Car Dealer Refuses $60 Million LockBit Ransomware Demand

Pendragon Group, who operate over 200 UK car dealerships, has had their network breached by the LockBit ransomware gang. The group has rejected the criminal gang’s demands for a $60 million ransom, reporting the incident to both the police and the data protection office. Pendragon stated that their IT teams responded immediately, that the hackers were able to access only 5% of the company’s data, and that the breach did not impact the organisations ability to operate as normal. (Bleeping Computer)

 

24/10/22 - Complacency Biggest Cyber Risk To UK PLC, Says ICO

Information commissioner John Edwards has warned that complacency is the biggest risk to UK business rather than the actions of organised criminal groups. Edwards stated that by ignoring crucial measures such as software patching, employee training, monitoring for suspicious activity and by failing to listen to warnings, organisations are leaving themselves vulnerable to attack. The statement was made as the Information Commissioner’s Office issued construction firm Interserve with a £4.4 million fine for its actions following a data breach that compromised 283 systems and 16 accounts, exposing over 100,000 employee records. (Computer Weekly)

 

25/10/22 - Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

The Hive Ransomware as a Service group has claimed responsibility for the recent breach at Tata Power, India’s largest integrated power company. Hive has been observed leaking exfiltrated data prior to encrypting Tata’s systems, which allegedly contains information including client contracts, agreement documents and other sensitive information such as emails and addresses. The leaking of data would indicate that Tata Power refused to pay Hive’s ransom demands. (The Hacker News)

 

27/10/22 - Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

Australian health insurance firm Medibank has disclosed that all of its customers personal information, including personal and health claims data, has been accessed by an unauthorised entity following a recent ransomware attack. As one of Australia’s largest health insurance providers, Medibank servers over 3.9 million customers across the whole country. The company is still analysing what specific data has been stolen and will directly notify any affected customers but has been contacted by a threat actor claiming to have stolen 200GB of data. (The Hacker News)

 

28/10/22 - Hackers Use Microsoft IIS Web Server Logs To Control Malware

Hacking group Cranefly has been observed using a previously unseen technique to control their malware on infected devices. By manipulating Microsoft Internet Information Services (IIS) logs, the group is able to send commands to any backdoor malware on infected devices – Malware usually receives commands through network connections, however organisations usually monitor network activity. Server logs, on the other hand, are rarely monitored and therefore this reduces the chance that malware will be detected. Alongside monitoring server logs for web shells, IT teams should also now be wary of command strings (Bleeping Computer)

 

28/10/22 - Largest EU Copper Producer Aurubis Suffers Cyberattack, IT Outage

German copper producer Aurubis, the largest in Europe, has been forced to shut down its IT systems to prevent the spread of a cyber attack. Despite the disruption to their IT systems, production has not been impacted, and Aurubis is now working with local law enforcement to assess the impact of the attack. The company has said that they do not know how long it will take to get their systems back to normal, with the only way to reach the company now by phone, and while they have not provided any further details on the attack it carries all the typical signs of ransomware (Bleeping Computer)

 

21/10/22 - Truss Phone Was Hacked By Suspected Putin Agents When She Was Foreign Minister, The Daily Mail Reports

Former Prime Minister Liz Truss’ personal phone was hacked by Russian agents during her term as Foreign Secretary, exposing top secret details of negotiations with foreign allies and also private conversations with Kwasi Kwarteng, another senior government minister at the time. The messages included secure information about the war in Ukraine, with up to a years worth being downloaded. The government has released a statement saying that there are robust systems in place to protect against cyber threats, and that ministers receive regular security briefings. (Reuters)

 

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so contact Celerity to find out how we could protect your business!

Callum Graham-Rack

Written by Callum Graham-Rack