As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 31, 2024
Information security updates and events from the past week
1 – A ransomware attack on c-edge technologies led to the shutdown of about 300 banks in India.
Following a ransom attack on the company c-edge technologies, which provides banks with various technological systems, about 300 banks in India had to stop their activities.
The National Payments Corporation of India (NPCI) has proactively disconnected all c-edge technologies from the country’s payment system to prevent the spread of the malware.
2 – The OneBlood organization, which collects blood donations and distributes them to hospitals in the US, reports a ransomware attack causing widespread disruptions in the processing of blood donations and publishes an urgent call for donations.
Following the attack on the organization, a shortage of blood units is expected, and the organization urgently calls on donors with blood type O+- to come and donate.
3 – Fresnillo PLC, the largest silver mining company in the world and the leader in gold mining, reports that it is suffering from a cyber-attack.
In a report published by the company, it claims that an unauthorized party managed to access several systems. However, as of now, the attack has no impact on mining activity and is not expected to have a financial impact.
4 – Healthcare giant Cencora confirmed this week that personally identifiable information (PII) and protected health information (PHI) were stolen in a February 2024 cyber-attack.
The incident was identified on February 21 and disclosed a few days later in a regulatory filing, when the company said that personal information had been leaked from its systems.
In a July 31 filing with the Securities and Exchange Commission (SEC), Cencora said that “additional data, beyond what was initially identified, has been released.”
The company has identified and completed its review of most of the data. That review confirmed that the data included personally identifiable information and protected health information about individuals, most of which is maintained by a subsidiary of the company that provides patient support services, Cencora said.
In addition, it stated that the attack did not have a material impact on its activities, and its systems remained fully operational and that no material impact on the financial situation or the result of the activity is expected.
5 – The world’s leading silver producer Fresnillo reveals a cyber attack
The world’s largest silver maker and a leading global producer of gold, copper and zinc, Fresnillo PLC, said attackers gained access to data stored on its systems during a recent cyberattack.
The mining giant revealed on Tuesday that it was “under a cyber security incident that resulted in unauthorized access to certain IT systems and data.”
Upon discovery of the attack, Fresnillo initiated response measures to contain the breach, and its IT experts are investigating and assessing the impact of the incident in coordination with external forensic experts.
6 – Microsoft claims the massive Azure outage was caused by a DDoS attack
Microsoft today confirmed that the nine-hour outage on Tuesday, which brought down and disrupted multiple Microsoft 365 and azure services around the world, was triggered by a distributed denial of service (DDoS) attack.
The outage affected Microsoft Entra, some Microsoft 365 and Microsoft Purview services (including Intune, Power BI and Power Platform), as well as Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy and Azure Portal.
The company confirmed in a statement released today that the main reason for yesterday’s outage was a DDoS attack, although it has not yet linked it to a specific threat actor.
7 – An online security breach led to the leak of information of 40 million UK voters
The Information Commissioner’s Office said the Electoral Commission had not updated its servers with the latest security updates before the data breach, which occurred in August 2021 but was not detected until October 2022.
Earlier this year, the Conservative government blamed the data breach on Chinese hackers and summoned Beijing’s ambassador to the UK to explain his country’s actions.
The US also blamed Chinese hackers targeting US businesses, officials, journalists and politicians, as the US and UK announced joint sanctions. New Zealand has also raised concerns with China about its involvement in a planned attack on the country’s parliament in 2021.
A breach in the UK allegedly resulted in Beijing’s access to the personal details of around 40 million voters held by the Election Commission.
8 – A cyber gang leaks documents stolen from the Pentagon’s IT provider
Hackers have published internal documents stolen from one of America’s largest IT service providers, whose clients include various US government agencies, including the Department of Defense.
Bloomberg reports that the leaked data, which belonged to Virginia-based Leidos Holdings, was captured by hackers during a previously reported 2022 breach of software company Diligent.
According to reports, the cybercriminal gang that leaked the data is the Russian-linked Trigona ransomware group, whose past victims have included Mexican telecom company Claro.
https://www.computing.co.uk/news/4339649/pentagon-contractor-leidos-hit-breach
9 – The French government is investigating a recent malware attack that affected 3,000 machines
The attack, part of a wider botnet operation affecting millions around the world, has raised serious concerns about cyber security as France prepares to host the upcoming Olympic Games.
The investigation began following a report by Sekoia, a cyber security company, that detected PlugX malware in many systems.
The Remote Access Trojan (RAT) allows attackers to execute arbitrary commands and steal data from infected machines.
According to the Tribunal De Paris Justice report, the malware was mainly distributed via infected USB drives.
Sekoia’s analysts were able to locate and take over the command and control (C2) server that engineered the botnet.
This server was responsible for issuing commands to the infected machines, numbering millions around the world.
In France alone, 3,000 machines were affected, receiving instructions from the C2 server and almost 100,000 more victims every day.
10 – Ukraine’s cyber operation disabled the ATM services of major Russian banks
Ukraine launched a massive cyber-attack against ATMs of Russian banks, the cyber operation began on July 23.
A Ukrainian intelligence source told the Kyiv Post that the attack is described as “gaining momentum”. The hacking campaign is part of the ongoing cyber operation within the wider conflict between Russia and Ukraine. The list of hacked Russian banks includes Dom.RF, VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank and iBank.
Many banks customers’ debit and credit cards were immediately blocked when they tried to use ATMs. The attack included freezing bank payment systems and mobile apps, causing outages in personal offices and preventing payments for public transportation.
The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.