As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 35, 2024
Information security updates and events from the past week
1 – The Seattle airport suffers from extensive disruptions due to a cyber-attack.
Following the attack, various services were shut down, including email services, telephones, websites, and more, and noticeable disruptions in the baggage sorting processes, the terminal screens, passenger registration for flights, etc.
At this stage it is not known what the nature of the attack is and who is responsible for what is happening, the airport stated that they are trying to deal with the issue as quickly as possible but there is no expectation of a full return to normalcy, the enforcement agencies are aware and involved in the treatment.
2 – Hackers attack French government websites
Hackers attacked French government websites with DDoS attacks in support of arrested Telegram founder and owner Pavel Dorf.
The targets of these attacks were government platforms, public service portals, an online appointment system for doctors and non-governmental websites such as the Institute of Social and Political Sciences and the daily newspaper La Voix du Nord.
3 – The Hunters attack group advertises the US Marshals Service on the leak site.
The United States Marshals Service is part of the American security forces. It is the oldest federal security organization in the United States. The Marshals Service belongs to the United States Department of Justice and its job definition is to protect the United States judicial system.
The group publishes several sample documents it supposedly stole from the organization’s network and claims that it will publish the rest of the information within a few days if the ransom is not paid.
It is important to emphasize that the information held by the service is very sensitive information that also belongs to the organization of the federal program for witness protection, locating escaped prisoners, protecting judges, and more.
This is the second time that the service has suffered a ransomware attack after a similar attack was also published in the media in February 2023.
4 – The company Microchip Technology, which specializes in the production of semiconductors and supplies chips to the American defense industry, suffered a major cyber-attack a few days ago
The attack significantly disrupted the company’s activities, especially in some of its factories, and affected its ability to fulfill orders.
The company detected suspicious activity on its IT systems on August 17, and by August 19 it had confirmed that several servers and business processes were affected by the attack.
In response to this breach, the company isolated the affected systems and shut down some of them as a precaution. The company also brought in external cyber security experts to assist in the investigation and return of operations to normal.
So far, the company has not determined whether this incident has a significant financial impact, but estimates indicate that it is a ransomware attack.
No attack group has yet claimed responsibility for the attack, but the group is apparently awaiting progress in negotiations before making the announcement.
5 – The DICK’s sports equipment chain says that confidential data was exposed in a cyber attack
DICK’S Sporting Goods, the largest chain of sporting goods stores in the United States, disclosed that confidential information was exposed in a cyber-attack detected last Wednesday.
Founded in 1948, the company operates 857 stores across the United States and reported revenue of $12.98 billion in 2023. As of February 2024, the company employs over 55,500 people (18,900 full-time and 36,600 part-time).
According to the filing with the US Securities and Exchange Commission (SEC), the company hired external cybersecurity experts to help contain the security breach and assess the impact of the cyber-attack.
6 – Iranian hackers target US and UAE targets with custom tool.
Hackers linked to the Iranian government are deploying custom malware to compromise targets in the satellite, oil and gas, telecommunications and government sectors in the United States and the United Arab Emirates, according to research Microsoft released Wednesday.
The group at the center of the report is, according to Microsoft, Peach Sandstorm but is also known as APT33 and Refined Kitten, among other aliases.
The group recently deployed the malware known as Tickler. Microsoft monitored Tickler activity from April to July. It relies on infrastructure from Microsoft’s own Azure cloud computing platform, using fake subscriptions controlled by the attackers.
“Microsoft assesses that Peach Sandstorm is operating on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC) based on the group’s casualties and operational focus,” the company said in its report. the Iranian”.
7 – Patelco Credit Union says breach affects 726,000 customers after ransomware data auctions
California-based Patelco Credit Union is notifying customers and employees of a data breach after a ransomware group was able to steal databases containing personal information from its systems.
The organization revealed in a data breach notice on its website that it detected a ransomware attack that involved unauthorized access to its databases on June 29. An investigation revealed that hackers had access to his systems between May 23 and June 29.
Patelco determined that the compromised information included names, social security numbers, driver’s license numbers, dates of birth and email addresses, but noted that not every piece of data was compromised for every individual.
8 – The American Radio Relay League approved a million-dollar ransom payment
The American Radio League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor to recover encrypted systems in a ransomware attack in May.
After discovering the incident, the National Amateur Radio Society shut down affected systems to contain the breach. A month later, it said its network had been hacked by a “malicious international cyber group” in a “sophisticated cyber-attack”.
While the organization has not yet linked the attack to a specific ransomware operation, sources said the Embargo ransomware gang is behind the breach.
The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
