Top news stories this week
- Still MOVEing. Amazon employee data stolen during 2023 MOVEit attacks resurfaces.
- Zero days. Cyber security agencies report surge in exploitation of software vulnerabilities in 2023.
- Counting the cost. Halliburton reports USD 35 million loss after August ransomware attack.
- Stop the spread. Ahold Delhaize cyber security incident impacts multiple U.S. grocery stores.
- Mixchief. Founder of bitcoin cryptocurrency mixer encounters 12.5 years in prison.
- Top secret tumble. US Air National Guard faces 15 years in prison for discord data leak.
1. Amazon employee data from MOVEit breach resurfaces on dark web
A threat actor called Name3l3ss has released 2.8 million lines of Amazon employee data on a dark web forum, along with data from 25 other major companies, claiming they downloaded the information through leak sites and exposed cloud containers. Amazon confirmed the data came from a breach involving its third-party service provider. The data is likely to have taken in part from the 2023 MOVEit attack.
So What?
Dark web monitoring is vital for detecting sensitive data leaks early, allowing organisations to respond swiftly to breaches by identifying compromised information and mitigating potential damage.
[Researcher: Aditya Ganjam Mahesh]
2. Increase in zero day vulnerabilities exploited in 2023
According to a joint report by major Western cyber security agencies, malicious cyber actors exploited more new software vulnerabilities to compromise networks in 2023 than in 2022. The advisory outlines that 11 of the top 15 had no patches available at their initial time of exploitation, making them ‘zero days’. Separately, Microsoft have released patches for four zero days in November’s patch Tuesday.
So what?
It is important to have an attack surface management program that can quickly respond to vendor advisories and implement patches for newly released vulnerabilities.
[Researcher: David Broome]
3. August ransomware attack cost Halliburton USD 35 million
US oil giant Halliburton has reported losses of USD 35 million following an August ransomware attack by the RansomHub threat group. The company reportedly took proactive measures to shut down IT systems and disconnect from customers in response, causing major disruption.
So what?
Costs tied to ransomware attacks can spiral and continue to grow depending on the impact of a data breach. Organisations should ensure they have well-tested ransomware resilience plans to mitigate the operational impacts of a cyber incident.
[Researcher: Waithera Junghae]
4. Ahold Delhaize cyber security incident impacts multiple U.S. retailers
The Dutch company Ahold Delhaize, which is a parent company of U.S. brands Stop & Shop, Hannaford and Food Lion, has been hit by a cyber attack within its U.S. network. This issue has affected its online e-commerce operations, although the physical stores are still able to accept credit cards and process some pharmacy orders.
SO WHAT?
Organisations should segregate the networks of their separate businesses and brands to prevent the spread of cyber security incidents.
[Researcher: Milda Petraityte]
5. Founder of Bitcoin Fog mixer sentenced for facilitating money laundering
The founder of the Fog cryptocurrency mixer was sentenced to 12.5 years in prison in the US for money laundering activities from 2011 to 2021. During this period, the mixer was used to obscure the origins of illicit funds by blending the cryptocurrencies of multiple users. These mixers play a critical role for those looking to hide illegal transactions, since the mixers make it hard to trace funds back.
SO WHAT?
Because Bitcoin transactions are not anonymous, mixers are an important ‘service’ used by threat actors to help obscure the flow of funds. S-RM can assist with analysis of Bitcoin transactions related to incidents and other fraudulent activity.
.[Researcher: Lena Krummeich]
6. 22-year-old sentenced to 15 years in prison for leaking classified documents on Discord
A 22-year-old former US Air National Guard and cyber defense operations member, Jack Teixeira, was sentenced to 15 years in prison after leaking highly classified documents and intelligence on the social media platform Discord. The leaked documents contained US and NATO strategies for aiding Ukraine, details about British and US personnel, and information regarding a Chinese drone initiative.
So what?
Government departments and private organisations alike should implement robust security controls to protect sensitive data.
[Researcher: Lawrence Copson]