19 July 2024

6 min read

Global CrowdStrike outage takes banks, airlines, and media outlets offline | Cyber Intelligence Briefing: 19 July

July 2024
Cyber Intelligence Briefing: 19 July

Top news stories this week

  1. Struck down. Global CrowdStrike outage takes banks, airlines, and media outlets offline.
  2. Resilience. UK plans to introduce new cyber law in the wake of crippling NHS attack.
  3. Inside Out. 1TB of internal Disney data allegedly leaked by hacktivists.
  4. Ransomed. AT&T and CDK Global pay large ransoms following cyber attacks.
  5. Chopped. Interpol operation against Black Axe cybercrime group in West Africa.
  6. Cheque please. UnitedHealth Group puts impact of recent cyber incident at over USD 2.3 billion. 

Zywave IR Team of the Year 2024

 

1. Global CrowdStrike outage takes banks, airlines, and media outlets offline

Several organisations in countries including the US, UK, Australia, New Zealand, Singapore, India, Japan and Spain, have been hit by a major global IT outage. The outage, which has taken banks, airlines, railways and media outlets offline, is reportedly linked to a software update for the endpoint detection and response software from US cyber security technology company CrowdStrike.

So What?

The incident underscores the importance of having robust disaster recovery plans in case of major IT outages. See our advice here if your organisation has been impacted.

[Researcher: Waithera Junghae] 


2. UK to introduce new cyber law after crippling NHS attack 

The UK government has announced it will introduce a new Cyber Security and Resilience Bill which will include mandatory reporting requirements for certain regulated companies hit by cyber attacks. The newly-elected government revealed the plans a month after a ransomware attack caused significant disruption to several London NHS hospitals and primary care providers.

So what?

The new UK government has signaled its intention to focus on combatting cyber threats. Organisations closely monitor developments to ensure they are prepared for any new mandatory disclosure requirements.

[Researcher: Waithera Junghae]


3. Hacktivist group publishes terabyte of data supposedly belonging to Disney

Hacktivist group Nullbulge has uploaded data purportedly sourced from Disney’s internal Slack channel on a breach forum used by cyber criminals. The group claims to have exfiltrated 1.1 TB of data from the conglomerate with the assistance of an insider and declared that its motivation for the attack was Disney’s mistreatment of artists and use of AI generated art.

The leaked data includes unreleased projects, raw images, internal API and code. Disney is investigating the threat actor’s claims.

So what?

The increased use of artificial intelligence by organisations has drawn the attention of hacktivist groups. It is important to evaluate how the implementation of certain technologies may affect your risk profile.

[Researcher: Adelaide Parker]


4. AT&T and CDK Global pay large ransoms following cyber attacks

Following the AT&T data breach linked to Snowflake, one of the threat actors responsible for the breach has alleged that AT&T paid the equivalent of USD 370,000 in ransom to delete the stolen data. The company paid the ransom in Bitcoin, which the threat actors then laundered through multiple cryptocurrency exchanges and wallets. Separately, CDK Global, which suffered a ransomware attack in June, reportedly paid USD 25 million in ransom to the threat actors.

SO WHAT? 

Organisations should carry out careful due diligence before making ransom payments to ensure they are not paying sanctioned entities.

[Researcher: Aditya Ganjam Mahesh]


5. Interpol takes down Black Axe cybercrime group in West Africa

A major law enforcement operation has resulted in 300 arrests and the seizure of assets worth USD 3 million. Operation Jackal III impacted the notorious Black Axe syndicate and a wider Nigerian-led criminal network across Europe and Argentina. The gangs were known for business email compromise (BEC), romance fraud, various financial crimes and physical violence.

SO WHAT? 

While Operation Jackal III has caused a certain impact to cybercrime, the criminal gangs tend to regroup and resurrect, and the impact to the amount of BEC cases remains to be seen.

[Researcher: Milda Petraityte]


6. Financial loss from UnitedHealth Group incident in billions

UnitedHealth Group has estimated that the total financial damage related to the ransomware attack on Change Healthcare in February will cost the company between USD 2.3 and USD 2.45 billion in 2024. The attack shut down Change Healthcare’s payment and billing system, causing major disruption with insurance approvals.

So what?

The financial impact of ransomware attacks on large enterprises can be astronomical, and continue to be felt even once the business has recovered operationally.  

[Researcher: Lena Krummeich]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.