Top news stories this week
- Reprimanded. ICO reprimands the UK Electoral Commission for poor security practices.
- East meets West. Russian hackers released as part of multinational prison swap; Russia-linked Dark Angels receives a record-breaking ransom.
- Access granted. Threat actors exploit VMware authentication bypass vulnerability.
- Hackers draw blood. US non-profit organisation OneBlood hit by ransomware attack.
- EchoSpoofed. Proofpoint vulnerability allowed attackers to spoof millions of emails.
- Botched job. Microsoft accidentally amplified a DDoS attack causing a ten-hour service outage.
1. The UK Electoral Commission criticised for data breach
The ICO has reprimanded the UK Electoral Commission for the 2021 cyber incident that enabled hackers to gain access to the personal information of 40 million people. Hackers were able to exploit system vulnerabilities that the Commission had failed to address, despite the availability of patches for several months.
So What?
A properly implemented patch management process reduces the likelihood of missing important vulnerabilities that could be exploited by a threat actor.
[Researcher: Adelaide Parker]
2. US releases Russian hackers in prison swap; Dark Angels receives record USD 75 million ransom
Russian hackers including Vladimir Dunaev, who helped develop Trickbot malware, have reportedly been released as part of a multinational prisoner exchange between Russia and the West.
Meanwhile, researchers have revealed that in 2023 Russian-speaking ransomware groups obtained at least 69 percent of all ransomware proceeds, exceeding USD 500 million. Separate research found that in 2024, the Russian-linked ransomware group Dark Angels received a record-breaking ransom of USD 75 million.
So what?
This news highlights the pivotal role Russian cyber criminals play in the global cyber threat landscape. The success of ransomware gangs, especially the record USD 75 million ransom, is likely to inspire more ransomware operations.
[Researcher: Milda Petraityte]
3. Ransomware groups leverage authentication vulnerability to access ESXi hosts
Threat actors are actively exploiting a VMware ESXi authentication bypass vulnerability (CVE-2024-37085) that permits full access to ESXi hypervisors. Once exploited, threat actors are reportedly encrypting the hypervisors file systems, exfiltrating data, and moving laterally through victims’ networks.
So what?
Organisations that are vulnerable should patch immediately and conduct investigations to identify if the security flaw has been exploited.
[Researcher: Jon Seland]
4. Non-profit organisation OneBlood hit by ransomware attack
A ransomware attack hit OneBlood, a major blood donation non-profit in the Southeastern US, encrypting its VMware infrastructure and severely impacting operations. The responsible threat group reportedly exploited the VMware ESXi vulnerability described in our story above. OneBlood has advised the more than 250 hospitals it serves to activate their critical blood shortage protocols.
SO WHAT?
Threat actors are aggressively targeting critical healthcare organisations. This incident highlights the life threatening impacts that ransomware attacks can have on critical infrastructure.
[Researcher: Aditya Ganjam Mahesh]
5. Exploitation of Proofpoint flaw allowed attackers to spoof millions of emails
A vulnerability in Proofpoint’s email relay servers allowed threat actors to send out millions of phishing emails in a campaign dubbed “EchoSpoofing”, impersonating companies such as Disney, Coca-Cola, and Nike. The flaw enabled attackers to bypass spam filters to send out millions of spoofed emails.
SO WHAT?
Organisations should keep up to date with evolving phishing tactics and follow the latest guidelines published by Proofpoint.
[Researcher: Anna Tankovics]
6. Microsoft accidentally amplifies a DDoS attack causing a ten-hour service outage
Microsoft has blamed an error in the implementation of their defences for failing to mitigate a distributed denial-of-service (DDoS) attack and instead amplifying it, resulting in a ten-hour outage affecting Microsoft Azure and 365 services.
So what?
It is important to regularly simulate DDoS attacks against your infrastructure to test your defences, particularly if availability of systems underpins your organisation’s critical operations.
[Researcher: David Broome]