Top news stories this week
- High risk. World-Check confirms breach after hacking group claims it stole millions of records.
- MITRE attacked. State hackers exploit Ivanti flaws in MITRE breach.
- Disruption. Carpetright's on- and offline business interrupted for a week due to cyber incident.
- Critical target. Russia-aligned cyber threat groups target critical infrastructure in the US and Ukraine.
- Ransomware round-up. Akira amasses USD 42 million in ransomware attacks in its first year; HelloKitty revived under new alias ‘HelloGookie’.
- Update undermined. North Korea-linked hackers compromise eScan antivirus updates with cryptominer malware.
1. Screening database World-Check confirms data breach
World-Check, a screening database used for “know your customer” checks, has confirmed it suffered a data breach after a hacking group known as GhostR threatened to leak 5.3 million records from the screening database. World-Check said the breach related to a data set owned by a third-party, which included a copy of one of its files.
So What?
Data breaches of sensitive information can be particularly damaging to a company's reputation. Organisations should conduct regular due diligence on their third-party vendors to ensure appropriate security controls are in place.
[Researcher: Waithera Junghae]
2. Zero-day vulnerabilities in Ivanti software exploited in state-sponsored attack on MITRE
The MITRE Corporation confirmed it was breached by state-sponsored hackers who exploited zero-day vulnerabilities in software from IT vendor Ivanti. The US-based cyber security research firm reported that no customer data was exposed and said it updated its security measures in response to the attack.
So what?
The existence of cyber security weaknesses can even impact organisations that adhere to and represent the highest of security measures. It is important for your business to consult expert advice, adopt best practices, and develop contingency plans.
[Researcher: Lawrence Copson]
3. Retail flooring chain Carpetright suffered business disruption for a week
Hackers targeted Carpetright’s headquarters in Essex, UK, by deploying malware to gain unauthorised access and disrupt operations. The disruption prevented customers from processing their online orders and employees from accessing payroll. Carpetright has claimed that the incident did not impact customer and employee data, as it isolated the virus beforehand.
So what?
The implementation of a comprehensive business continuity plan is vital to both mitigating risks and ensuring a rapid recovery of operations post-incident.
[Researcher: Lena Krummeich]
4. Russian hackers target Ukraine and US critical infrastructure
A hacktivist group known as Cyber Army of Russia Reborn has claimed responsibility for an attack on Tipton Wastewater Treatment Plant in the US state of Indiana. The same group was responsible for attacking a Texas water facility in January, which caused the water system to overflow.
Separately, the Computer Emergency Response Team of Ukraine found evidence that a Russian military intelligence unit known as Sandworm targeted 20 of the country's energy and water sites in March.
So what?
Critical infrastructure is a prime target for cybercriminals hoping to cause disruption. A multi-layered approach to defence and network segmentation will help mitigate the impact of such attacks.
[Researcher: Anna Tankovics]
5. Akira has successful first year; HelloKitty re-emerges as HelloGookie
Since they emerged in March 2023, the Akira ransomware group has impacted over 250 organisations worldwide, with significant targets including Nissan Australia and Lush Cosmetics.
Separately, the dormant HelloKitty ransomware has been revived under the new alias HelloGookie. The malware was initially recognised for large-scale breaches including CD Projekt Red in 2021. To mark its return, HelloGookie has released previously stolen data from CD Projekt Red and Cisco, and supplied private decryption keys for files affected by HelloKitty. To date, the group has added no new victims to its leak site.
So what?
Ransomware shows no sign of stopping. Organisations should ensure they have a well-rehearsed incident response plan in place in case of an attack by such groups.
[Researcher: Amy Gregan]
6. Cybercriminals use manipulated eScan antivirus updates to deploy GuptiMiner malware
Threat actors linked to North Korea have exploited the updating mechanism of the eScan antivirus software to deploy the GuptiMiner malware which installs crypto-miners into networks. The malware additionally deploys two backdoors into affected machines.
So what?
Antivirus solutions alone cannot completely secure your IT infrastructure. As cybercriminals continuously devise new ways to breach trusted procedures, persistent environment monitoring and rigorous screening of software updates are essential.
[Researcher: Lawrence Copson]