Top news stories this week
- Stuffed. Ransomware attack on Blue Yonder causes supply chain havoc before Thanksgiving.
- Breaking ground. Russian state-linked group compromises victims via Wi-Fi network.
- Data digest. lnfluencer's platform breached and French patient data exposed on criminal forum.
- Check your privilege. Canadian privacy commissioners publish LifeLabs data breach report.
- Operation Serengeti. Interpol and Afripol arrest over 1,000 individuals involved in cyber crime.
- Critical condition. Cyber attack severely disrupts UK hospitals.
1. Ransomware attack on Blue Yonder has customer knock-on effects
Arizona-based digital supply chain technology vendor Blue Yonder is still recovering from a ransomware attack on part of its cloud estate last week. The attack caused disruption to a number of the firm’s clients, including major UK retailers Morrisons and Sainsbury's. Other customers including Mitsubishi, Carlsberg, and DHL confirmed they were not impacted.
So What?
To avoid disruption from attacks on suppliers, organisations should build resilience and test organisational operating procedures for scenarios where suppliers or services are unavailable.
[Researcher: James Tytler]
2. Russian state-linked threat actor used Wi-Fi network to compromise US victims
Security researchers have revealed that in 2022, a Russian state-linked hacking group breached US-based organisations by compromising the Wi-Fi networks of nearby businesses. This novel technique has been named a ‘nearest neighbour’ attack.
Separately, Bangkok police arrested an individual driving a van containing an ‘SMS Blaster’, which was used to send almost one million phishing texts to phones in a nearby radius.
So what?
While most cyber attacks are carried out remotely over vast distances, it’s pertinent to secure Wi-Fi networks and protect against other attack vectors which depend on physical proximity as these can be exploited by novel methods.
[Researcher: David Broome]
3. 'The Real World' platform breached and French patient records dumped on dark web forum
The online 'university' platform of controversial influencer Andrew Tate has been hacked, impacting approximately 800,000 past and present users. The hacktivist group responsible exploited a misconfigured database to gain access to subscriber data.
Separately, the medical records of over 750,000 patients in France have been exposed after a hacker compromised the patient record system MediBoard. The exposed records include prescriptions, addresses, physician information, names, and medical history.
So what?
Organisations should ensure sensitive data has appropriate safeguards in place to prevent unauthorised access.
[Researcher: Adelaide Parker]
4. Court orders publication of LifeLabs data breach report
The investigation report on a 2019 data breach incident at LifeLabs Inc. has been made public after an Ontario court dismissed the company’s appeal, which attempted to block the release by citing litigation and attorney client privilege. The joint investigative report with the privacy commissioners of British Columbia and Ontario found multiple data protection failures at LifeLabs.
SO WHAT?
Organisations should consider the implications for legal privilege before sharing information about investigations with third parties.
[Researcher: Milda Petraityte]
5. Operation Serengeti led to arrests of over 1,000 individuals involved in cyber crime
A joint operation known as Operation Serengeti, led by Interpol and Afripol, resulted in the arrest of 1,006 suspects across 19 African countries. The suspects are accused of participating in ransomware attacks, business email compromises, digital extortion, and online scams which have reportedly caused financial losses of approximately USD 193 million and impacted 35,000 victims worldwide.
SO WHAT?
Collaborative efforts and knowledge sharing between the public and private sectors are crucial for effectively combating criminal networks.
.[Researcher: Lena Krummeich]
6. Cyber attack severely disrupts hospitals in Wirral, UK
A cyber attack has crippled the NHS trust overseeing several local hospitals in Wirral, UK, rendering electronic systems inoperable. Consequently, the hospitals are now operating manually, have cancelled all appointments, and are only treating emergency cases.
So what?
Organisations should routinely test their continuity plans to build resilience in the face of unexpected disruption and system outages.
[Researcher: Aditya Ganjam Mahesh]