Top news stories this week
- Mon serveur! French museum network, including Olympic venue, hit by ransomware.
- Caught red handed. Russian spies hacked UK Home Office following Microsoft breach.
- Legal wrangle. CrowdStrike and Microsoft push back on Delta Airlines’ legal threats.
- Clawback. USD 42.3 million recovered from one of the largest BEC scams in Singapore.
- Inaction fraud. Action Fraud service replacement delayed to 2025.
- Update pending. Nation-state actors exploit VPN and software updates to spread malware.
- Hijacked. Threat actors hijack more than 35,000 domains in ‘Sitting Ducks’ attacks.
1. French museum network, including Olympic venue, hit with ransomware attack
A network of around 40 French museums called the Réunion des Musées Nationaux was hit by a ransomware attack last weekend. Impacted sites include the Grand Palais, which is a major venue in the Paris 2024 Olympics. The attack has reportedly hit the centralised financial system of the museums but the operations of the group’s museums, which include the Palace of Versailles and the Louvre, have not been impacted.
So What?
French authorities have been on high alert for cyber attacks targeting the Olympics, and to date there has been no disruption due to malicious cyber activity.
[Researcher: Lawrence Copson]
2. Russian spies hacked UK Home Office following Microsoft breach
Russia’s foreign intelligence reportedly accessed and stole data from UK Home Office systems earlier this year, according to an official description of the breach obtained under a Freedom of Information Act request. The incident occurred after Microsoft, which supplies the UK Home Office’s corporate systems, disclosed it was hacked by a Russian threat group tracked as Midnight Blizzard in January 2024.
So what?
Organisations must conduct regular vendor assessments of third-party suppliers to identify risks and define remediation plans.
[Researcher: Waithera Junghae]
3. CrowdStrike and Microsoft push back on Delta Airlines’ legal threats
In the aftermath of the CrowdStrike outage on Windows devices at the end of July, Delta Airlines has filed a lawsuit against CrowdStrike and Microsoft to claw back the USD 500 million that the outage cost to its business. CrowdStrike has strongly rejected the allegations of liability and said that Delta Airlines refused free help that was offered. Microsoft has hit back claiming that the main reason for Delta's high recovery costs was its outdated tech.
So what?
Organisations contemplating litigation following cyber incidents or outages should carefully consider contractual agreements around liability.
[Researcher: Milda Petraityte]
4. Interpol enables recovery in Singapore business email compromise scam
Interpol's "global stop-payment mechanism" helped an unnamed Singaporean commodity firm recover the largest sum from a business email compromise scam in July 2024. The company transferred USD 42.3 million to a fake supplier. Authorities detected and froze USD 39 million, arrested seven individuals, and recovered an additional USD 2 million.
SO WHAT?
The case highlights a rare win in the fight against online fraud, demonstrating that swift intervention and early tracking can effectively lead to the recovery of funds.
[Researcher: Lena Krummeich]
5. UK Action Fraud service replacement delayed to 2025
The launch of the UK’s new cybercrime reporting service, initially scheduled for this year, has been postponed to spring 2025. Action Fraud has faced ongoing criticism for its inadequate response to the growing volume of fraud reports. The new service is aimed at addressing these shortcomings by enhancing police intelligence capabilities and improving communications with victims.
SO WHAT?
Creating a more effective reporting service is essential to combat the growing levels of cybercrime.
[Researcher: Anna Tankovics]
6. State-backed hackers exploit VPN and software updates to spread malware
A China-based state-sponsored hacker has compromised an internet service provider (ISP) to intercept automatic application updates and infect them with malware. Separately, a North-Korea-based threat actor has exploited a vulnerability in VPN software to push out fake software updates containing DoraRAT malware.
So what?
Whilst software updates are essential to securing systems, it is important to verify with the software vendor that these updates are legitimate.
[Researcher: David Broome]
7. Threat actors hijack more than 35,000 domains in ‘Sitting Ducks’ attacks
Researchers have discovered that since 2018, more than 35,000 legitimate domains have been hijacked by threat actors using an attack method called ‘Sitting Ducks’. This attack takes advantage of faulty Domain Name System (DNS) configurations at the DNS provider and insufficient ownership verification.
So what?
Organisations should proactively audit their domain management practices and DNS configurations to prevent such attacks on their domains.
[Researcher: Aditya Ganjam Mahesh]