Top news stories this week
- Sticky situation. Krispy Kreme donuts cyber attack causes operational disruption.
- Fraudbnb. Europol takes action on cyber criminals using Airbnbs as base of operations.
- Heart attack. Heart surgery device maker Artivion suffers a data breach.
- Cyber shock. Energy company Electrica Group attacked by Lynx.
- Sold. Criminals exploit cloud misconfiguration to steal sensitive AWS data.
- Sarcoma scam warning. Ransomware group Sarcoma warning over third party decryption.
- Time to patch. Microsoft and Ivanti release new fixes, while Cleo is still working on theirs.
1. Cyber attack on Krispy Kreme disrupts online orders in the US
US headquartered donut chain Krispy Kreme Inc has confirmed that it suffered a cyber attack on November 29 after detecting unauthorized activity on its network. The company stated that the attack has led to operational disruption to online orders in the US and is likely to have a material impact on operations and finances.
So What?
A well-tested business continuity plan is crucial in minimizing operational downtime and disruption when responding to a cyber incident.
[Researcher: David Broome]
2. Cyber criminals arrested after using Airbnbs as cyber fraud centers
Authorities in Belgium and the Netherlands have arrested eight members of an international cyber crime network responsible for stealing millions of Euros and operating luxury Airbnb-based fraud centers. The suspects, who reportedly spent their gains on extravagant lifestyles, are accused of phishing, bank fraud, and money laundering.
So what?
Cyber criminals frequently change their base of operations to obscure their activities.
[Researcher: Lawrence Copson]
3. US heart surgery device maker Artivion discloses ransomware attack
Artivion, a leading US manufacturer of heart surgery medical devices, has revealed it was the victim of a ransomware attack in November that forced the company to take some of its systems offline. The company said it was still working securely to restore its network.
So what?
Organizations should have effective business continuity, crisis management, and incident response plans in place to minimize disruption.
[Researcher: Milda Petraityte]
4. Energy company Electrica hit by cyber attack
Electrica Group, one of the largest electricity suppliers in Romania, reported an ongoing cyber attack by the threat actor group Lynx. Despite this, the company claimed its critical power supply systems remain operational, and that it continues to provide energy to its 3.8 million customers.
So what?
Network segmentation aids in confining incidents to limited parts of the network. This enables organizations to isolate the compromised segment while allowing the remainder of the network to continue functioning as usual.
[Researcher: Aditya Ganjam Mahesh]
5. Criminals exploit cloud misconfiguration to steal AWS keys
According to researchers, criminals, including from ShinyHunters and Nemesis, are actively exploiting misconfigured cloud instances to steal sensitive data, including AWS customer keys and secrets. The researchers reported that the stolen data, sold on Telegram, was also stored by the criminals in an S3 bucket that was left exposed due to a misconfiguration.
SO WHAT?
It is crucial to adequately secure cloud instances to prevent data loss and potential attacks.
[Researcher: Lena Krummeich]
6. Sarcoma ransomware group issues warning about potential decryptor scam
The Sarcoma ransomware group has put out a warning on their leak site about the website lockbitdecryptor[.]com which claims to have a decryption tool for their ransomware. Sarcoma said the website’s developers should reach out to them if they wanted to collaborate instead of engaging in alleged fraud.
SO WHAT?
Victim organizations should exercise extreme caution with third parties that offer decryptors, as there is a high risk of further financial loss due to fraudulent claims.
[Researcher: Lawrence Copson]
7. It’s time to patch
Microsoft has released fixes for 72 security flaws. This includes an actively exploited privilege escalation bug in the Windows Common Log File System Driver (CVE-2024-49138), which enables threat actors to obtain system privileges and move laterally through a network.
Ivanti also advised customers to upgrade their Cloud Services Appliances to version 5.0.3 due to a critical authentication bypass vulnerability (CVE-2024-11639) affecting older versions.
Separately, a zero-day flaw in Cleo file-transfer software is still being exploited in the wild due to inadequate protection provided by a previously released patch. A new fix is currently under development.
So what?
Organizations should review whether any affected software is employed in their estate, and if so, implement available patches as soon as possible.
[Researcher: Anna Tankovics]