The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- MOVEit. Cl0p gives “hundreds” of victims 14 June deadline to negotiate after mass data theft.
- Dark clouds. Toyota Motor suffers a data breach due to cloud misconfigurations.
- Top secret! Government contractors Casepoint and Xplain investigate breaches.
- Return to sender. Hacktivist group claims ownership for Office 365 downtime.
- School's out for summer. Leytonstone School forced to close after cyber incident.
1. CL0P GIVES MOVEIT DATA THEFT VICTIMS 14 JUNE DEADLINE TO NEGOTIATE
The Russia-linked ransomware group Cl0p has taken responsibility for a major ongoing cyber attack that targeted the popular file sharing platform MOVEit. The group claims to have stolen data from “hundreds” of companies, including British Airways, BBC, and Boots. Victims are being given until 14 June to begin negotiations.
SO WHAT? If you are concerned about your organisation’s exposure to the MOVEit zero-day vulnerability, implement the following remediation measures and contact S-RM.
|
2. CLOUD MISCONFIGURATION LEADS TO TOYOTA DATA BREACH
Toyota Motor, the Japanese car manufacturer, has reported that the data of 260,000 customers from Asia and Oceania has been exposed due to misconfiguration of the cloud environment. The breach consisted of sensitive data such as names, addresses, and vehicle registration numbers, alongside in-vehicle device IDs.
SO WHAT? Organisations should ensure that appropriate and comprehensive change and configuration management procedures, that include defined roles and responsibilities, are in place.
|
3. GOVERNMENT CONTRACTORS CASEPOINT AND XPLAIN HIT BY CYBER ATTACKS
- ALPHV/BlackCat ransomware group claims to have stolen 2TB of sensitive data from Casepoint, a US-based legal discovery tech firm whose clients include the US Department of Defense and Securities and Exchange Commission. The stolen data allegedly includes internal documents, legal records, and login credentials.
- Separately, Swiss IT company Xplain has suffered a ransomware attack, impacting law enforcement, the Swiss army, and the Federal Office of Police.
SO WHAT? Organisations handling sensitive data should conduct regular security assessments, including penetration testing, to identify vulnerabilities and proactively mitigate threats.
|
4. HACKTIVIST GROUP CLAIMS RESPONSIBILITY FOR RECENT OFFICE 365 OUTAGE
“Hacktivist” group Anonymous Sudan has claimed responsibility for a service outage this week which disrupted Microsoft Office 365, including inbound and outbound emails on Outlook. The Russia-linked group claims to have launched a DDoS attack on the organisation in retaliation for US government interference in Sudanese political affairs.
SO WHAT? Russian state-linked threat actors have repeatedly threatened to target large Western organisations. Being proactive about threat intelligence will help to inform your cyber security approach to protect your business.
|
5. LEYTONSTONE SCHOOL REMAINS CLOSED AFTER CYBER INCIDENT
A school based in Leytonstone, London, has remained closed since last week’s half term holiday, after experiencing a critical incident that resulted in unauthorised access to the school's network. The school was legally unable to reopen due to staff vetting checks becoming inaccessible.
SO WHAT? Disruption to data availability following a cyber attack can have unforeseen operational consequences. Ensure you have redundancy measures in place for key resources as part of a business continuity plan.
|