Weekly Cyber News Roundup

January 29th to February 2nd 2024

Content 

01. News Bites
  • Financial information of 53 million UK citizens were exposed in data breaches in 2023 says new report
  • 23andMe customer data leaked for months in undetected cyberattack, leading to Class Action Lawsuits
  • Schneider electric hit by Cactus ransomware gang: confidential data stolen, services disrupted
  • Ukrainian POW Agency Website Restored After Suspected Russian DDoS Attack Amidst Intensified Cyber Warfare
  • Australia Imposes Sanctions on Russian Linked to Medibank Cyberattack in Historic Use of New Powers
02. Conclusion

Quick News Bites

Financial information of 53 million UK citizens were exposed in data breaches in 2023 says new report 

A new report from insurance group Chaucer shows that the UK experienced a 90% surge in cyber-attacks in 2023 that compromised the financial data of roughly 52.8 million individuals, a significant increase from the previous year's figure of 27.8 million. The escalation in cyber incidents also saw data breaches involving sensitive financial information rise to 1,536 cases. Despite advancements in cyber security defences, the persistent and evolving nature of cyber threats continues to challenge organisations. 

The Information Commissioner's Office (ICO) also observed a notable rise in attacks on financial services, with incidents nearly tripling. The need for robust security measures, such as Multi-Factor Authentication and regular cyber security drills, has never been more critical. The importance of data management and the need for organisations to understand the extent of their data holdings to minimise risks was also highlighted. Ongoing employee training is also vital to combat the complex and fast-evolving cyber threat landscape. 

23andMe customer data leaked for months in undetected cyberattack, leading to Class Action Lawsuits 

DNA testing company, 23andMe faced months of unnoticed cyberattacks, with hackers targeting customer accounts between April and September 2023, according to a notification to California's attorney general.  

The company's breach, affecting 14,000 users and leaking millions of people's genetic data on the dark web, was only discovered in October after the data appeared on online forums. The attackers exploited previously leaked email addresses and passwords to brute force their way into accounts. Despite the breach, 23andMe attributed the vulnerability to customers reusing outdated passwords from prior breaches.  

The exposed data, facilitated by the DNA Relatives feature, included names, birth years, locations, relationships, DNA sharing percentages, and ancestry reports. Following the breach, victims have initiated class action lawsuits against 23andMe, challenging the company's attempt to amend its terms of service to avoid legal repercussions. 

Schneider electric hit by Cactus ransomware gang: confidential data stolen, services disrupted 

French energy company, Schneider Electric disclosed a significant ransomware attack on its Sustainability Business division that disrupted services and leading to the theft of confidential data on January 17th 

The Cactus ransomware variant, known for its evasion techniques and multiple encryption modes, targeted the company, affecting its Resource Advisor cloud platform, which remains non-operational. The attackers have threatened to release "terabytes of corporate data" unless a ransom is paid. The extent of the ransom demand and the specific nature of the stolen data remain undisclosed, but the division is known to serve major corporations like DHL, Hilton, PepsiCo, and Walmart, providing consultancy on renewable energy and sustainability regulations.  

Schneider Electric is currently undertaking remediation steps to secure and restore affected business platforms, with expectations to regain operational capabilities shortly. The Sustainability Business operates on an isolated network, preventing the spread of the breach to other Schneider Electric entities. 

Ukrainian POW Agency Website Restored After Suspected Russian DDoS Attack Amidst Intensified Cyber Warfare 

The Ukrainian agency responsible for prisoner of war (POW) treatment regained access to its website after a distributed denial-of-service (DDoS) attack.  

Suspecting Moscow's involvement, the attack coincided with a Russian plane crash that Ukraine is accused of causing, which reportedly killed 65 Ukrainian POWs and nine Russians. The Coordination Headquarters for the Treatment of Prisoners of War, vital for negotiating POW exchanges and handling information on missing or captured military personnel, suggested the attack aimed to disrupt communications about POW exchanges and the plane incident.  

Amidst escalating cyber warfare, Ukraine faces intensified cyber-espionage from Russia, with recent phishing attacks targeting Ukrainian military personnel traced back to the Russian hacker group Fancy Bear (APT28).  

Additionally, Russian cyber efforts have targeted Ukrainian law enforcement and military agencies, seeking information on alleged war crimes and undermining military operations, demonstrating a coordinated effort to bolster battlefield strategies through cyberattacks. 

Australia Imposes Sanctions on Russian Linked to Medibank Cyberattack in Historic Use of New Powers 

Australia has sanctioned Russian Aleksandr Ermakov over his alleged involvement in the 2022 Medibank cyberattack, marking the first use of the nation's new international powers.  

The Australian Signals Directorate and the Australian Federal Police linked Ermakov to the breach, which exposed the health details of 9.7 million Australians online. Foreign Affairs Minister Penny Wong announced travel and financial sanctions against Ermakov, including a ban on asset transactions and dealing, under threat of heavy penalties. This action underscores Australia's commitment to combatting cybercrime, with Defence Minister Richard Marles highlighting the collaborative effort with Five Eyes allies in identifying Ermakov.  

The government's decisive measures aim to deter cybercriminals globally and protect Australians from future attacks. This stance reflects a broader strategy to hold cybercriminals accountable, enhancing national cybersecurity and reinforcing international collaborations in cyber defence. 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.