Mother of All Breaches' exposes 26 billion records in colossal 12 terabyte data leak
A massive data leak, dubbed the Mother of all Breaches (MOAB), was discovered this week, aggregating an unprecedented 12 terabytes of data and 26 billion records. The leak amalgamates numerous past breaches, including user data from platforms like LinkedIn, Twitter, Weibo, and Tencent.
Discovered by cyber security researchers, this leak is unique for its volume and potentially fresh data. This vast dataset, likely the largest of its kind yet discovered, poses significant risks. Researchers speculate the MOAB's owner could be a data broker or malicious actor, given their interest in hoarding such massive data volumes. The data, rich in sensitive personal information, is ripe for exploitation in identity theft, phishing, and targeted cyberattacks.
Integrity360’s Director of Product Management Brian Martin said; “It appears to be a breach of a meticulous compilation of many other breaches rather than a unique one in its own right. It's well-known that threat actors compile private copies of previous breaches to support their malicious activities. Organisations and invididuals who want to protect themselves from the risks associated with this mega breach should follow good cyber-security hygiene, such as:
- Never using the same password on multiple sites or applications
- Ensuring use of multi-factor authentication (MFA)
- Enforce use of strong passwords or move towards stronger forms of passwordless authentication
- Immediate forced password resets for any known breached credentials
- Implement strong Identity detection and response measures that can detect anomolous account behaviours
- Security awareness and training and security culture development programmes to shore up the huma element of cyber security from phishing and social engineering attacks
- Digital Risk/Dark Web monitoring to pick up quickly on leaked credentials and threat actor mentions
Apple rolls out security patches for products to combat actively exploited Zero-Day flaw
Apple has rolled out a series of security updates across its product range, including iOS, iPadOS, macOS, tvOS, and the Safari browser, to mitigate a zero-day vulnerability that's been exploited in real-world attacks. This flaw, identified as CVE-2024-23222, is a type confusion issue within the WebKit browser engine. It allows attackers to execute arbitrary code through malicious web content, thanks to inadequate checks previously in place.
While Apple provided limited details in their advisory, they confirmed awareness of active exploitation of this vulnerability. The updates, crucial for safeguarding devices against potential memory access breaches or system crashes, cover a wide range of Apple products.
The fix marks Apple's first response in 2024 to a zero-day attack, following last year’s record of patching 20 such vulnerabilities.
NCSC warns of escalating Ransomware threats due to increasing use of AI in cyber attacks
The UK’s National Cyber Security Centre (NCSC) issued a warning of an imminent increase in global ransomware threats due to the rising use of Artificial Intelligence (AI). The report, published on Wednesday, anticipates that AI will significantly amplify cyberattacks in the next two years, especially for inexperienced cybercriminals. AI is expected to lower the barrier to entry, making cyber operations more accessible and effective.
Ransomware remains the principal cyber threat to UK businesses, with cybercriminals continually refining their tactics. To counter this, the UK Government has invested £2.6 billion in enhancing cyber resilience, with the NCSC leading initiatives to integrate AI in cyber security defences.
The report also highlights the development of criminal Generative AI (GenAI) services, which could bolster the capabilities of cybercriminals. The National Crime Agency (NCA) echoes these concerns, emphasising the necessity of staying vigilant against such evolving threats.
Swedish Government and Retail Services hit by Major Ransomware Attack Linked to Russian Hacker Group
A ransomware attack, likely orchestrated by the Russian-linked hacker group Akira, has severely disrupted online services of various Swedish government agencies and retailers. IT consultancy Tietoevry, a Swedish-Finnish firm specializing in online security, reported the attack on one of its data centres in Sweden. The incident, occurring last Friday to Saturday, impacted online transactions at Sweden's largest cinema chain and several department stores.
The attack also hindered the central human resources system of Sweden's Statens Servicecenter, affecting public sector employees' ability to report overtime, sick leave, and holiday requests. Tietoevry's statement late Monday indicated that restoring the numerous customer-specific systems could take days or even weeks. Over 120 government agencies and 60,000 employees have been impacted.
Tietoevry has filed a police complaint, though the full financial impact remains unclear. Ransomware attacks typically involve encrypting or stealing data for a ransom.
Swedish Civil Defense Minister Carl-Oskar Bohlin and the Swedish Civil Contingencies Agency (MSB) emphasized the urgent need for enhanced cyber security measures in both public and private sectors, viewing the attack as a critical wake-up call for Sweden's rapidly digitalised society.
