Dublin Airport Staff impacted by MoveIT hack
Hackers claiming to be Wagner affiliated take down Russian Satellite Operator
Major Apple Supplier hit by massive $70 million ransomware demand, Lockbit responsible
BlackCat claims cyber attack on Barts NHS Trust
An large number of FortiGate firewall devices, numbering in the hundreds of thousands, remain at risk due to a critical security flaw, dubbed CVE-2023-27997. The issue was brought to light last month when Fortinet issued a patch, yet many of these devices remain vulnerable.
This flaw originates from a heap-based buffer overflow anomaly in FortiOS, the operating system that unifies all Fortinet network components within the manufacturer's Security Fabric architecture. With a severity rating of 9.8 out of 10 CVE-2023-27997 is indeed exploitable, providing an open door for unauthenticated attackers to remotely execute code on vulnerable devices, specifically those with the SSL VPN interface visible on the web. Fortinet noted the potential of active exploitation of this flaw in their advisory published in mid-June.
Fortinet took proactive measures to mitigate this issue by unveiling FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. on June 11, ahead of its public disclosure.
This situation highlights the necessity for companies to apply patches as soon as they become available. Patching is vital as it not only fixes known vulnerabilities but also prevents potential damage. If left unchecked, these flaws can lead to cyberattacks, data breaches, or system crashes, each of which can result in significant financial and reputational damage. Maintaining up-to-date systems through regular patching is essential aspect of effective cyber security management. If you need assistance with patching and your overall cyber security get in touch with us regarding our Threat & Vulnerability Management service.
More victims of the MOVEit cyber attack have been revealed. This time the financial details of some staff at Dublin airport have been jeopardised due to the airport’s third party professional service supplier, Aon being caught up in the MOVEit attack. The company used the file transfer tool resulting in the details of nearly 2,000 Dublin airport staff being compromised. Other businesses utilising Aon’s services have also been impacted.
"The DAA is providing support, advice and assistance to those employees affected by this criminal cyber-assault," the Irish airport authority declared, without providing any further information.
Dublin airport now joins an ever growing list of MOVEit hack victims and we can expect to see many more being revealed over the coming weeks and months.
Hackers, purporting to be affiliated with the mercenary Wagner Group that recently launched an attempted coup against the Russian government, have claimed responsibility for a cyberattack on Russian satellite communications operator, Dozor-Teleport.
The disruption affected services essential for energy firms and defence and security services. The authenticity of the claimed connection with the Wagner Group is dubious, however, the impact of the attack is undeniable.
Damage to satellite terminals and compromised data led to the release of 700 files on a leak site and Telegram channel. Included were documents suggesting an agreement allowing Russian security services access to Amtel Svyaz subscriber data, but these are yet to be verified. Post-attack, while services have largely been restored, a full network repair and equipment replacement will take several weeks, according to Dozor-Teleport. Following a similar breach of Viasat, the incident raises concerns about the vulnerability of satellite communication systems and future cyber warfare risks.
Apple supplier and semiconductor manufacturer, Taiwan Semiconductor Manufacturing Company (TSMC), has been impacted by a third-party ransomware attack launched by Russian ransomware group, LockBit, on TSMC’s own supplier, Kinmax Technology.
LockBit confirmed the attack on its dark web site, threatening to release stolen data, and network entry and login details, unless a US$70 million ransom was paid. To date, no concrete proof of the claimed stolen data has yet been provided.
Cyber security researchers have noted this to be one of the largest ransom demands recorded.
TSMC confirmed the attack, stating that it was a "cyber security incident" at Kinmax that led to leaked server setup and configuration details, but assured it didn’t affect business operations or compromise any customer data. Kinmax admitted to a data leak, expressing apologies to its affected customers but without specifying the number of affected parties.
The Russian-speaking ransomware operation, ALPHV or BlackCat, has claimed a data breach involving Barts NHS Trust on its dark web leak site. The group alleges exfiltration of 7TB of data, which supposedly includes personal information of Trust employees and clinicians, financial reports, and insurance agreements. The operation threatened to make the data public if there was no contact from the Trust within three days.
Barts, a major NHS Trust operating five London hospitals and serving over 2.5 million people, has confirmed awareness of the claims and is urgently investigating. There's been no evidence to support the ransomware operation’s claims, nor visible disruption of Trust services, suggesting either non-deployment of ransomware or interruption of the attack.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.