Weekly Cyber News Roundup

The Integrity 360 IR team has observed an increase in incidents where clients report their mouse moving and clicking on its own. These incidents vary in terms of whether they are actual compromises cases or false positives.  

For example, in one instance, the event occurred at 2am following a Christmas party and a few drinks, indicating it was a false positive. However, real instances of compromise have also been reported. One instance involved an employee falling for a spoofed email from the company's service desk, downloading LogMeIn, and giving attackers access. The attackers then escalated privileges and deployed Ransomware. Despite many instances turning out to be false positives, it's important to take them seriously due to the effectiveness of social engineering tactics.  

Ransomware attack against the maritime software supplier DNV impacted 1,000 vessels 

DNV, a Norwegian shipping classification society, announced that its systems were affected by a ransomware attack on January 7, impacting approximately 1,000 ships that use its technology. Its ShipManager software, a fleet management tool used by more than 7,000 vessels owned by 300 customers, was targeted by file-encrypting malware, resulting in the organisation shutting down its servers. DNV stated that 70 customers, operating nearly 15% of its total fleet, were affected by the attack. 

The attack highlights the increasing vulnerability of shipping companies to cyber-attacks and the importance of implementing robust security measures to protect against such incidents. 

Royal Mail tells customers not to send overseas packages as it struggles with ransomware fallout 

Royal Mail CEO Simon Thompson confirmed that a cyber-attack is responsible for the ongoing disruption at the company. He revealed this during a U.K. parliamentary committee session on Tuesday, almost a week after the company first announced that it had been hit by an "unspecified cyber incident" that caused the British mail service to be unable to dispatch items to overseas destinations.  

Thompson stated that while the company believes that no customer data was compromised in the attack, they are prepared for that situation to change and have already notified the U.K. data protection regulator, the Information Commissioner's Office, as a precaution. He declined to provide further details of the attack, citing it would be detrimental to the ongoing investigation. 

Cyber incidents top concern for business says new Allianz report 

According to a new report by Allianz, cyber incidents and business interruption risk remained the top concerns for companies for the second consecutive year. The Allianz survey found that 34% of respondents rated both cyber incidents and business interruption as their top concern. 

IT outages, ransomware attacks and data breaches, were ranked as the most significant risk worldwide for the second year in a row. It also was the top concern in 19 different countries including Canada, the UK, France, Japan and India. Additionally, it is the risk that small companies (with less than $250 million in annual revenue) are most concerned about. 

Hackers steal $415 million from collapsed cryptocurrency broker FTX 

FTX announced that it has recovered more than $5 billion in crypto, cash, and liquid securities, however, significant shortfalls still exist at both its international and U.S. crypto exchanges. The company attributed some of the shortfall to hacks, stating that $323 million worth of crypto was stolen from its international exchange, and $90 million was stolen from its U.S. exchange since it filed for bankruptcy on November 11.