Here’s your Cyber Security Incidents Update for wk24 2024
(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)
-Organisation
⦿ Tile, a Bluetooth location-tracking device vendor (now owned by Life360, HQ'd in San Francisco, USA)
-Data compromised
⦿ Owners of Tile devices may have had their personal information exposed following a recent data breach, which has led to a ransom demand. (Be on the lookout for phishing attempts, as email addresses were exposed, especially any emails asking for personal information or login credentials)
-Initial access
⦿ A Bad Actor used stolen credentials of a former employee to gain access to internal company tools and steal sensitive data
-Organisation
⦿ Ascension, one of the largest healthcare systems in the US (healthcare, again..)
-Data compromised
⦿ Personally identifiable information (PII) and protected health information (PHI) of an unknown number of patients
-Initial access
⦿ "an individual at one of its facilities downloading a file they did not know was malicious"
-Possible Prevention
⦿ Security Awareness Training
-Organisation
⦿ Toronto District School Board (TDSB), Canada, suffered a ransomware attack on its software testing environment. TDSB is the largest school board in Canada and the 4th largest in North America
-Data compromised
⦿ TDSB is now investigating whether any personal information was exposed
One piece of good news 👍:
Ukrainian cyber police have arrested a Russian national for his role with the Conti (this is the gang that attacked the HSE in Ireland) and LockBit ransomware gangs. The individual was responsible for encrypting ransomware payloads to make appear as harmless files in order to evade EDR solutions
and, hot off the press:
a 22-year old UK national was arrested in Spain this last weekend. The individual is believed to be one of the key members of the Scattered Spider cybercrime group which socially engineered their way into over 100 organisations including LastPass, Twilio, Mailchimp and the MGM Casino in Las Vegas. The individual is wanted by the FBI (your flight will be boarding soon 🤣)
One final note:
Mandiant, a cyber-security company now owned by Google, has disclosed that as many as 165 customers of Snowflake have been compromised with stolen credentials. Snowflake, another of whose customers was Ticketmaster, is a cloud data platform. While there is no evidence to point to any breach on their part it's interesting to note that they are assisting their customers to harden their security measures including the use of multi-factor authentication (NOW you recommend/enforce MFA? 🤦♂️)