Hello and welcome to our weekly cybersecurity news wrap up.
We begin with the big story of the week, Twitter's former CSO filing a whistleblower testimony against his former employer. Peiter Zatko claims that Twitter misled users and U.S. federal regulators about glaring weaknesses in its ability to protect personal data. Zatko also claims that Twitter underestimated the number of automated bots on its platform - - billionaire Elon Musk's argument for withdrawing from his bid for the company. A statement to Agence France-Presse on Tuesday from a Twitter spokesperson said, "What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context," adding, "Security and privacy have long been company-wide priorities at Twitter and will continue to be."
Widely used password manager LastPass just announced a security incident involving an unauthorized party gaining access to its internal network. Fortunately users' master passwords were not compromised However, LastPass has made it clear that, due to its 'zero knowledge' architecture, master passwords are never stored. However, the attackers did take portions of source code and some proprietary technical details. The attackers gained access through a compromised developer account.
Hackers continue to focus their efforts on some of the most important institutions - hospitals and critical infrastructure. In France, the Center Hospitalier Sud Francilien (CHSF) was hit by a ransomware attack on Sunday. The attack on the 1,000-bed hospital forced the medical center to refer patients to other hospitals. Surgeries also had to be postponed. The attackers are reportedly demanding a $10 million ransom. According to Safety Detectives, security experts believe it is likely CHSF was hit by a strain of the Ragnar Locker ransomware, the same ransomware strain that targeted DESFA, one of Greece’s major natural gas operators. That attack also occurred last weekend. Following the incident, DESFA deactivated most of its IT services and then slowly brought services back online. As of several days ago, the company was refusing to negotiate with the cybercriminals responsible for the attack.
Major airline technology provider Accelya confirmed on Tuesday it is a victim of a ransomware attack. Data from the company, which provides services to some of the world's top airlines, has been posted on a ransomware leak site. The perpetrator is the AlphV/Black Cat ransomware group, which claims it has stolen emails, employee contracts and more. The hacking group is allegedly connected with recent incidents at a major energy supplier in Luxembourg and German fuel company OilTanking GmbH. According to Security Affairs, Blackcat ransomware is one of the fastest fastest-growing Ransomware-as-a-Service (RaaS) underground groups practicing so called “quadruple extortion” by pressing victims to pay – leveraging encryption, data theft, denial of service (DoS) and harassment.
Also this week, one of the UK's largest car dealerships was hit by what has been described as a major ransomware attack. It resulted in data theft and the damage “beyond repair” of some core systems. Stoke-on-Trent-based Holdcroft Motor Group was hit with a ransom demand after hackers stole two years’ worth of data including staff information. The attack occurred on July 28th. While most systems are now back up and running, some of the company's core systems have been permanently deleted.
That's a wrap. Have a great weekend!
Top Global Security News
Portswigger (August 26, 2022) LastPass flags security incident after attackers stole source code, technical information
LastPass has alerted users to a security incident after an unauthorized party gained access to the company’s internal network.
In a statement issued yesterday (August 25), LastPass CEO Karim Toubba said “unusual activity” was detected within portions of the software firm’s production environment. A subsequent investigation revealed that attackers had gained access through a compromised developer account and “took portions of source code and some proprietary LastPass technical information”.
LastPass was quick to note that users’ master passwords were not compromised as part of this attack, due to the company’s ‘zero knowledge’ architecture.
ZDNet (August 24, 2022) Peiter 'Mudge' Zatko: CSO-turned-whistleblower says Twitter security was in a shambles
The former chief of security at Twitter has filed a whistleblower testimony that its physical and digital security systems for protecting user privacy and moderating content suffered extreme deficiencies.
Peiter 'Mudge' Zatko was hired as Twitter's chief security officer by company co-founder Jack Dorsey in November 2020, but was terminated in January 2022 by current CEO Parag Agrawal, who assumed that role after Dorsey stepped down in November 2021.
Zatko filed his 86-page redacted report to the Securities and Exchange Commission in July. The report suggests Twitter security was in a shambolic state in 2021, some 10 years after the Federal Trade Commission settled with Twitter over security deficiencies.
Bleeping Computer (August 23, 2022) French hospital hit by $10M ransomware attack, sends patients elsewhere
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
CHSF serves an area of 600,000 inhabitants, so any disruption in its operations can endanger the health, and even lives, of people in a medical emergency.
"This attack on the computer network makes the hospital's business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement (translated).
Security Week (August 23, 2022) Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier
The cybergang behind the Ragnar Locker ransomware has published more than 360 gigabytes of data allegedly stolen from Greece’s largest natural gas supplier Desfa.
On Saturday, the company announced that it fell victim to a cyberattack that impacted the availability of some systems, and which also resulted in the leakage of data.
Desfa says it has proactively deactivated IT services to contain the incident, but that it is gradually restoring them to normal operations.
The Record (August 23, 2022) Major airline technology provider Accelya attacked by ransomware group
A technology provider for many of the world’s largest airlines said it recently dealt with a ransomware attack impacting some of its systems.
Accelya – a technology firm providing services to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and many more – confirmed Tuesday that two of the security firms it hired to address the incident discovered that company data was posted on a ransomware leak site.
The AlphV/Black Cat ransomware group published data it allegedly stole from Accelya last Thursday. The group claimed to have stolen emails, worker contracts and more.
Infosecurity (August 22, 2022) Car Dealership Hit by Major Ransomware Attack
One of the UK’s largest family-run car dealerships has admitted suffering a serious ransomware attack last month, which resulted in data theft and the damage “beyond repair” of some core systems.
Stoke-on-Trent-based Holdcroft Motor Group was hit with a ransom demand after hackers stole two years’ worth of data including staff information.
“On Thursday July 28 2022 the company was the victim of a serious cyber-attack which has caused significant damage to the company's IT infrastructure and has also resulted in the loss of data from our internal storage areas,” read an internal email seen by StokeonTrentLive.
Other Thought Provoking Stories
Scammers Create 'AI Hologram' of C-Suite Crypto Exec - InfoSecurity
RansomEXX claims ransomware attack on Sea-Doo, Ski-Doo maker - Bleeping Computer
Plex breach exposes usernames, emails, and encrypted passwords - The Verge
Quantum ransomware attack disrupts govt agency in Dominican Republic - Bleeping Computer
New Phishing Attacks Exploit AWS - SDX Central
IT leaders struggling to address identity sprawl - HelpNetSecurity
Hackers are using fake WordPress DDoS pages to launch malware - Digital Trends
DevSecOps Gains Traction — but Security Still Lags - Dark Reading
How 2023 cybersecurity budget allocations are shaping up - CSO
