Hello and welcome back to GlobalSign's weekly cybersecurity news wrap up. This week we're focusing a bit more on Asia-Pac than usual, as the region has been experiencing an uptick in activity.
We begin in India, where budget-conscious airline SpiceJet has experienced a cyber attack. Nothing truly nefarious appears to have taken place, and the company stated late Tuesday via Twitter it had returned to normal operational status. However, multiple customer messages on Twitter reflected ongoing problems such as stranded passengers and the inability to download boarding passes.
Then over to Malaysia, where a massive data breach took place earlier this month. There is a discrepancy as to the source of the data leak that has impacted nearly 23 million citizens. Malaysia's Ministry of Home Affairs (KDN) had denied at one point that the breach emanated from its national registration department (JPN). Wherever the breach stems from, the hackers who implemented the attack were able to grab the personal data of Malaysians born from 1940 to 2004, and placed it up for sale on a well-known database marketplace forum.
And although it took place last week, it's worth mentioning that Japanese media giant Nikkei disclosed a ransomware attack that might have impacted customer data. Based in Tokyo, Nikkei, Inc. is a media company specialized in business, financial, and industry news. It is also runs the world's largest financial newspaper. Last week Nikkei announced that a server at its headquarters in Singapore had been infected with ransomware on May 13th. Upon discovering unauthorized access to the server an internal probe was launched. Nikkei Group Asia immediately shut down the affected server and took other measures to minimize the impact.
In Europe, the Port of London's website has been hit with a DDoS attack, knocking the site offline. Iranian group Altahrea Team claimed responsibility on Telegram. The Port of London Authority is a public trust responsible for maintaining and supervising navigation up and down the Thames River. In response to the incident, Dr Kemedi Moara-Nkwe, Research Fellow, Maritime Cyber Threats Research Group, University of Plymouth told All About Shipping UK “The attack on the Port of Tilbury Authority serves to provide yet more evidence that organised attackers who wish to cause maximal disruption are increasingly looking at maritime ports and vessels as primary targets for their attacks."
At the annual World Economic Forum (WEF) in Davos, Switzerland, a group of 18 organizations connected to the oil and gas industry agreed to take collective action on cyber resilience. The organizations include some of the world’s largest energy providers and industrial cybersecurity firms, including Aker BP, Aramco, Dragos, Occidental Petroleum and Suncor, among others. The group plans to collaborate to boost cyber resilience.
Here in the U.S., the Chicago Public Schools announced a massive data breach that exposed the data of almost 500,000 students and 60,000 employees. The attack is related to a December ransomware attack on a vendor, Battelle for Kids. The Ohio-based not-for-profit educational organization analyzes student data shared by public school systems to design instructional models and evaluate teacher performance. Battelle for Kid works with 267 school systems, and its programs have reached over 2.8 million students.
Automaker General Motors (GM) confirmed it recently fell victim to a credential stuffing attack. The incident occurred last month, exposing customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts. According to a May 16th letter to customers, GM detected suspicious logins between April 11 and April 29. It found that threat actors had redeemed customer reward points for gift cards. Once GM discovered the attack it suspended the reward feature on its account website and notified customers affected by the incident.
Finally, Verizon's annual Data Breach Investigations Report is out. The report, which analyzed 23,896 security incidents, says in the past year 25% of all breaches contained a ransomware component. The 2022 report also found that ransomware events in conjunction with breaches increased 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.
That's a wrap for this week. Thanks again for stopping by our blog. Have a great weekend.
Top Global Security News
Cybersecurity Dive (May 26, 2022) Oil and gas industry pledges cyber cooperation at World Economic Forum
A group of 18 organizations connected to the oil and gas industry agreed to take collective action on cyber resilience in an effort announced during the World Economic Forum (WEF) in Davos, Switzerland Wednesday.
The organizations include some of the world’s largest energy providers and industrial cybersecurity firms, including Aker BP, Aramco, Dragos, Occidental Petroleum and Suncor, among others.
The organizations plan to work together on global approaches to boosting cyber resilience, adopting six, consensus-based principles and sharing lessons learned, according to Alexander Klimburg, head of the Center for Cybersecurity, WEF.
Bleeping Computer (May 25, 2022) Indian airline SpiceJet's flights impacted by ransomware attack
Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures.
According to the announcement published on the airline's social media channels, its IT team managed to thwart the attack, so everything is back to normal operational status.
However, multiple customer reports on Twitter and Facebook still reflect ongoing problems, highlighting flight delays, saying that customer service via phone is unreachable, and the bookings system remains unavailable.
Computing (May 24, 2022) Cyberattack affects Port of London website
A suspected Iranian group has launched a DDoS attack against the Port of London's website, which is still down at the time of writing.
The group, known as ALtahrea, launched the attack - spotted by Check Point Research - last night and claimed responsibility on Telegram.
The Port of London Authority is a public trust responsible for maintaining and supervising navigation up and down the Thames Tideway, from Teddington Lock to the Kent/Essex Strait where the river reaches the North Sea. It is also in charge of protecting the river's environment.
Dark Reading (May 24, 2022) 'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.
That's the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.
The 15th annual DBIR analyzed 23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cybercriminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.
The Register (May 25, 2022) Vehicle owner data exposed in GM credential-stuffing attack
Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts.
Other more personal information, including social security and credit card and bank account numbers, as well as drivers license data are not stored in customers' GM accounts and were not laid bare, GM officials said in a letter [PDF] sent to customers this month.
According to the letter, in the 18 days between April 11 and April 29, the company detected suspicious logins to some GM online customer accounts, finding that threat actors had redeemed customer reward points for gift cards. Through a GM online platform, owners of cars brands including Chevrolet and Buick can manage their payments and services while building up and redeeming reward points.
After discovering the attack, GM suspended the reward feature on the account website and notified customers affected by the issue, telling them they would need to reset their passwords to get back into their online customer accounts. The company reported the breach to law enforcement agencies.
TechWire Asia (May 23, 2022) Relax…it’s only data of 22.5 million Malaysians leak online
For most companies, any data breach or data leak could end up with the organization facing huge financial losses and even having its reputation tarnished. And in some cases, the data recovered back could have already been tampered, causing more concerns for those affected.
As millions of Malaysians are worried that their personal data could go into the wrong hands following an alleged data leak at the National Registration Department (NRD), the government has assured the public that the situation may not be as serious as it seems.
In fact, the Home Minister of Malaysia stated that the alleged data leak containing information of 22.5 million Malaysians is not from the NRD as there was a mechanism in place which could prove that the leaked information did not come from the department.
Bleeping Computer (May 21, 2022) Ransomware attack exposes data of 500,000 Chicago students
The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December.
Ohio-based Battelle for Kids is a not-for-profit educational organization that analyzes student data shared by public school systems to design instructional models and evaluate teacher performance.
Battelle for Kid says they work with 267 school systems, and its programs have reached over 2.8 million students.
Security Week (May 20, 2022) Nikkei Says Customer Data Likely Impacted in Ransomware Attack
Asian media giant Nikkei has disclosed a ransomware attack that might have impacted customer data.
Based in Tokyo, Nikkei, Inc. is a media company specialized in business, financial, and industry news, and which owns Financial Times and The Nikkei. With a daily circulation of over 3 million, The Nikkei is the world's largest financial newspaper.
On Thursday, Nikkei announced that a server at its headquarters in Singapore was infected with ransomware last week.
“Unauthorized access to the server was first detected on May 13, prompting an internal probe. Nikkei Group Asia immediately shut down the affected server and took other measures to minimize the impact,” the media giant said.
Other Thought Provoking Articles
Twitter Fined $150 Million for Misuse of 2FA User Data - Secure World News
GoodWill Ransomware Demands People Help the Most Vulnerable - InfoSecurity
Employees cause more cyber breaches in healthcare than other industries, report finds - Healthcare Dive
SolarWinds ready to move past breach and help customers manage theirs - ZDNet
Data Breach on DEA Law Enforcement System Grants Cyber Criminals Access to 16 Databases - CPO Magazine
Hackers Can 'Pre-Hijack' Online Accounts Before They Are Created by Users - SecurityWeek
It's 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017 - The Register
Interview: Mitigating Cyber-Threats in the Maritime Industry - InfoSecurity
Securing Your Merger: Managing Cyber Deal Risk - Middle Market Growth