GlobalSign Blog

The GlobalSign Cybersecurity News Round-Up: Week of May 11, 2020

The GlobalSign Cybersecurity News Round-Up: Week of May 11, 2020

Hello and welcome to the latest weekly cybersecurity wrap-up from GlobalSign!

As usual, hackers are up to old (and new) tricks, striking companies and organizations such as Magellan Health, Pitney Bowes and even an entertainment law firm that services top celebrities like Bruce Springsteen and Lady Gaga. No doubt The Boss is not amused. Not only that, Android dating site MobiFriends was breached, exposing 4 million of its users. 

Other stories that caught my eye this week: 

  • Data breaches can wipe about 7% off a company’s average price share
  • Why paying ransom to an attacker could cost you double the amount the attacker first demanded
  • Are you really sure you could never be a phishing victim?

Read on to catch up on all these stories and more. Have a great weekend. 

Top Global Cybersecurity News Stories

ThreatPost (May 13, 2020) Healthcare Giant Magellan Struck with Ransomware, Data Breach

Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. The company, which says it “empowers 1 in 10 Americans to lead healthier, more vibrant lives” according to its website, said the incident was discovered on April 11. It also said that it became apparent during a forensic investigation that the ransomware attack was the final stage in a longer campaign.

“The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” according to a letter sent to victims and filed with the State of California. “Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that prior to the launch of the ransomware, the unauthorized actor exfiltrated a subset of data from a single Magellan corporate server, which included some of your personal information.”

READ MORE (May 13, 2020) Pitney Bowes fends off cyber attack as supply chain becomes new target for criminals

Shipping technology company Pitney Bowes has announced it came under cyber attack recently, as criminals eye supply chain companies as a source of valuable data. 

The company said it was targeted through a ransomware attack on 4 May but had managed to detect the incident and prevent the attack from succeeding. 
Ransomware encrypts files on an organisation or individual’s database, meaning that they cannot be accessed by users without the encryption key. The attackers then demand a fee to decrypt the files. The Maze ransomware, which was used against Pitney Bowes, not only encrypts the files but also threatens to publish them.


Silicon Angle (May 12, 2020) Details of celebrities stolen in REvil ransomware attack on high-profile law firm

The REvil ransomware hacking group has targeted Grubman Shire Meiselas & Sacks, a high-profile entertainment law firm that represents celebrities such as Lady Gaga, Madonna, Elton John, Barbara Streisand, Bruce Springsteen, Mariah Carey and Mary J. Blige.

First uncovered by security researchers at Emisoft Ltd., the 756 gigabytes of data stolen from the law firm includes contracts, nondisclosure agreements, phone numbers, email addresses, music rights and personal correspondence.

The details of the hack are somewhat vague, though the law firm itself told Variety Monday that it had “been victimized by a cyberattack.” The REvil group is best known for its attack on foreign exchange provider Travelex in late December. In that case, Travelex was reported to have paid a $2.3 million ransom for a decryption key to restore its network. The same gang was also behind the ransomware attack on data center provider Cyrus One Inc.


The Load Star (May 12, 2020) Toll Group Resists Ransom Demands from Hackers After Cyber Attack 

Toll Group is having a tough year, and has confirmed that the “unusual activity” on its servers last week was a cyber attack, which has now led to ransom demands.
The threat – unrelated to the attack on Toll in January – involves ransomware called Nefilim.

The hackers accessed a corporate server containing information on Toll staff and some commercial agreements with enterprise customers, although Toll said the server was not “designed as a repository for customer operational data”.


InfoSecurity (May 11, 2020) Data Breach Exposes Four Million Dating App Users

Almost four million users of a popular Android dating app have had their personal and log-in data stolen by hackers, according to Risk Based Security. 
The security vendor said it found the data on a prominent hacking forum — now free for anyone to access, although it had been previously up for sale. 
It’s associated with nearly 3.7 million users of MobiFriends, a Barcelona-based dating app. The information was originally posted to the forum in January of this year by a threat actor named “DonJuji,” but is attributed to a breach in January 2019.


Other Industry News

Danger zone! Brit research supercomputer ARCHER's login nodes exploited in cyber-attack, admins reset passwords and SSH keys

Cyber attack disrupts virtual OCU graduation

Data likely stolen as Stadler Rail’s IT system hit by cyber-attack

Are you sure you would never fall for a phishing scam?

Data Breaches Wipe 7.2% Off Average Company Share Price

Coronavirus: Cyber-attacks hit hospital construction companies

IoT Security: Sen. Warner’s Letter to IoT Manufacturers

Sophos: Paying Ransom Can Double Attack Recovery Costs

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post

Related Blogs