Cyber Security News Roundup – 11th April 2023

It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Western Digital hit by network security breach - critical services disrupted 3/4

Western Digital, a California based computer drive maker and data services provider, has announced that their network has been breached by unauthorised third party access on the 26^th of March. The company has initiated incident response, noting that the threat actor was able to gain access to some of the company’s data, as well as causing disruption to Western Digital’s My Cloud services with the status page displaying multiple outages and preventing users from accessing the service. (The Hacker News)

New Rorschach ransomware is the fastest encryptor seen so far 4/4

Malware researchers have discovered a new ransomware strain, named Rorschach, following a cyber attack on a US company. Containing “technically unique features” the encryption speed makes Rorschach the fastest current ransomware threat, taking 4.5 minutes to encrypt a data set of 220,000 files. This is considerably faster than LockBit 3.0, which was previously considered the fastest acting ransomware strain, taking 7 minutes to encrypt the same data set. Analysts discovered that the malware leveraged a weakness in the US based company’s threat detection and incident response tool to deploy, before erasing four event logs to wipe any trace on the infected network. The group behind Rorschach currently remains anonymous, with no branding on the malware, however researchers are warning that this “raises the bar for ransom attacks” (Bleeping Computer)

Money Message ransomware gang claims MSI breach, demands $4 million 6/4

The newly discovered Money Message ransomware operation claims to have stolen source code from Taiwanese computer parts manufacturer MSI. MSI has been listed on the criminal gang’s extortion website with screenshots of what is claimed to be 1.5Tb of databases and files containing source code, private keys and BIOS firmware, alongside threats to leak this data if ransom demands of $4,000,000 are not met. MSI has since confirmed these claims, revealing that whilst there was no significant impact to operations and finances, some of its information service systems had been affected by a cyber attack and that the relevant authorities had been notified. The company did not state whether or not the affected systems had been encrypted, and whether or not any business or customer data had been exfiltrated. (Bleeping Computer)

UK Criminal Records Office Crippled by "Cyber Incident" - Infosecurity Magazine 6/4

The UK Criminal Records Office (ACRO) has confirmed that it has been dealing with a “cyber incident” over the last two months, that has created significant backlogs for visa applications and possibly exposed customer information. This data could be highly sensitive, including identification information and criminal conviction history. The confirmation follows months of delay, including blaming a technical issue on the 9^th of February and “essential website maintenance” on the 21^st of March for its website outage, as well as heavy demand for causing police certificates to take longer to process. The ACRO has released a statement that there is no conclusive evidence that any personal information has been affected, however the Global Security Advisor at ESET has warned that ransomware is the most likely cause of the incident with the primary goal of the threat actors being data theft. (Infosecurity Magazine)

KFC, Pizza Hut owner discloses data breach after ransomware attack 10/4

Yum! Brands, who own KFC, Pizza Hut, and Taco Bell have begun sending data breach notification letters to an undisclosed number of individuals whose personal information has been exposed following a ransonware attack on the 13^th of January. Originally the organisation had stated that despite a cyber incident no customer information had been exfiltrated. Yum! Brands has now discovered that stolen personal information includes names, driving licence numbers, and other identification card numbers. The company experienced disruption and was forced to shut down 300 of their restaurants in the UK following the attack due to the impact on their IT systems, and is incurring ongoing costs related to remediating and recovering from the attack. Yum! Brands is yet to disclose the number of employees who have had their information stolen by threat actors. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!