Cyber Security News Roundup – 11th July 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Microsoft denies massive user data breach

4/7

Microsoft was forced to categorically deny a data breach last week, after criminals from Anonymous Sudan claimed to have successfully hacked the software giant and stolen a database containing more than 30 million Microsoft accounts, emails, and passwords. The supposed Microsoft database has now been listed for sale for $50,000, a figure which appears suspiciously low, and the threat actors have posted a data sample to prove authenticity – however this data could originate from a different breach, or come from a third-party rather than Microsoft itself. Anonymous Sudan has been targeting Microsoft for a while now, last month causing disruption to their OneDrive, Outlook, and Sharepoint Online services with DDoS attacks; Microsoft says that there is “no evidence that customer data has been accessed or compromised.” (TechRadar)

Japan’s largest port stops operations after ransomware attack

5/7

The port of Nagoya, Japan’s largest and busiest port, was affected by unidentified ransomware on the 4^th of July that caused severe disruption to the operation of container terminals. Handling over two million containers and 165 million tonnes of cargo every year, the port accounts for around 10% of Japan’s total trade volume; the cyber attack has caused massive financial losses and affected the circulation of goods to and from Japan, as all container loading and unloading operations at the terminals using trailers had to be cancelled. The Nagoya Port Authority has been targeted by cyber criminals in the past – the pro-Russian Killnet group launched a DDoS attack on the port’s website in 2022 – but none have resulted in as large an impact as last week’s. (Bleeping Computer)

Capita’s own pension scheme suffered data breach in March hack

6/7

Three months after Capita was first hacked in March, member’s of the company’s own pension fund are now being notified that their data was stolen in the attack. In total, the details of over half a million members of the UK’s private sector pension schemes may have been stolen – the list of private schemes that suffered possible data theft includes PwC, Pearson, Marks and Spencer, Diageo, Unilever, and BAE, and the offered monitoring service has been described as “insufficient”. Capita have stated that they have hired third-party consultants to monitor the dark web, and that so far there is no evidence of data being posted for sale; however, many pension scheme members are now considering legal action. After recent criticism for their handling of council data on unsecured Amazon data buckets, these pension fund breaches are the latest in the series of controversies surrounding Capita following the initial cyber-attack. (Financial Times)

Nickelodeon investigates possible data breach

7/7

Nickelodeon has revealed that it suffered a data breach earlier this year, after allegations on social media that 500Gb of documents and media files had been stolen from the children’s TV channel. The stolen data contains no sensitive, personally identifiable information; instead, the information contains “decades old” production resources and intellectual property and therefore has not posed a significant risk to Nickelodeon’s business. Appearing to have first occurred in January, Nickelodeon contained the data breach about two months later. There is no further information about who the threat actors were, how they gained access to Nickelodeon’s endpoints, or if any zero-day vulnerabilities or malware were used during the attack. (Tech Radar)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!