Cyber Security News Roundup – 15th May 2023
By Emily Davidson
15 May 2023It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.
Food distribution giant Sysco warns of data breach after cyberattack
9/5
Leading global food distribution company Sysco, who generated $68 billion in sales in 2022 and employ over 71,000 individuals, has confirmed that cyber-attackers stole sensitive information that includes business, employee, and customer data after suffering a network breach earlier this year. In an internal memo, Sysco state that they became aware of the cyber incident on the 5th of March, with the threat actors believed to have first compromised the company’s network on the 14th of January. After notifying law enforcement and hiring third party cybersecurity experts Sysco reported that there was no impact to their business operations, and has notified affected individuals that there is no ongoing threat and that additional safeguards have been implemented to prevent any future breaches. (Bleeping Computer)
Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt
10/5
Dragos, a US based industrial cybersecurity business, has disclosed a cyber event in which a known criminal organisation attempted to breach their defences and infiltrate their internal network in order to encrypt devices. While the threat actors were unable to breach either the network or cybersecurity platform, they did manage to gain access to Dragos’ SharePoint and contract management system by compromising a new sales employee’s personal email address, which they then used to complete the initial steps in new employee onboarding. Following the SharePoint breach the attackers downloaded “general use data” alongside 25 intel reports only available to customers, failing to access multiple Dragos systems in the 16 hours that they had access to the compromised account. One of the IPs listed in the indicators of compromise has been observed hosting SystemBC malware and Cobalt Strike, and has also been used in recent BlackBasta ransomware attacks. (Bleeping Computer)
Brightly says SchoolDude data breach spilled 3 million user accounts
11/5
Software provider Brightly has confirmed that threat actors have stolen close to 3 million user accounts after gaining access to the company’s SchoolDude online platform. US based Brightly Software is a subsidiary of German multinational giant Siemens, and their SchoolDude platform is a cloud-based work order management system used by school and university employees, students, and maintenance workers. At the time of their takeover in 2022, Brightly said that it had 12,000 enterprise customers across the UK, US, Canada and Australia. In the data breach notice, which was filed with the Maine attorney general’s office, Brightly state that they are notifying both past and present customers that personal information including names, email addresses, passwords and phone numbers has been stolen by cyber criminals. Brightly also declined to state how the breach occurred, who was responsible for overseeing cybersecurity at the time of the breach, and did not dispute that the stolen passwords were unencrypted. (TechCrunch)
More than 2 million Toyota users face risk of vehicle data leak in Japan
12/5
Due to human error, the vehicle data of over 2.15 million Toyota users in Japan has been publicly available for over a decade, representing almost all of the customer base that signed up for Toyota’s cloud service platforms since 2012. A Toyota spokeperson stated that the issue, which began in November 2013 and lasted until mid-April of this year, led to a cloud system being set to public instead of private, and despite the fact that it could include vehicle locations and identification numbers there is no evidence of malicious use. In response, Toyota will audit cloud settings, continuously monitor settings, and educate employees on data handling rules, as taking steps to block all outside access to the data. (Reuters)
Discord discloses data breach after support agent got hacked
12/5
Discord, a social platform with 150 million monthly users, is notifying users of a data breach after the account of a third-party support agent was compromised, revealing user email addresses, support messages, and any sent attachments to threat actors. Discord have stated that the breached support account was immediately disabled upon discovery of the incident, and malware checks have been completed on the affected machine. Despite believing that any risk is limited, Discord have also worked with the customer support agent to implement measures to prevent any further cyber incidents. (Bleeping Computer)
Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!
Latest resources
Celerity Secures Spot on Crown Commercial Service G-Cloud 14 Framework to Drive Public Sector Digital Transformation
Celerity is delighted to have been named as a supplier on the Crown Commercial Service (CCS) G-Cloud framework, with the latest iteration, G-Cloud 14, commencing on 9th November 2024 and running through April 2026.
Play your virtualisation cards right with Red Hat OpenShift
If you’re the customer of one very large virtualisation vendor, you may feel like you’ve been dealt a pretty bad hand over the last few months. With the long-term impact of new licensing and support programmes up in the air, organisations are seeking guidance from IT service providers on how they can best plan for, and manage, their virtualised infrastructure going forward.
💚 Celerity Goes Green: Supporting Marine Conservation with a Beach Clean 🏝️
Celerity has engaged with the Marine Conservation Society since 2024, to support their public Beach Clean events around the UK. MCS is the UK’s marine conservation charity, working to solve the climate crisis, protect marine wildlife and clean up our oceans.