Cyber Security News Roundup – 15th May 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Food distribution giant Sysco warns of data breach after cyberattack

9/5

Leading global food distribution company Sysco, who generated $68 billion in sales in 2022 and employ over 71,000 individuals, has confirmed that cyber-attackers stole sensitive information that includes business, employee, and customer data after suffering a network breach earlier this year. In an internal memo, Sysco state that they became aware of the cyber incident on the 5^th of March, with the threat actors believed to have first compromised the company’s network on the 14^th of January. After notifying law enforcement and hiring third party cybersecurity experts Sysco reported that there was no impact to their business operations, and has notified affected individuals that there is no ongoing threat and that additional safeguards have been implemented to prevent any future breaches. (Bleeping Computer)

Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt

10/5

Dragos, a US based industrial cybersecurity business, has disclosed a cyber event in which a known criminal organisation attempted to breach their defences and infiltrate their internal network in order to encrypt devices. While the threat actors were unable to breach either the network or cybersecurity platform, they did manage to gain access to Dragos’ SharePoint and contract management system by compromising a new sales employee’s personal email address, which they then used to complete the initial steps in new employee onboarding. Following the SharePoint breach the attackers downloaded “general use data” alongside 25 intel reports only available to customers, failing to access multiple Dragos systems in the 16 hours that they had access to the compromised account. One of the IPs listed in the indicators of compromise has been observed hosting SystemBC malware and Cobalt Strike, and has also been used in recent BlackBasta ransomware attacks. (Bleeping Computer)

Brightly says SchoolDude data breach spilled 3 million user accounts

11/5

Software provider Brightly has confirmed that threat actors have stolen close to 3 million user accounts after gaining access to the company’s SchoolDude online platform. US based Brightly Software is a subsidiary of German multinational giant Siemens, and their SchoolDude platform is a cloud-based work order management system used by school and university employees, students, and maintenance workers. At the time of their takeover in 2022, Brightly said that it had 12,000 enterprise customers across the UK, US, Canada and Australia. In the data breach notice, which was filed with the Maine attorney general’s office, Brightly state that they are notifying both past and present customers that personal information including names, email addresses, passwords and phone numbers has been stolen by cyber criminals. Brightly also declined to state how the breach occurred, who was responsible for overseeing cybersecurity at the time of the breach, and did not dispute that the stolen passwords were unencrypted. (TechCrunch)

More than 2 million Toyota users face risk of vehicle data leak in Japan

12/5

Due to human error, the vehicle data of over 2.15 million Toyota users in Japan has been publicly available for over a decade, representing almost all of the customer base that signed up for Toyota’s cloud service platforms since 2012. A Toyota spokeperson stated that the issue, which began in November 2013 and lasted until mid-April of this year, led to a cloud system being set to public instead of private, and despite the fact that it could include vehicle locations and identification numbers there is no evidence of malicious use. In response, Toyota will audit cloud settings, continuously monitor settings, and educate employees on data handling rules, as taking steps to block all outside access to the data. (Reuters)

Discord discloses data breach after support agent got hacked

12/5

Discord, a social platform with 150 million monthly users, is notifying users of a data breach after the account of a third-party support agent was compromised, revealing user email addresses, support messages, and any sent attachments to threat actors. Discord have stated that the breached support account was immediately disabled upon discovery of the incident, and malware checks have been completed on the affected machine. Despite believing that any risk is limited, Discord have also worked with the customer support agent to implement measures to prevent any further cyber incidents. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!