Cyber Security News Roundup – 24th July 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Recycling giant TOMRA pulls systems offline

18/7

TOMRA, a Norwegian mining and recycling giant with $1.2 billion turnover in 2022, was forced to isolate some of its systems after dealing with an “extensive cyber attack”. Beginning on the weekend of the 16^th of July, it is not currently known who is behind the attack. TOMRA had to take internal IT services and some back office applications offline, which affected supply chain management, alongside asking the company’s staff to work remotely as major office locations were also taken offline. The company stated that the attack has had limited impact on business operations; many of TOMRA’s digital services are able to operate offline for a certain amount of time, but will have reduced functionality in the interim. (The Register)

BlackCat and Clop gangs both claim cyber attack on Estée Lauder

19/7

Last week global beauty and cosmetics giant Estée Lauder suffered a cyber attack that has been claimed by both BlackCat and Clop – two of the world’s largest ransomware operations. In a statement, Estée Lauder said that they believed data had been exfiltrated, and are currently working to understand the nature and scope of the stolen data – claimed by Clop to be 131 gigabytes. After they proactively took down some of their systems, the company is now implementing measures to secure their operations, and are focused on remediation. Estée Lauder also acknowledged that the incident has and will continue to cause disruption to parts of its operations. It is not known whether Estée Lauder were victims of the MOVEit file transfer services breaches, with Clop also adding American Airlines and the UK’s communications regulator, Ofcom to their dark web leaks site. After Clop added Estée Lauder, BlackCat followed with their own breach claim later in the same evening.  (Computer Weekly)

UK airports 'targeted by coordinated Russia cyber attack groups'

19/7

Reports emerged last week that UK airports are being targeted by Russian hacking groups, after London City Airport’s website went down on Wednesday afternoon – claimed by pro-Russian group UserSec. Anonymous Russia also claimed to have launched an attack on Birmingham Airport’s website, however it did not appear to force the site offline. The extent to which these hacking claims are genuine, and whether they will have any material impact on operations, is debated. Earlier this year, the British Government warned that pro-Russian hackers were trying to cause as much damage as possible to critical national infrastructure – in this case, power stations – with these cyber criminals being ideologically, and not financially, motivated entities. (The Mirror)

Clop gang to earn over $75 million from MOVEit extortion attacks

21/7

The Clop ransomware operation, that has dominated cyber security news headlines for weeks now, is reportedly set to earn between $75-100 million as a result of the MOVEit campaign, despite the number of victims paying ransoms falling to 34%. As a result of the decline in paid ransoms - which stem from victims now being better educated on the pros and cons of ransom situations - ransomware gangs have had to change their strategies in order to make successful cyber attacks more profitable. Clop, in particular, now make much larger ransom demands, hoping that a small number of large payments will compensate for the overall decline in volume. Reports indicate that Clop have had more extortion success targeting MOVEit than with the GoAnywhere campaign earlier this year; even with 90% of victims not even engaging in ransom negotiations, the MOVEit campaign has created at least 10x the number of direct victims. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!