Cyber Security News Roundup – 26th June 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Hackers warn University of Manchester students of imminent data leak

20/6

Unknown criminals behind the recent cyber attack at the University of Manchester have now begun emailing students to notify of their intentions to release stolen data, after ransom demands were not met. In the attack, which happened on the 6^th of June, the threat actors claimed to have stolen 7Tb of data containing confidential personal information, research data, medical data, police records, drug test results, and financial and HR documentation. This incident doesn’t appear to be linked to the recent MOVEit breaches that have been causing chaos to business around the world; the culprits behind the attack will likely be revealed if the data is published to a public site. (Bleeping Computer)

MOVEit hack: Gang claims not to have BBC, BA and Boots data

21/6

The notorious ransomware operation Clop, who have dominated the security headlines in recent weeks after a series of high-profile cyber attacks targeting the MOVEit file transfer service, have denied involvement in data breaches affecting a number of large UK organisations. The BBC, British Airways, and Boots all saw sensitive data stolen earlier this month, when payroll provider Zellis was breached; the denial of involvement from Clop now raises the possibility that either a different, unknown hacking group was behind the attack, or that Clop is lying. Since the 14^th of June, Clop has been uploading the profiles of almost 50 victims to their darknet site, alongside threats to publish stolen data if ransom demands are not met – none of the UK’s largest victims have been posted. In a statement, Clop said that “We are an old group and we have never deceived anyone, if we say that we do not have information, then we do not have it”. The MOVEit breaches are already a complicated situation, and the latest comments from Clop only add further confusion. (BBC News)

UPS discloses data breach after exposed customer info used in SMS phishing

22/6

UPS has confirmed a data breach that may have exposed customer data. The global shipping giant has been sending letters to customers warning of fraudulent text messages asking for payment to deliver a package, and despite promises of an internal investigation UPS is being criticised for its handling of the incident. The regions in which UPS operates that have been affected by the breach is currently unclear. Cyber attackers have exploited UPS’ package look-up tool in order to obtain information about deliveries, using this and stolen phone numbers to contact individuals with payment demands. The threat actor has so far posed as both Apple and Lego – known heavily for their use of UPS delivery services. A UPS spokesperson stated that the company was aware of an SMS phishing scheme, and that they are working with their delivery chain partners, law enforcement, and third-party experts to understand how the fraud is being perpetrated and the cause of the malicious activity. (TechRadar)

American Airlines, Southwest Airlines disclose data breaches affecting pilots

24/6

Two of the world’s largest airlines, American Airlines and Southwest Airlines, have disclosed data breaches stemming from a successful hack of Pilot Credentials. Pilot Credentials is a third party vendor used to manage airlines’ pilot applications and recruitment portals, with an unauthorised access on the 30^th of April stealing documents provided by applicants in the pilot and cadet hiring process. The breach was limited to the third party network, with no compromise of either airline’s own networks. Across both airlines, almost 9,000 pilots have been affected, with American Airlines confirming that stolen personal information included names, Social Security numbers, driving license numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers. The airlines will now direct all applicants to self-managed internal platforms, and are fully cooperating with the relevant law enforcement agencies in their ongoing investigation. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!