Cyber Security News Roundup – 27th March 2023
By Emily Davidson
27 March 2023It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.
Hackers mostly targeted Microsoft, Google, and Apple zero-days in 2022 20/03
According to new research, cyber criminals are still targeting zero day vulnerabilities, mostly in Microsoft, Apple, and Google products. 53 out of the 55 actively exploited zero-day vulnerabilities in 2022 enabled the threat actor to gain elevated privileges or perform remote code execution on vulnerable devices. Despite a decline in the number of exploited vulnerabilities from 80 in 2021 to 55 in 2022, the past twelve months still surpassed any other year and this trend is expected to continue upwards in 2023. Chinese cyber spies were the most active state-sponsored groups with 7 flaws exploited, while Russia and North Korea both exploited 2 flaws. (Bleeping Computer)
Ferrari says ransomware attack exposed customers’ personal data 21/3
Italian supercar manufacturer Ferrari has confirmed that it has suffered a ransomware attack that exposed customers’ personal information. CEO Benedetto Vigna notified customers that a threat actor was able to access a limited number of their IT systems, with the hackers managing to expose customer names, addresses, email addresses and phone numbers. Their business operations were not affected, and Ferrari state that no payment information or car details were stolen however there are question marks about their technical ability to detect data exfiltration. Ferrari are also being tight lipped about how many customers were affected and how the business was compromised. (Tech Crunch)
City of Toronto confirms data theft, Clop claims responsibility 23/03
The Canadian City of Toronto has been affected by malware distributed by the latest mass ransomware operation, Clop, which has claimed other victims globally including Virgin Red and the Pension Protection Fund in the UK. Clop claims that it has managed to breach over 130 organisations so far, by exploiting a remote code execution flaw in Fortra’s GoAnywhere secure transfer tool. The City first became aware of unauthorised data access on the 20th of March, stating that the access was limited to files that failed to process through their third party secure transfer system and that they are working to understand the full impact of the incident. (Bleeping Computer)
Procter & Gamble confirm GoAnywhere bug breach 24/3
American multinational consumer goods giant Procter and Gamble has confirmed that one of their companies is the latest victim of the Clop mass ransomware operation, with the attackers stealing information about their employees. However, P&G has stated that social security and identification numbers, credit card details, and bank information were not part of the information stolen. As with the many other Clop victims, P&G’s company was accessed through an exploited bug on Fortra’s GoAnywhere file transfer service. The Clop gang has been at the front of global ransomware operations since 2019, with their total ransom payouts reaching $500 million in 2021. Despite a short hiatus following the arrest of several affiliates, Clop recently resurfaced and has been adding multiple companies to their victim list every day. There is concern from experts that their openness about targeting the Forta vulnerability is just a smokescreen while they move laterally and look to abuse other vendors. (Cyber News)
FBI confirms access to Breached cybercrime forum database 24/03
The FBI has managed to gain access to the database of the notorious hacking forum BreachForums, or Breached, with the US justice department also announcing the arrest of it’s owner Conor Brian Fitzpatrick. The FBI used the Breached database to determine that the 20 year old was the main admin Pompompurin based on activity logs and the email registered to his internet connection. It is estimated that Fitzpatrick was making up to $1000 per day, which he used to administer BreachForums and purchase other domains. Breached was set up to fill the void left by the seizure of RaidForums, quickly becoming the largest hacking forum and commonly used by cyber criminals to leak stolen data. (Bleeping Computer)
Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!
Latest resources
Celerity Secures Spot on Crown Commercial Service G-Cloud 14 Framework to Drive Public Sector Digital Transformation
Celerity is delighted to have been named as a supplier on the Crown Commercial Service (CCS) G-Cloud framework, with the latest iteration, G-Cloud 14, commencing on 9th November 2024 and running through April 2026.
Play your virtualisation cards right with Red Hat OpenShift
If you’re the customer of one very large virtualisation vendor, you may feel like you’ve been dealt a pretty bad hand over the last few months. With the long-term impact of new licensing and support programmes up in the air, organisations are seeking guidance from IT service providers on how they can best plan for, and manage, their virtualised infrastructure going forward.
💚 Celerity Goes Green: Supporting Marine Conservation with a Beach Clean 🏝️
Celerity has engaged with the Marine Conservation Society since 2024, to support their public Beach Clean events around the UK. MCS is the UK’s marine conservation charity, working to solve the climate crisis, protect marine wildlife and clean up our oceans.