Cyber Security News Roundup – 27th March 2023

It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Hackers mostly targeted Microsoft, Google, and Apple zero-days in 2022 20/03

According to new research, cyber criminals are still targeting zero day vulnerabilities, mostly in Microsoft, Apple, and Google products. 53 out of the 55 actively exploited zero-day vulnerabilities in 2022 enabled the threat actor to gain elevated privileges or perform remote code execution on vulnerable devices. Despite a decline in the number of exploited vulnerabilities from 80 in 2021 to 55 in 2022, the past twelve months still surpassed any other year and this trend is expected to continue upwards in 2023. Chinese cyber spies were the most active state-sponsored groups with 7 flaws exploited, while Russia and North Korea both exploited 2 flaws. (Bleeping Computer)

Ferrari says ransomware attack exposed customers’ personal data 21/3

Italian supercar manufacturer Ferrari has confirmed that it has suffered a ransomware attack that exposed customers’ personal information.  CEO Benedetto Vigna notified customers that a threat actor was able to access a limited number of their IT systems, with the hackers managing to expose customer names, addresses, email addresses and phone numbers. Their business operations were not affected, and Ferrari state that no payment information or car details were stolen however there are question marks about their technical ability to detect data exfiltration. Ferrari are also being tight lipped about how many customers were affected and how the business was compromised. (Tech Crunch)

City of Toronto confirms data theft, Clop claims responsibility 23/03

The Canadian City of Toronto has been affected by malware distributed by the latest mass ransomware operation, Clop, which has claimed other victims globally including Virgin Red and the Pension Protection Fund in the UK. Clop claims that it has managed to breach over 130 organisations so far, by exploiting a remote code execution flaw in Fortra’s GoAnywhere secure transfer tool. The City first became aware of unauthorised data access on the 20^th of March, stating that the access was limited to files that failed to process through their third party secure transfer system and that they are working to understand the full impact of the incident. (Bleeping Computer)

Procter & Gamble confirm GoAnywhere bug breach 24/3

American multinational consumer goods giant Procter and Gamble has confirmed that one of their companies is the latest victim of the Clop mass ransomware operation, with the attackers stealing information about their employees. However, P&G has stated that social security and identification numbers, credit card details, and bank information were not part of the information stolen. As with the many other Clop victims, P&G’s company was accessed through an exploited bug on Fortra’s GoAnywhere file transfer service. The Clop gang has been at the front of global ransomware operations since 2019, with their total ransom payouts reaching $500 million in 2021. Despite a short hiatus following the arrest of several affiliates, Clop recently resurfaced and has been adding multiple companies to their victim list every day. There is concern from experts that their openness about targeting the Forta vulnerability is just a smokescreen while they move laterally and look to abuse other vendors. (Cyber News)

FBI confirms access to Breached cybercrime forum database 24/03

The FBI has managed to gain access to the database of the notorious hacking forum BreachForums, or Breached, with the US justice department also announcing the arrest of it’s owner Conor Brian Fitzpatrick. The FBI used the Breached database to determine that the 20 year old was the main admin Pompompurin based on activity logs and the email registered to his internet connection. It is estimated that Fitzpatrick was making up to $1000 per day, which he used to administer BreachForums and purchase other domains. Breached was set up to fill the void left by the seizure of RaidForums, quickly becoming the largest hacking forum and commonly used by cyber criminals to leak stolen data. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!