Cyber Security News Roundup – 2nd May 2023

We're into the first week of May, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Hackers breach Yellow Pages Canada and steal sensitive documents

25/4

Yellow Pages Canada, which provides listings for local businesses such as addresses and telephone numbers, has been affected by a data breach in which the Black Basta ransomware operation stole sensitive documents that include personal information. Following the attack that occurred around the 15^th of March, Black Basta named the Yellow Pages as their latest victim, sharing a sample of the stolen information which includes identification documents, tax documents, sales and purchase agreements, and more. While the Yellow Pages is yet to formally acknowledge the cyber incident, their SVP and CFO stated that “As soon as we became aware of the attack, we immediately commenced a thorough investigation into this issue with the assistance of external cyber security experts to contain the incident and ensure that we had secured our systems”. They also added that they have reason to believe that the unauthorised party stole personal information relating to Yellow Pages employees, as well as limited data relating to their business customers, but that the attack has had little impact on their operations with all services now restored. Black Basta have regularly been in the cyber security headlines in recent weeks, following high profile cyber-attacks on Capita and Dish. (Bitdefender)

Arnold Clark may face compensation claims over data breach

25/4

Following on from the data breach suffered towards the end of 2022, car retailer Arnold Clark could now be facing legal claims from the thousands of customers whose information was stolen in the attack. One London legal firm claiming to represent 7,500 customers says that it had launched an investigation, and argued that “failures to adopt standard security measures may have made this attack easier”.  In their own statement, Arnold Clark said that they take the safety of their customers data very seriously and that during their own investigation they have taken proactive steps to ensure their protection. They also stated that they had acted immediately to help their customers, as well as being in regular contact with the police and Information Commissioner’s Office. Data security is becoming an increasingly important priority for car dealerships, with Pendragon also targeted by threat actors recently.  (Motor Trader)

Microsoft: Clop and LockBit ransomware behind PaperCut server hacks

26/4

Microsoft has attributed recent cyber attacks that exploited two vulnerabilities in PaperCut servers to the Clop and LockBit ransomware operations. PaperCut is a printing management software that is compatible with all major printers, and is used by large organisations and hundreds of millions of people across 100 countries. Before being patched last month, CVE-2023-27350 and CVE-2023-27351 had been actively exploited in the wild allowing threat actors to perform unauthenticated remote-code executions and information disclosure, with Microsoft stating last week that the Clop and LockBit organisations had been leveraging these flaws to steal corporate data from vulnerable servers. Threat actors had been exploiting the vulnerabilities since the 13^th of April, deploying TrueBot malware and also a Cobalt Strike beacon to spread laterally and steal data. Having regularly featured in headlines in recent weeks after causing chaos to 130 companies using Fortra’s GoAnywhere file transfer service, the Clop operation still attempts to encrypt files however their preferred method is now using stolen data as leverage to extort companies into paying a ransom. (Bleeping Computer)

T-Mobile discloses second data breach since the start of 2023

1/5

Telecommunications giant T-Mobile has disclosed their second data breach since the start of 2023, and seventh since 2018, after discovering that threat actors had gained access to hundreds of pieces of customer information since late February. Whilst the latest breach only affects 837 customers compared to the 37 million from the other attack, the exposed information is extensive and despite containing no financial information or call records it contains more than enough for identity theft. Varying from customer to customer, the stolen data could include full names and contact information, T-Mobile account PINs, identification documents and social security numbers, and internal codes for servicing accounts. T-Mobile proactively changed affected accounts’ PINs the moment they detected the breach, and has offered impacted customers two years of free identity protection services. (Bleeping Computer)

Bitmarck shuts down systems, services after cyberattack

1/5

German IT services provider Bismarck has been forced to shut down all of their customer and internal systems following a cyber-attack, but according to their current knowledge none of their customer or patient data has been stolen. Bismarck is one of the largest service providers for German health insurance companies, but due to Gematik data protection regulations patient data “was and is never endangered” by the cyber-attack. Currently there is no timeline for when their systems will be back up and running, with operation speeds depending on the customer situation, however Bismarck are looking to set up a short term environment so that their clients' critical processes, such as payments, can get back online. At the moment Bismarck are also unable to comment on who broke into their network and how, however they immediately notified the relevant authorities and hired external cyber security experts to assist with analysis efforts. (The Register)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!