Cyber Security News Roundup – 2nd October 2023

Cyber crime continues to pose a serious security risk, with the Royal Family and multinational conglomerates among last week's victims. To learn more about each story, click the headings.

Sony investigates cyberattack as hackers fight over who's responsible

26/9

Last week Sony said that it was investigating allegations of a cyberattack, with different hackers stepping up to claim responsibility.  Over 3.14 GB of uncompressed data allegedly belonging to Sony has already been dumped onto hacker forums, with two threat actors named RansomedVC and MajorNelson fighting to claim responsibility. RansomedVC claim to have stolen 260 GB of data during the attack, which they are now offering for sale at $2.5 million - MajorNelson also leaked the compressed archive containing 3.14Gb of alleged Sony data.

Bleeping Computer reached out to Sony for comment, being told by a spokesperson ""We are currently investigating the situation, and we have no further comment at this time". While the data shared by the attackers does appear to belong to Sony, the veracity of either threat actor's claims was not able to be independently verified. (Bleeping Computer)

Johnson Controls International Disrupted by Major Cyberattack

28/9

Multinational Conglomerate Johnson Controls reported a cyber attack to the US Securities and Exchange Commission last week, saying that it had suffered disruption to its internal IT infrastructure.

Researchers at Nextron Systems shared a tweet that included a ransom note from cyber crime group Dark Angels stating: "HELLO dear Management of Johnson Controls International! If you are reading this message, it means that: your network infrastructure has been compromised, critical data was leaked, files are encrypted, backups are deleted." The gang has allegedly stolen over 27TB of data and encrypted Johnson Controls' VMware ESXi machines.

In its filing with the SEC, Johnson Controls stated that its applications remain unaffected, but that it is continuing to review the financial impact. The company has also established an incident management and protection plan. (Dark Reading)

FBI: Dual ransomware attack victims now get hit within 48 hours

30/9

The FBI have noticed an emerging trend among ransomware attacks where multiple strains are deployed onto victims' networks, encrypting their systems in under two days. These trends were observed starting July 2023, with variants used in these dual ransomware attacks including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.

In the past dual ransomware typically took a minimum of 10 days to deploy. In this case, the vast majority of ransomware incidents that targeted the same victim took place within a mere 48-hour timeframe. In addition, ransomware gangs have begun to add new code into their custom data theft tools, wipers, and malware to evade detection.

Recommended practices include keeping all systems up-to-date and conducting thorough scans of infrastructure to identify potential backdoors or vulnerabilities, restricting access solely through VPN and exclusively to accounts with a strong password and enforced multi-factor authentication, and network segmentation.(Bleeping Computer)

Royal Family's official website targeted in cyber attack

1/10

The Royal website was taken down over the weekend following a Distributed Denial of Service (DDoS) attack. With official sources saying that is not known who was behind the attack, adding that it was not a hack and no access was gained to the website's systems or content, Russian group Killnet took responsibility on their Telegram channel. (Sky News)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!