Cyber Security News Roundup – 30th October 2023

Happy Halloween! Are there any monsters hiding in the dark corners of your IT ecosystem?

We've prepared another set of news headlines for you to delve into this week. To learn more about each story, click the headings.

Spain arrests 34 cybercriminals who stole data of 4 million people (bleepingcomputer.com)

23/10

Following 16 targeted searches, the Spanish National Police have arrested 34 individuals believed to have been behind a criminal organisation that stole and monetised the data of millions. Alongside firearms and hand weapons, four high-end cars, and 80,000 euros in cash, the police raids discovered a computer database containing the information of 4,000,000 people. Spanish police have stated that the arrested individuals have been linked to numerous email and SMS phishing scams; without a fixed modus operandi.

Following thousands of complaints and a common pattern of trickery, the investigation into the group's activities began in early 2023. The total profit that the group has made from reselling stolen data is believed to be €3,000,000. With those identified as the gang's leaders already behind bars, there will be an effort over the next few months to identify even more of the gang's affiliates. (Bleeping Computer)

Seiko “BlackCat” data breach: 60,000 records on the line

25/10

Last week, Japanese electronics giant Seiko confirmed the extent of a data breach that was first reported in August. The company originally distributed a data breach notification following news of a breach on the 28th of July, with infamous ransomware gang BlackCat listing the watch manufacturer on their leaks site. Seiko's most recent statement has confirmed that the total number of compromised user records was 60,000, with stolen data including Seiko Watch Corporation (SWC) user data, contact details, employee application information, and details of current and former employees at both Seiko Group and Seiko Watch Corporation.

Fortunately, credit card information remains secure, and Seiko has now implemented improved security controls, such as EDR and MFA. A Seiko statement read "“We sincerely apologise for any inconvenience this attack on our data servers may have caused or may yet cause. We have begun reaching out to each of the affected parties individually, and if any further leaks are discovered, we will, to the best of our ability, continue to respond to each affected party on an individual basis.”

The confirmation of the scale of this incident at Seiko follows the recent news of a breach at fellow Japanese electronics giant Casio. (Infosecurity Magazine)

Latest Cloudflare distributed denial-of-service report details record-setting attack

26/10

The highlight of the latest Cloudflare quarterly DDoS report was yet another record breaking DDoS attack, totaling 201 million requests per second; considerably higher than the previous record of 71 million.

Other findings from the report stated that the gaming and gambling industry was targeted particularly heavily through Q3, due to the potential for lucrative financial gains combined with the technical challenges required to protect the sector from criminals. Q3 also saw continued growth of HTTP DDoS attack traffic - up 65% on the Q2. (Silicon Angle)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!