Cyber Security News Roundup – 3rd April 2023

It's the first week of April, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Latitude Financial Services data breach: 14 Million customers affected 27/03

Following on from the initial reports of a data breach in mid-March, Australian consumer lender Latitude has disclosed that the cyber incident has affected 14 million customers with driving licenses, passports, and financial and personal information stolen. The network was initially breached when criminals obtained an employee’s login credentials, using these to access the networks of two service providers. This forced Latitude to take some of its systems offline, and despite working to restore services they are still unable to help customers with specific account enquiries. Latitude is now working with affected customers to minimise their personal risk, as well as reimbursing the costs to replace stolen identity documents. (HackRead)

Crown Resorts confirms ransomware attack following GoAnywhere data breach 29/03

Crown Resorts, the largest leisure and gambling business in Australia with revenue of over $8 billion, has confirmed that they have fallen victim to the Clop ransomware operation. This incident is the latest to have resulted from a critical vulnerability in Fortra’s GoAnywhere file transfer service, with Crown Resorts joining a list of large organisations to have been targeted by the Clop gang, including the City of Toronto and Procter and Gamble. At this moment in time, Crown Resorts have stated that the criminals do not appear to have a hold on customer data, with data accessed “limited” and reportedly not affecting customers. Clop have been targeting the CVE-2023-0669 zero-day vulnerability in the GoAnywhere service, with claims that they have breached over 130 organisations. The cyber security community in Australia has been rocked in recent weeks, with the Crown Resorts incident the latest in a series of high profile cyber attacks. (iTech Post)

Consumer lender TMX discloses data breach impacting 4.8 million people 31/3

TitleMax, a Canada based lending business that operates over 1,100 stores in the US, has disclosed a data breach that has affected over 4.8 million customers. TitleMax sent a letter to customers on the 30^th March, stating that whilst threat actors were able to access their systems in December 2022 the company did not detect a breach until mid-February. Personal information, social security and driving license numbers, and financial account information was stolen during the incident. TitleMax claims that they have now contained the incident, installing endpoint detection on company devices and resetting all employee passwords as well as providing affected customers with a free 12 month identity protection service. (Bleeping Computer)

DISH slapped with multiple lawsuits after ransomware cyber attack 1/4

Following their disclosed ransomware incident towards the end of February, TV services giant DISH has been hit with a number of lawsuits that allege overstated operational efficiency and deficient cybersecurity and IT infrastructure. The ransomware incident caused a multi-day outage of DISH’s network, a subsidiary network, and made their call centres unreachable. Six law firms are now pursuing class-action lawsuits against the organisation, which made over $16 billion in revenue in 2022. The lawsuits accuse DISH of attempting to conceal deficient cyber security practices, rendering them unable to appropriately protect customer data and leaving them vulnerable to malicious actors. (Bleeping Computer)

New Money Message ransomware demands million dollar ransoms 2/4

A new, worldwide ransomware operation named ‘Money Message’ has been detected, demanding million-dollar ransoms from any organisation that they can infiltrate. The operation currently has two large organisations, of which one is Asian airline with $1 billion revenue, listed on their website with screenshots of stolen files posted as proof of the breach. Bleeping Computer also saw evidence of a Money Message breach on an unnamed computer hardware vendor but were not able to confirm the incident with the company. Written in C++ and carrying an embedded JSON configuration file to determine how a device will be encrypted, the Money Message ransomware encryption process seemed to be slower than others during tests. However, the malware generates a note with a link to a TOR negotiation site and threatens to leak data if ransom demands are not met. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!