Cyber Security News Roundup – 9th May 2023

A padlock on a laptop keyboard

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Ransomware attack on Dallas shuts down the city's online services


The city of Dallas, Texas, has suffered a ransomware attack that has forced it to shut down online and IT services for local government, including local police services. Ransomware operation “Royal” have claimed responsibility for the attack, distributing ransom demands using city printers. In past attacks, Royal have infiltrated company networks either through phishing attacks or hijacking remote desktop control protocol services, with US authorities recently warning that the operation makes ransom demands ranging from $1 million to $11 million. Dallas officials are now working with security experts to isolate the ransomware, but as this requires server scrubbing any online services will have to remain offline until the city’s IT systems have been wiped and restored. (PC Magazine)

Brightline hack exposes data of over 780,000 child mental health patients


Brightline, an American childrens’ mental health provider, has warned patients that their data may have been accessed in the latest data breach to result from a vulnerability in Fortra’s GoAnywhere file transfer service. In their investigation, Brightline concluded that the breach was limited to the Fortra service and did not impact their own network, however sensitive information including names, addresses, dates of birth, identification numbers and employer names has been stolen, affecting 780,000 patients. The Fortra GoAnywhere file transfer service has frequently been exploited by the Clop ransomware operation, using the CVE-2023-0669 command injection vulnerability. In a statement, Brightline said that they acted immediately once notified by Fortra, however due to the increased risk that healthcare organisations face from cyber crime it is vital that they are sure of their security investments. (Infosecurity Magazine)

Ex-Uber security chief sentenced over covering up hack


The former Chief Security Officer at Uber has been sentenced to three years probation, a $50,000 fine, and 200 hours of community service after being found guilty of paying hackers $100,000 following a 2016 data breach in which 57 million user records were stolen. Joseph Sullivan had agreed to pay the attackers the six-figure sum in exchange for signed non-disclosure agreements stating that they would not reveal the hack, as well as disguising the payment as a “bug bounty” – where researchers are paid to disclose vulnerabilities that require fixing. (BBC News)

Meet Akira — A new ransomware operation targeting the enterprise


A novel ransomware operation, named Akira, claims to have built a list of 16 enterprise victims in various industries as they breach networks, encrypt files, and demand multi-mullion dollar ransoms worldwide. Launched in March 2023, this new operation is not thought to be related to the 2017 ransomware of the same name.  Once they have breached a network Akira will move laterally, deploying the ransomware when admin credentials have been obtained, but stealing data to use as extortion leverage before starting encryption. Once deployed, the Akira ransomware will encrypt the majority of file extensions, appending them with .akira, and uses the Windows Restart Manager API to close down any processes preventing encryption. It also includes an akira_readme.txt that explains what has happened, and threatens to sell any leaked data or information to the dark market. There are currently four victims on the Akira site, with leaked data ranging from 5.9Gb to 259Gb. (Bleeping Computer)

Western Digital confirms hackers pilfered customer data in March cyber-attack


US based computer drive and data storage giant Western Digital has been emailing customers to inform them that the March cyber-incident has resulted in the theft of user data. In an update stating that Western Digital is progressing through the restoration process with most systems and services back operational, the company also revealed that threat actors obtained a copy of their online store database, containing personal information such as names, addresses, email addresses, and phone numbers. Despite an apologetic stance from Western Digital, their response offers no assistance to affected, and clearly disgruntled, users, and has led to criticism of an "empty" apology. (Bitdefender)

The MSI data breach might have leaked some very important Intel code


The recent ransomware attack, claimed by Money Message, on Taiwanese computer manufacturer MSI has likely leaked private Intel BootGuard Keys despite statements that there was no significant business impact. The leaking of these keys is affecting computer manufacturers industry-wide, as they could allow threat actors to cryptographically sign tampered systems, making them considered secure and enabling access. Intel are currently silent on the matter, and while media are waiting for confirmation that the keys are authentic there could be significant downstream impact if they are found to be genuine. (Tech Radar)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!

Latest resources