Cyber Security News Roundup – 9th October 2023

We're now into the fourth and final quarter of 2023, but cyber crime isn't slowing down. From budget hotels to multinational conglomerates, last week's headlines were saturated with reports of disruption, data breaches, and serious financial consequences. To learn more about each story, click the headings.

ALPHV/BlackCat ransomware attack prompts data breach at Motel One

3/10

Last week reports broke that European budget hotel chain Motel One had fallen victim to a ransomware attack from notorious criminal group ALPHV/BlackCat. Impact statements are contradictory; Motel One claim that only customer addresses and the details of 150 credit cards were compromised, with operations unaffected, whilst BlackCat claim to have stolen 6 TB worth of documents including booking confirmations from the last three years, which included names, addresses, and contact information, as well as payment methods and reservation dates. BlackCat has now threatened to leak all of the stolen data if Motel One fails to make the demanded ransom payment within five days. (SC Media)

Sony confirms data breach impacting thousands in the U.S.

4/10

Following recent headlines that Sony had been investigating an alleged cyber attack, the Japanese conglomerate has now notified current and former employees and their family members about an unrelated security breach that exposed personal information. The malicious intrusion was confirmed to have been a result of zero-day vulnerability CVE-2023-34362, the same MOVEit flaw that Clop have recently been exploiting to impact hundreds of organisations around the world.

The compromise occurred on the 28th of May, 3 days before Sony learned about the flaw from vendor Progress Software. Sony have stated that they "discovered the unauthorised downloads, immediately took the platform offline, and remediated the vulnerability" on the 2nd of June. The confirmation of their involvement in the string of MOVEit breaches means that Sony is now facing two high profile data breaches within the last four months. (Bleeping Computer)

Blackbaud agrees to $49.5 million settlement for ransomware data breach

6/10

Blackbaud, a US based cloud computing provider that provides software solutions to non-profit organisations such as charities, schools, and healthcare agencies, has agreed to pay a $49.5 million settlement following a multi-state investigation into a May 2020 ransomware attack.

During the attack, highly sensitive data belonging to over 13,000 Blackbaud business customers and their clients was compromised, impacting millions of individuals. Blackbaud also complied with ransom demands, after being assured that the data would be destroyed. The $49.5 million settlement fee addresses alleged violations of state consumer protection laws, breach-notification regulations, and the Health Insurance Portability and Accountability Act (HIPAA). It also includes a set of security criteria that the software provider must implement. (Bleeping Computer)

Lyca Mobile says customer data was stolen during cyberattack

6/10

London-headquartered mobile virtual network operator Lyca Mobile has confirmed that it has been the target of a cyber attack which caused widespread disruption for millions of customers and has resulted in the theft of information. Lyca Mobile stated that it first detected the intrusion on the 30th of September, immediately isolating and shutting down compromised systems to contain the incident.

Unfortunately, the company confirmed that the compromised systems exposed “at least some" personal information to the threat actors, which could include names, dates of birth, addresses, copies of identity documents, customer service interactions, and some payment card information. With Lyca Mobile still working to assess the full impact to its systems, the total number of affected customers is unclear, however the mobile virtual network operator claims to have more than 16 million customers globally. (Tech Crunch)

Data breach at MGM Resorts expected to cost casino giant $100 million

6/10

After the news from last month that casino operators MGM Resorts and Caesars Entertainment had suffered highly disruptive breaches, reports have now surfaced that the impact is now going to cost MGM more than $100 million.

The incident, first detected on the 10th of September, forced MGM to shut down several casino and hotel computer systems, leaving many customers unable to make credit card transactions, obtain money from cash machines or enter hotel rooms. Whilst the attack bears all the hallmarks of ransomware, MGM is yet to confirm the incident's nature. If it is indeed ransomware, then the MGM breach could end up being the most expensive ransomware incident on record.

MGM has confirmed that operations at affected properties have returned to normal, with the vast majority of IT systems now restored. In a filing with the US Securities and Exchange Commission, MGM said that it believes that September's data breach will have a negative impact on its third-quarter financial results, but minimal impact in the fourth quarter and operational results for the year. On top of the estimated $100 million loss before interest, taxes, depreciation, amortisation and rent, MGM has also incurred one-time charges totalling over $10 million for services including legal fees and technology consulting.

MGM Resorts and Caesars Entertainment now face a combined nine federal lawsuits over the cyberattacks. (The Independent)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!