Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
This week we have a number of significant stories to share, including a ransomware attack against maritime software supplier DNV GL, which impacted over 1,000 vessels. Additionally, Royal Mail has advised customers not to send overseas packages as they struggle with the fallout from a ransomware attack. A recent report by Allianz has highlighted that cyber incidents are now the top concern for businesses. And in the crypto world, hackers have stolen $415 million from collapsed cryptocurrency broker FTX. Stay informed and stay safe as we navigate the ever-evolving landscape of the digital world.
This week’s observation from our Incident Response Team
The Integrity 360 IR team has observed an increase in incidents where clients report their mouse moving and clicking on its own. These incidents vary in terms of whether they are actual compromises cases or false positives.
For example, in one instance, the event occurred at 2am following a Christmas party and a few drinks, indicating it was a false positive. However, real instances of compromise have also been reported. One instance involved an employee falling for a spoofed email from the company's service desk, downloading LogMeIn, and giving attackers access. The attackers then escalated privileges and deployed Ransomware. Despite many instances turning out to be false positives, it's important to take them seriously due to the effectiveness of social engineering tactics.
Vulnerabilities
Microsoft released the last patches for Windows 7 and 8.1 in a historic patch Tuesday. Despite their age, outdated operating systems were still used with at least 100 million known Windows 7 installations being used as recently as 2021. While it goes without saying that users should update operating systems to the latest version where possible, it also highlights the need for secure, modern operating systems which can run on legacy hardware.
Here’s a roundup of the cyber security incidents that have made headlines this week.
Ransomware attack against the maritime software supplier DNV impacted 1,000 vessels
DNV, a Norwegian shipping classification society, announced that its systems were affected by a ransomware attack on January 7, impacting approximately 1,000 ships that use its technology. Its ShipManager software, a fleet management tool used by more than 7,000 vessels owned by 300 customers, was targeted by file-encrypting malware, resulting in the organisation shutting down its servers. DNV stated that 70 customers, operating nearly 15% of its total fleet, were affected by the attack.
The attack highlights the increasing vulnerability of shipping companies to cyber-attacks and the importance of implementing robust security measures to protect against such incidents.
Royal Mail tells customers not to send overseas packages as it struggles with ransomware fallout
Royal Mail CEO Simon Thompson confirmed that a cyberattack is responsible for the ongoing disruption at the company. He revealed this during a U.K. parliamentary committee session on Tuesday, almost a week after the company first announced that it had been hit by an "unspecified cyber incident" that caused the British mail service to be unable to dispatch items to overseas destinations.
Thompson stated that while the company believes that no customer data was compromised in the attack, they are prepared for that situation to change and have already notified the U.K. data protection regulator, the Information Commissioner's Office, as a precaution. He declined to provide further details of the attack, citing it would be detrimental to the ongoing investigation.
Cyber Incidents top concern for business says new Allianz report
According to a new report by Allianz, cyber incidents and business interruption risk remained the top concerns for companies for the second consecutive year. The Allianz survey found that 34% of respondents rated both cyber incidents and business interruption as their top concern.
IT outages, ransomware attacks and data breaches, were ranked as the most significant risk worldwide for the second year in a row. It also was the top concern in 19 different countries including Canada, the UK, France, Japan and India. Additionally, it is the risk that small companies (with less than $250 million in annual revenue) are most concerned about.
Hackers steal $415 million from collapsed cryptocurrency broker FTX
FTX announced that it has recovered more than $5 billion in crypto, cash, and liquid securities, however, significant shortfalls still exist at both its international and U.S. crypto exchanges. The company attributed some of the shortfall to hacks, stating that $323 million worth of crypto was stolen from its international exchange, and $90 million was stolen from its U.S. exchange since it filed for bankruptcy on November 11.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.