Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
The Integrity 360 IR team has observed an increase in incidents where clients report their mouse moving and clicking on its own. These incidents vary in terms of whether they are actual compromises cases or false positives.
For example, in one instance, the event occurred at 2am following a Christmas party and a few drinks, indicating it was a false positive. However, real instances of compromise have also been reported. One instance involved an employee falling for a spoofed email from the company's service desk, downloading LogMeIn, and giving attackers access. The attackers then escalated privileges and deployed Ransomware. Despite many instances turning out to be false positives, it's important to take them seriously due to the effectiveness of social engineering tactics.
Microsoft released the last patches for Windows 7 and 8.1 in a historic patch Tuesday. Despite their age, outdated operating systems were still used with at least 100 million known Windows 7 installations being used as recently as 2021. While it goes without saying that users should update operating systems to the latest version where possible, it also highlights the need for secure, modern operating systems which can run on legacy hardware.
DNV, a Norwegian shipping classification society, announced that its systems were affected by a ransomware attack on January 7, impacting approximately 1,000 ships that use its technology. Its ShipManager software, a fleet management tool used by more than 7,000 vessels owned by 300 customers, was targeted by file-encrypting malware, resulting in the organisation shutting down its servers. DNV stated that 70 customers, operating nearly 15% of its total fleet, were affected by the attack.
The attack highlights the increasing vulnerability of shipping companies to cyber-attacks and the importance of implementing robust security measures to protect against such incidents.
Royal Mail CEO Simon Thompson confirmed that a cyberattack is responsible for the ongoing disruption at the company. He revealed this during a U.K. parliamentary committee session on Tuesday, almost a week after the company first announced that it had been hit by an "unspecified cyber incident" that caused the British mail service to be unable to dispatch items to overseas destinations.
Thompson stated that while the company believes that no customer data was compromised in the attack, they are prepared for that situation to change and have already notified the U.K. data protection regulator, the Information Commissioner's Office, as a precaution. He declined to provide further details of the attack, citing it would be detrimental to the ongoing investigation.
According to a new report by Allianz, cyber incidents and business interruption risk remained the top concerns for companies for the second consecutive year. The Allianz survey found that 34% of respondents rated both cyber incidents and business interruption as their top concern.
IT outages, ransomware attacks and data breaches, were ranked as the most significant risk worldwide for the second year in a row. It also was the top concern in 19 different countries including Canada, the UK, France, Japan and India. Additionally, it is the risk that small companies (with less than $250 million in annual revenue) are most concerned about.
FTX announced that it has recovered more than $5 billion in crypto, cash, and liquid securities, however, significant shortfalls still exist at both its international and U.S. crypto exchanges. The company attributed some of the shortfall to hacks, stating that $323 million worth of crypto was stolen from its international exchange, and $90 million was stolen from its U.S. exchange since it filed for bankruptcy on November 11.