Hello and welcome to your July edition of our monthly NewsScam – your midsummer round-up of all thing's cybersecurity. Between the CrowdStrike outage and the AT&T data breach there is a lot to cover. Let’s dive in!
The Outage That Will Live in Infamy
Friday, July 19th was a very bad, no good, horrible day. That’s because the world was impacted by the colossal CrowdStrike technology outage. CrowdStrike blamed a software update gone horribly wrong due to a bug in its own test software. But what made the outage exponentially worse was the fact that CrowdStrike is closely tied with Microsoft. Subsequently, it took down 8.5 million Windows devices. Large corporations like Amazon, 3M, BNY Mellon, Mercedes, McDonald’s, PWC and a hundreds of other major companies were impacted. Not to mention the airlines which forced millions to be stuck in airports all over the world for days.
Though in a strange stroke of luck, some airlines like Southwest and Alaska, who do not use CrowdStrike, saw relatively few cancellations. In fact, Southwest is apparently still relying on an extremely old version of Windows and that’s how they escaped most of the pain! Not to miss an opportunity to take advantage of an already desperate situation, cyber criminals have been looking to create even more havoc. It did not take very long. The cyber criminals created registered domains, built malware attached to files with CrowdStrike-themed names and there has been at least one apparent instance of a data wiper.
It’s Summer but the Snowflakes are Still Coming Down
While the temperatures around here may be hot for most of us, the Snowflakes are still coming down. By that I am referring to companies affected by the recent Snowflake breach, the latest victim being AT&T. The massive telecoms provider’s data breach adventure began sometime between May 1, 2022 and October 31, 2022. Then, another breach occurred on January 2, 2023. The news of the data breach was revealed on July 12, and AT&T had to share the REALLY upsetting details: the humongous data breach affected nearly all its cellular customers - as many as 110 million! On the plus side, the breach did not include Social Security numbers, dates of birth, or other personally identifiable information.
Additional Snowflake customers are announcing data breaches, including Advance Auto Parts, where as many as 2.3 million people may be impacted. The top seller of automotive supplies in the US, the company says the data breach, which occurred earlier this year, will impact over two million job applicants and current and former employees.
Of course, there are some non-Snowflake data breaches to report, including project management tool Trello, US pharmacy giant Rite Aid, and yachting company MarineMax.
Automotive Software Supplier CDK Global Reportedly Paid a $25 Million Ransom
Software company CDK Global ended up paying a whopping $25 million ransom to the BlackSuit hacking group. The payment took place in mid-July. You may recall that CDK, which provides cloud-based software enabling automotive dealers to manage various business operations, was the victim of a major attack on June 18th, forcing the company to shut down most of its systems. The company has more than 15,000 customers in North America, the majority of which are automotive dealers in U.S. and Canada.
The hack was damaging enough to force customers to use pen and paper. And now the financial consequences are coming. Case in point: CDK customer Auto Nation cut its quarterly earnings guidance. The company also a full recovery may not be possible until the end of this month. As for BlackSuit, according to Reuters “it is a relatively new cybercriminal team spun off of an older and well-known Russia-linked hacking group named RoyalLocker.” That group mainly focused on hacking American companies and was even connected to another gang more well-known: Conti. At one point RoyalLocker was viewed as the third most persistent ransomware (after LockBit and ALPHV).
Hackers Don’t Just Focus on Big Targets; Smaller Targets Like Cities and Towns Feel the Pain, Too
State and local governments worldwide continue to feel the sting of cyber-attacks. Cases in point: a recent incident at a county in the U.S. state of Indiana was so damaging it was declared a disaster, a status normally reserved for weather-related events. In Los Angeles, 36 superior courts were forced to shut down after a ransomware attack was detected on July 19th. A presiding judge described the incident as “unprecedented”. Over in London, a local government council was recently “blasted by authorities” following a 2020 cyberattack resulting in “deeply personal information” stolen by hackers. When cyber criminals targeted Hackney town hall in October 2020, they gained access to 440,000 files, affecting at least 280,000 residents and members of staff.
UK Labour Party Introduces New Bill to Strengthen Cybersecurity
Also in the UK, the new government plans to strengthen the nation’s defenses against cyberattacks, just a month after the June 3rd ransomware hack on Synnovis Lab spread, crippling London hospitals and health care providers. Reuters reported on July 25th that UK hospitals are still facing “unprecedented blood shortages” due to the incident. Given the severity of this attack, the timing of the Labour government’s actions could not have been better. The new Cyber Security and Resilience Bill aims to shore up defenses for supply chains, an increasingly attractive target for hackers. It will also mandate more comprehensive government reporting if companies are hit with ransomware attacks.
Interpol Takes a Swing at the Black Axe Cybercrime Group
On July 16th, global law enforcement agency, Interpol, announced a “major blow” against several West African cybercrime groups, including the Black Axe syndicate. The operation has led to the arrests of around 300 people, the seizure of assets worth $3 million, and the dismantling of multiple criminal networks around the world. Interpol says the three-month operation known as “Operation Jackal III” ran from April 10th to July 3rd across 21 countries on five continent. As part of the operation, police successfully blocked more than 720 bank accounts. On July 24th, more arrests were made, alleged to include an IT expert from a well-known accounting firm.
That’s all for now. There’s lots to check out, happy reading to all.
But Wait, There’s More...
Google rolls back decision to kill third-party cookies in Chrome – Bleeping Computer
Teenage suspect in MGM Resorts hack arrested in Britain – The Record
A malware strain is threatening critical services – Axios
Over 750 million records exposed by ERP firm data breach — find out if you're safe – TechRadar
Cisco patches critical flaw in secure email gateway appliances – Computing
Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware – Dark Reading
Release of Post-Quantum Cryptographic Standards Is Imminent – EE Times
Craig Wright publicly admits he isn’t inventor of Bitcoin – The Register
