It’s about time for this month’s NewsScam and let me tell you this: it’s all about MOVEit, MOVEit – and not in terms of anyone liking it though! So, stay on your chairs and don’t hop around. The MOVEit breach led to a domino effect having an impact worldwide, and yes stone by stone it even led to the US government. More on this later but carry on reading to not miss out on learning more headlines from June.
Hackers Cause Global Disruption
Any organization worldwide using MOVEit’s software ended up having to move infected files. Apparently, hackers were eager to MOVEit indeed when they broke into MOVEit’s transfer tool. UCLA, Genworth, PBI, Boots, BBC, and British Airways, are just a few to name, and the number of those affected grows by day. The attack by a Russian ransomware group has not only proven to be devastating but the aftermath keeps on going. Even US federal government agencies were hacked. The National Cyber Security Centre in the US keeps monitoring but is advising everyone to keep on going with security updates. Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. “We are working urgently to understand impacts and ensure timely remediation.”
Speaking of Russia, and I am sure everyone has learned about it already since this was another top subject being discussed everywhere. With a wee help from AI, hackers managed to mimic Putin’s voice and made false claims on TV in such an authentic way, people stopped doing whatever they were doing. Ukrainian hackers found their way into Russian’s broadcasting channels “Rossiya” and “Friday” and produced their own wee show. Surely not very entertaining for everyone?
Bad Day for Amazon
And then let’s talk about Amazon, who had a really bad day in June. One might be curious and wonder by asking: “Hey, Alexa! What happened?!” Well, Alexa was found guilty of violating a child privacy law by keeping for years kids' voice and location data recorded which caused Amazon having to pay a $25 million penalty fee. But as if that wasn’t enough, the company was charged about to $5.8 million in customer refunds for alleged privacy violations involving its doorbell camera, Ring.
Breach in the Cockpit – Cyber-attack Exposes Pilot Data
Just when everyone is starting to look forward to their summer holidays, flying keeps becoming a scarier outlook. The two largest airlines worldwide, American Airlines and Southwest, admitted that 8,754 pilot applicants were affected by a breach in total. The airlines third-party vendor, pilotcredentials.com was hacked and therefore caused their pilots’ personal information such as including name and social security number, driver's license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers being exposed.
Who is Going to Catch Pompompurin?
Common strength against cybercrime worldwide took place by U.S. Secret Service, Homeland Security Investigations, the N.Y. Police Department, the U.S. Postal Inspection Service, the Dutch National Police, the Australian Federal Police, the U.K. National Crime Agency, and Police Scotland. One thing is for sure: Conor Fitzpatrick aka Pompompurin found himself behind bars but also broke for life as he was fined $300,000.
Will such consequences have hackers refrain from their daily dose of breach? We shall see!
One thing is for sure, keeping safe online is more important than ever. This leads me to mention our latest press release around the upcoming PKI industry changes; discussing Google's proposal to reduce the lifespan of SSL/TLS certificates, new CA/Browser Forum Baseline Requirements for email security, and mandatory Root changes issued by Mozilla.
Wait, there's more...
Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks – The Record
Suncor Energy cyberattack impacts Petro-Canada gas stations – Bleeping Computer
An Illinois hospital links closure to ransomware attack – NBC News
Microsoft Teams Attack Skips the Phish to Deliver Malware Directly – Dark Reading
UK NCSC urges legal firms to strengthen cyber defences – CSO Online
British Twitter Hacker Sentenced to Prison in US – SecurityWeek
Microsoft confirms hacking of Outlook, OneDrive in June – Fortune