Yazılar

Cyberattacks on M&S and Co-op Originated from Help Desk Deception, Says Report

/in /tarafından

Cybercriminals launched recent attacks on British retailers Marks & Spencer (M&S) and Co-op Group by impersonating employees to trick IT help desks into resetting passwords, according to a report by BleepingComputer. This social engineering tactic allowed hackers to gain initial access to internal systems.

The UK’s National Cyber Security Centre (NCSC) responded by urging all organisations to re-evaluate their help desk protocols, warning that online criminal activity like ransomware and data extortion is on the rise and that even large enterprises are vulnerable to such basic forms of manipulation.

While both M&S and Co-op declined to comment, the consequences of the M&S breach are already being felt. Shares dropped 4% on Tuesday and are down 12% since the cyber incident was disclosed on April 22. The company halted online orders for clothing and home products via its website and app on April 25, with no timeline for resumption. Some food product availability has also been disrupted.

Deutsche Bank analysts estimate the incident has cost M&S around £30 million ($40 million) so far, with an ongoing weekly impact of approximately £15 million. Though cyber insurance may offset part of the loss, it typically covers a limited time period. The broader risks include loss of consumer trust, data breach fines, and long-term reputational damage.

Ciaran Martin, former CEO of the NCSC, noted that the recovery time for such attacks is often lengthy due to the need to completely rebuild compromised IT networks.

Meanwhile, a group identifying as DragonForce claimed responsibility for attacking both M&S and Co-op, as well as stealing staff and potential customer data from the latter. The same group also claims responsibility for attacking Harrods. The report also links the cyberattack on M&S to the Scattered Spider” hacking collective, known for using DragonForce ransomware, although the NCSC said it could not confirm the connection.

US, UK, and Australia Target Russia-Based Zservers Over Lockbit Ransomware Attacks

/in /tarafından

The United States, joined by the United Kingdom and Australia, has taken coordinated action against Zservers, a Russia-based service provider linked to supporting the notorious Lockbit ransomware attacks. The U.S. Department of Treasury announced the sanctions on Tuesday, highlighting national security concerns related to ransomware operations.

Designations and Actions:

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) added two Russian nationals to its sanctions list, accusing them of being key administrators for Zservers, a company that provides bulletproof hosting services (BPH) commonly used by cybercriminals. These services enable cyber actors, including ransomware groups, to carry out attacks on critical infrastructure both in the U.S. and internationally.

Bradley Smith, acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, emphasized that third-party providers like Zservers play a crucial role in facilitating the operations of cybercriminals, including those behind Lockbit attacks.

Broader Context:

This move is part of a broader effort to combat cybercrime, following similar actions last year that saw joint sanctions from the U.S., UK, and Australia against the Evil Corp ransomware group. The sanctions are aimed at disrupting the infrastructure that supports cybercriminal activities globally.

Rhode Island Faces Data Breach as Hackers Demand Ransom

/in /tarafından

Rhode Island has been struck by a significant data breach, potentially compromising the personal and financial information of hundreds of thousands of residents. The breach, attributed to an international cybercriminal group, involves stolen sensitive data, including Social Security numbers, and has led to extortion demands. The hackers have threatened to release the information unless a ransom is paid, state officials reported on Saturday.

Governor Dan McKee confirmed that the breach affects individuals enrolled in the state’s government assistance programs, such as the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), and healthcare services provided through HealthSource RI. The attack targeted the state’s RIBridges portal, an online platform for accessing social services, which was breached earlier this month.

Although the breach was initially detected, it was only confirmed on Friday after the state’s vendor, Deloitte, validated the hacking incident. The governor’s office stated that Deloitte had confirmed a high probability that a cybercriminal had accessed files containing personally identifiable information.

The breach may affect anyone who has applied for or received assistance through these programs since 2016. In response to the threat, RIBridges has been temporarily shut down, and those applying for new benefits will be required to use paper applications until the system is secured and restored.

Households believed to be affected by the breach will receive official notification from the state, along with guidance on how to protect their personal and financial data.