Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CNN. Show all posts

Blue Yonder Cyberattack: A Wake-Up Call for Supply Chain Security

 


Blue Yonder, a prominent supply chain software provider used by major U.S. grocery chains like Safeway and Fred Meyer, is investigating a significant cyberattack. The ransomware group Termite has claimed responsibility, threatening to publish 680 gigabytes of stolen data, including documents, reports, and email lists, if its claims are verified.

The Cyberattack

On November 21, 2024, Blue Yonder, an Arizona-based company serving clients such as DHL, Starbucks, and Walgreens, experienced a ransomware incident that compromised its network and disrupted services. Though the company confirmed the attack, it has refrained from naming the perpetrators or specifying the type of data stolen. However, Termite has indicated plans to use the stolen data for future attacks.

Similarities to Babuk Ransomware

Security experts suspect that Termite might be a rebranding of the notorious Russian-linked Babuk ransomware group, responsible for over 65 attacks and $13 million in ransom payments as per the U.S. Department of Justice. Researchers from Cyble and Broadcom have observed Termite using a modified version of Babuk’s ransomware strain, further linking the two groups.

Operational Disruptions

The attack caused significant operational disruptions for Blue Yonder’s clients, including major UK supermarkets. One of the largest food retailers, Morrisons, faced interruptions in the flow of goods to its nearly 500 stores. This highlights the far-reaching consequences of ransomware attacks on supply chain networks.

Investigation and Customer Communication

Blue Yonder is collaborating with cybersecurity experts to investigate the breach and has informed affected customers. However, the company has not disclosed specific details about the stolen data. Lucy Milburn, a spokeswoman for the UK’s Information Commissioner’s Office, confirmed that Blue Yonder has not yet reported the data breach to the regulator.

Previous Incidents and Lessons Learned

Ransomware attacks continue to impact industries globally. Earlier this year, healthcare company Change Healthcare suffered a massive attack, disrupting millions of billing systems and affecting hospital care. In another case, hackers targeting AT&T accessed tens of millions of phone calls and text messages, with the company reportedly paying $400,000 to secure the stolen data.

The Need for Robust Cybersecurity

These incidents, including the Blue Yonder attack, underline the importance of proactive cybersecurity measures:

  • Updated defenses: Companies must ensure their cybersecurity systems are up to date.
  • Staff awareness: Employees should be trained to recognize phishing attempts and know how to respond to system compromises.
  • Third-party supplier protocols: Organizations should verify the security practices of their suppliers to mitigate risks.

Ransomware attacks can target companies of any size and in any industry, underscoring the need for comprehensive security measures. Businesses must treat these breaches as critical warnings to bolster defenses and safeguard sensitive data.

Conclusion

The Blue Yonder ransomware incident is a stark reminder of the vulnerabilities in supply chain networks. Companies must prioritize cybersecurity to protect their operations, customers, and data. As ransomware attacks grow in scale and sophistication, ensuring robust defenses is no longer optional—it is essential.

Operation Cookie Monster: FBI Seizes Genesis Market Involved in Identity Theft


More than 100 individuals have been detained by the FBI and European law enforcement agencies for being involved in a global cybercrime forum, that apparently aided in some large-scale identity thefts.

According to the US Justice Department, the operation was directed at Genesis Market, an invitation-only crime forum that has been selling information obtained from more than 1.5 million computers worldwide that contains the login information for more than 80 million user accounts over the past five years.

On Tuesday, the FBI carried out raids on the main websites conducting cybercrime activities from more than a dozen countries, from the Netherlands to Australia.

A senior FBI official told reporters on Wednesday that at least some of the arrests took place in the US but declined to provide any more details due to an ongoing investigation. “Victims of Genesis incurred losses that exceed tens of millions of dollars,” the FBI official said.

Reportedly, 45 of 56 FBI field offices across the US were involved in the investigation, with Attorney General Merrick Garland, in a statement calling the cybercrime sting operation “unprecedented” for law enforcement.

According to the seizure notice seen by CNN, the FBI seized the web domains of Genesis Market in response to a court order from the US District Court for the Eastern District of Wisconsin. As per the seizure notice, the FBI called the takedown "Operation Cookie Monster," a pun on the forum's sale of "cookies," or information about web browsers.

The Genesis Market has played a major part in providing cybercriminals access to compromised computers to carry out cyber frauds like identity theft and ransomware attacks.

According to cybersecurity researchers, the crime forum, which has advertised login information for individual bank accounts, was developed out of research that hackers conducted on anti-fraud technologies used by hundreds of banks and payment networks.

Genesis Market also offers "digital fingerprints" for sale, a collection of computer-generated information used to identify specific people online. According to researchers of cybersecurity company Sophos, advertisements on Genesis Market have asserted that a hacked computer's fingerprints will remain current as long as someone has access to it.

The seizure conducted by the FBI is the latest of the many international law enforcement stings that involve coordinated arrests and raids globally.

Genesis Market “was one of the most, if not the most popular marketplace for stolen network and user information[…]Based on my experience, the void will be filled by those who were not arrested,” said Khodjibaev senior threat intelligence analyst at Cisco Talos.

While some claimed cybercriminals are taken offline by arrests, there is however an extensive demand for stolen personal data, which leads to the rapid emergence of new alleged hackers to fill their places.

Hackers Threatened to Leak 80GB of Data Allegedly Stolen From Reddit in February

 


An independent cybersecurity expert and CNN reviewed a post from the BlackCat ransomware gang, also known as ALPHV. The post said the group had stolen 80 gigabytes of confidential data from Reddit during a February breach and claimed to have accessed it. A cyber-security expert and CNN examined the dark web post, and the group claimed it had stolen 80 gigabytes. 

A hacker group in Russia is threatening to release Reddit data if it doesn't pay a ransom demand - as well as reverse the controversial API pricing increases. 

According to the hackers, they demand a ransom of $4.5 million and an API price hike from the company. This is if they hope to prevent data release, which was hacked. 

It appears that phishing attacks allow threat actors to gain access to the company's systems to steal internal documents, source code, employee data, and a limited amount of information about Reddit's advertising partners. 

Reddit spokesperson confirmed that "BlackCat's claims refer to a cyber incident that Reddit confirmed on February 9 as related to BlackCat's claims". During a high-targeted phishing attack carried out at the incident, hackers accessed information about employees and internal documents. 

Information about employees and internal documents was accessed through a targeted phishing attack. It is believed that the company was unaware that the passwords or accounts of customers had been stolen. 

Reddit provided no further information regarding the attack or the culprits. Nevertheless, over the weekend, BlackCat raised the stakes in the February cyber intrusion, claiming responsibility for it. It threatened to leak the "confidential" information obtained during the attack. BlackCat has not shared any evidence of data theft by the hackers, and it's unclear exactly what type of information the hackers have stolen.  

BlackCat has threatened to leak the "confidential" data but there is no sign of what it is supposed to be. They have neither provided evidence of data theft nor evidence to back up their claim. 

CTO of Reddit Chris Slowe recently talked about a security incident that happened in February, and he posted about the incident here. Throughout the post, Slowe said that, as a result of a highly targeted and sophisticated phishing attack, the company's "systems were hacked," with hackers gaining access to "some internal documents, code, and some internal business systems." The hackers only obtained employee information, according to Slowe.

In a statement to CNN on Monday, a Reddit spokesperson confirmed that BlackCat's post refers to the incident in February. No user data was accessed, according to the spokesperson, but he refused to elaborate further on the matter. 

Several Reddit forums remained dark last Monday during the planned two-day protest. This was intended to highlight the company's plan to charge steep fees for third-party apps to access the company's platform in the future. 

There are still more than 3,500 Reddit forums unresponsive a week after the attack happened. Some experts argue that BlackCat's actual motives are questionable while some are sympathetic to the protestors' cause based on the ransom note. 

This is the second Reddit data breach in six years. This time, the attackers could access Reddit data dating back to 2007. A user's username, hashed password, email address, and the content of public posts and private messages were included in that report. 

In February, hackers reportedly stole 80GB of data from Reddit and threatened to leak it in three days as part of their threat. In response to the breach, Reddit acknowledged the incident and is actively investigating the matter. A ransom demand has been made by the hackers, who have warned that if they are not paid, the thieves will release sensitive information about their victims.

As of right now, it is impossible to verify the authenticity of stolen data. There are persistent cyber threats that online platforms face daily. This incident reminds us of the importance of robust security measures against such threats. Reddit is striving to improve its privacy and security protocols, and users are advised to remain vigilant at all times.

The United States and the West are Afraid of Possible Cyber Attacks by Russian Hackers

 

According to CNN, the FBI has warned American businessmen about the growth of possible cyberattacks using ransomware by Russian hackers against the background of sanctions that US President Joe Biden imposed against Russia in connection with the situation around Ukraine. 

Earlier, Jen Easterly, head of the U.S. Agency for Cybersecurity and Infrastructure Protection, said that Russia might consider taking measures that could affect critical U.S. infrastructure in response to U.S. sanctions. She urged all organizations to familiarize themselves with the steps the agency has developed to mitigate cybersecurity risks. In addition, David Ring, head of cybersecurity at the FBI, said that Russia is allegedly a favorable environment for cybercriminals, which will not become less against the background of the confrontation between Russia and the West over the situation around Ukraine. According to CNN, briefings on such topics have been held by the FBI and the Department of Homeland Security for the past two months. 

It is important to note that Polish Prime Minister Mateusz Morawiecki decided to introduce a special high-level security regime for telecommunications and information technology in the country. 

On February 21, he signed a decree introducing the third level of the Charlie– CRP warning throughout the country. This level is introduced if there is an event confirming the probable purpose of a terrorist attack in cyberspace or if there is reliable information about a planned event. 

The Polish Law on Anti-terrorist actions provides that in the event of a terrorist attack or its threat, the head of government may introduce one of four threat levels: Alfa, Bravo, Charlie, and Delta. The highest level, Delta, can be announced if a terrorist attack occurs or incoming information indicates its high probability in Poland. 

Similar levels marked with CRP relate to threats in cyberspace. They are introduced to strengthen the control of the security level of information systems in order to monitor the possible occurrence of violations in their work. 

The Russian Federation has repeatedly rejected the accusations of Western countries in cyberattacks, calling them unfounded, and also stated that it is ready to cooperate on cybersecurity. 

Earlier, CySecurity News reported that CNN reported citing US administration sources that representatives of the White House, US intelligence, the US Department of Homeland Security (DHS), and other agencies have discussed preparations to repel cyber attacks that could be carried out in the United States and Ukraine.

The USA will Continue to Support Ukraine in Ensuring Cybersecurity

 

The U.S. authorities will continue to support Ukraine aimed at improving its cybersecurity. U.S. Undersecretary of Homeland Security Robert Silvers said Thursday. 

He claimed at an online cybersecurity conference that they have been warning publicly and privately for months that cyberattacks could be part of a large-scale Russian effort to destabilize and invade Ukraine. “Of course, we offer support to Ukraine to help Ukraine strengthen its cyber defenses. We will continue to do so in the days ahead." 

According to Silvers, the American side also works closely with other international partners and strengthens its own security. "At the moment, there are no specific and credible threats [from the Russian Federation] to the United States [in cyberspace], however, we, of course, are attentive to the fact that Russia may consider [options] for escalation in ways that may have an impact on other [countries] outside Ukraine. So we are actively working here in the US with industry representatives, with owners and operators of critical infrastructure to strengthen protection," he added. 

The Washington Post newspaper in its article reported on hackers associated with Russia, who, if necessary, will bring down many networks of Ukraine. At the same time, the publication refers to American intelligence data. "We don't know if they intend to do this. But we are working with Ukraine to strengthen their cyber defense," the unnamed official's words are quoted in the article. 

On Tuesday, the Information Security Center of Ukraine announced a DDoS attack on the websites of the Ministry of Defense, the Armed Forces, state Privatbank and Oschadbank. White House Press Secretary Jen Psaki noted at a briefing on Wednesday that Washington is not yet ready to say who the US authorities consider responsible for these cyberattacks. The press secretary of the President of the Russian Federation Dmitry Peskov said earlier that Russia has nothing to do with cyberattacks in Ukraine. 

CNN Learned About the Preparation of the US Authorities to Repel Cyber Attacks from Russia

 

CNN reported citing US administration sources that representatives of the White House, US intelligence, the US Department of Homeland Security (DHS), and other agencies have discussed preparations to repel cyber attacks that could be carried out in the United States and Ukraine. 

According to the interlocutors of the TV channel, the meeting at the interdepartmental level took place on Friday, February 11, in the format of a videoconference. It discussed the measures that the U.S. leadership in cooperation with private companies could take in various areas of the economy in case of "a potential attack by cybercriminals or government-linked" hackers. 

In addition, there was a discussion of the "possible increase in ransomware attacks on U.S. companies" that "Russian-speaking hackers" allegedly might carry out. The issue of providing cybersecurity support to Ukraine was also raised, where, according to sources, there is a "concrete, credible threat" of attacks on infrastructure facilities. No such threat currently exists in the United States. A CNN source stressed that the administration was working on steps in case the situation changed for the worse. 

In mid-January, unknown hackers attacked at least 70 state websites of Ukraine, including portals of the Cabinet of Ministers, the Ministry of Education, the Ministry of Foreign Affairs, the Ministry of Sports, and other departments An appeal in Ukrainian, Russian and Polish appeared on them, the authors of which urged Ukrainian citizens "to fear and wait for the worst. In Ukraine, they believe that Russia is involved in the incident. The US said that the attack was carried out "according to the Russian scheme." On January 16, Russian presidential spokesman Dmitry Peskov said that Moscow had nothing to do with the incidents. He noted that no evidence of Moscow's culpability has been provided. 

White House Press Secretary Jen Psaki noted that the United States is in contact with Ukraine regarding the incident, and also offered its assistance in the investigation. According to her, Washington, their allies, and partners are "concerned about this cyberattack." 

Western media and officials have been speculating about an impending Russian invasion of Ukraine since the fall of 2021. Washington and Brussels threaten Moscow with new sanctions in case of an invasion. On February 9, Politico newspaper reported that U.S. senators suggested adding to the bill on sanctions against Russia the possibility of imposing restrictions "for cyberattacks" on Ukraine.

Uber Working with AI to Determine the Probability of Drunken Passengers



Recently according to CNN, the Uber Innovation Inc. documented a patent for a machine learning application that could precisely foresee a user's condition of sobriety and caution the driver with this information. Because apparently Uber is taking a shot at innovating a technology that could decide exactly just how drunken passengers are when requesting for a ride.

The patent application depicts artificial intelligence that figures out how passengers commonly utilize the Uber application, so it can better spot uncommon behaviour in light of the fact that, various Uber drivers have been physically assaulted by passengers as of late, a significant number of whom were inebriated.

The application's algorithms measure various factors that indicate that the passengers are most likely inebriated it incorporates typos, walking speed, how correctly the passengers press in-app buttons, and the amount of time it takes to arrange a ride. Somebody messing up most words, swaying side-to-side and taking at most 15 minutes to arrange for a ride late on Saturdays.

Uber's patent says that it could, possibly, utilize the innovation to deny rides to users in light of their current state, or maybe coordinate them with different drivers with pertinent abilities and training.

The application is said to likewise increase the wellbeing for both the rider as well as the driver.

As per an ongoing CNN investigation, no less than 103 Uber drivers have been blamed for sexually assaulting or abusing passengers in just the previous four years. Now, while the application won't stop the ruthless idea of a few people, it can definitely help in accurately recognizing disabled people so they can be placed with trusted drivers or those with experience in commuting inebriated passengers.