Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity Incident. Show all posts
supply chain software
Blue Yonder Cyber Security Cybersecurity Incident manual payroll Ransomware attack Starbucks scheduling issues supply chain software

Ransomware Attack on Blue Yonder Disrupts Starbucks' Scheduling and Payroll Systems

 

Blue Yonder, a vital provider of supply chain management software, experienced a ransomware attack that has disrupted Starbucks’ scheduling and payroll systems. As a result, the coffee chain is temporarily relying on manual methods to manage these processes.

The attack, which began on November 21, 2024, has not affected Starbucks' customer service or store operations. Store managers are using pen and paper to track employee hours due to the disruption of the back-end systems responsible for scheduling and time management.

The incident has caused problems in other sectors as well. In the UK, supermarket chains such as Morrisons and Sainsbury’s reported interruptions in their warehouse management systems. However, they managed to mitigate the impact by activating backup systems.

Blue Yonder has engaged external cybersecurity experts to address the breach and has deployed enhanced defensive measures. The company has yet to provide a definitive timeline for restoring its services. The event highlights the heightened vulnerability of supply chain systems during the busy holiday season. Blue Yonder’s clients include:
  • 46 of the top 100 manufacturers
  • 64 of the top 100 consumer product goods companies
  • 76 of the top 100 global retailers

This attack follows a series of cybersecurity incidents targeting major food service companies earlier this year, including McDonald’s and Panera. Panera’s incident even led to a class action lawsuit after employee data was compromised.

“We are working around the clock to respond to this incident and continue to make progress. There are no additional updates to share at this time with regard to our restoration timeline following our post yesterday,” stated Blue Yonder in an official report.

The timing of this breach is notable, as 86% of ransomware attacks reportedly occur during holidays or weekends. In 2023 alone, cybercriminals extorted $1.1 billion in ransom payments worldwide, despite increasing countermeasures.

The incident comes at a challenging time for Starbucks’ new CEO, Brian Niccol, who is already grappling with three consecutive quarters of declining sales. The company remains focused on maintaining seamless customer service and ensuring fair employee compensation during this crisis.
Read more »
Windows reboot loop
Azure outage CrowdStrike CrowdStrike outage Cyber Security Cybersecurity Incident faulty software update global IT crisis Windows Windows reboot loop

Recent IT Meltdown: CrowdStrike Update Causes Global Chaos, Predicted Hours Earlier on Reddit

 

Only a few times in history has a single piece of code instantly wreaked havoc on computer systems globally. Examples include the Slammer worm of 2003, Russia’s NotPetya cyberattack targeting Ukraine, and North Korea’s WannaCry ransomware. However, the recent digital catastrophe over the past 12 hours wasn't caused by hackers, but by the software meant to protect against them.

Two major internet infrastructure issues converged on Friday, causing widespread disruptions across airports, train systems, banks, healthcare organizations, hotels, and television stations. The trouble began on Thursday night with a widespread outage on Microsoft's cloud platform, Azure. By Friday morning, things worsened when CrowdStrike released a flawed software update, causing Windows computers to reboot repeatedly. Microsoft stated that the two failures are unrelated.

The cause of one disaster was identified: a faulty update to CrowdStrike’s Falcon monitoring product. This antivirus platform, which requires deep system access, aims to detect malware and suspicious activity. However, the update inadvertently caused the system to crash. Mikko Hyppönen of WithSecure noted that this is unprecedented in its global impact, although similar issues were more common in the past due to worms or trojans.

CrowdStrike CEO George Kurtz explained that the problem was due to a defect in the code released for Windows, leaving Mac and Linux systems unaffected. A fix has been deployed, and Kurtz apologized for the disruption. CrowdStrike’s blog revealed that the crash was caused by a configuration file update aimed at improving Falcon’s malware detection capabilities, which triggered a logic error leading to system crashes.

Security analysts initially believed the issue was due to a kernel driver update, as the file causing the crash ended in .sys, the extension for kernel drivers. Despite CrowdStrike clarifying that it wasn’t a kernel driver, the file altered the driver’s functionality, causing the crash. Matthieu Suiche of Magnet Forensics compared the risk of running security software at the kernel level to “open-heart surgery.”

Microsoft requires approval for kernel driver updates but not for configuration files. CrowdStrike is not the first to cause such crashes; similar issues have occurred with updates from Kaspersky and Windows Defender. CrowdStrike’s global market share likely contributed to the widespread impact, potentially causing a chain reaction across web infrastructure.

The outages had severe consequences worldwide. In the UK, Israel, and Germany, healthcare services and hospitals faced disruptions, while emergency services in the US experienced issues with 911 lines. TV stations, including Sky News in the UK, had to stop live broadcasts. Air travel was significantly affected, with airports using handwritten boarding passes and airlines grounding flights temporarily.

The incident highlights the fragility and interconnectedness of global digital infrastructure. Security practitioners have long anticipated such vulnerabilities. Ciaran Martin of the University of Oxford noted the event’s powerful illustration of global digital vulnerabilities.

The update’s extensive impact puzzled experts. CrowdStrike’s significant market share suggests the update triggered crashes in various parts of the web infrastructure. Hyppönen speculated that human error might have played a role in the update process.

As system administrators work to fix the issue, the larger question of preventing similar crises looms. Jake Williams of Hunter Strategy suggested that CrowdStrike’s incident might prompt demands for changes in how updates are managed, emphasizing the unsustainability of pushing updates without IT intervention.

Redditor Predicted CrowdStrike Outage Hours Before Global IT Chaos

A Reddit user, u/King_Kunta_, predicted vulnerabilities in CrowdStrike's systems just hours before the company caused a massive global IT outage. The user called CrowdStrike a "threat vector," suggesting it was susceptible to exploits that could lead to widespread damage. Initially, users dismissed the claims, but their tune changed dramatically after the outage occurred.

One commenter noted, "He tells us that CrowdStrike is a threat vector. A few hours later, every computer in the world with the CrowdStrike client installed goes blue screen. The single biggest global PC system collapse in history. Just uncanny."

Amidst the chaos, CrowdStrike's CEO George Kurtz reassured the public via X (formerly Twitter), stating, "Today was not a security or cyber incident. Our customers remain fully protected," and confirming that the issue was due to an update error, not a cyberattack.

Despite reassurances, many were left suspicious and impressed by the timing and accuracy of the Reddit post. One user aptly summed up the sentiment: "There’s no way the timing of this crazy post aligns so perfectly."
Read more »
post-breach strategies
breach containment breach recovery Cybersecurity Cybersecurity Incident cybersecurity resilience Data Breach Data Compromise identity data incident response planning post-breach strategies

Emphasizing Post-Breach Strategies in Cybersecurity

 

Cybersecurity discourse heavily emphasizes prevention, yet often neglects post-breach strategies. While we invest significant effort in establishing protocols to avert attacks, breaches remain an unavoidable reality. The "IBM Cyber Security Intelligence Index" report highlights human error as a leading factor in 95% of breaches worldwide, underscoring the significance of swift identification and mitigation.

In the event of a breach, promptly gathering pertinent information is paramount. Understanding the extent of the breach, often facilitated by access to organizational identity data, enables quick containment by disabling compromised accounts. This proactive measure mitigates further damage, as attackers commonly exploit initial access to seek additional vulnerabilities.

Addressing breaches goes beyond initial help desk notifications. Temporary account provisions and the temporary suspension of Single Sign-On (SSO) services safeguard against unauthorized access to sensitive data while the situation is managed. However, ultimate accountability lies with executive leadership, necessitating transparent communication with stakeholders and proactive security training initiatives.

Post-breach recovery, termed the "right of boom," demands meticulous incident response planning, data backup, and cybersecurity strategy redevelopment. Achieving visibility across organizational user access, particularly in modern, cloud-based environments, requires a platform-based approach for comprehensive oversight and timely issue resolution.

Acknowledging the inevitability of breaches, businesses can fortify their resilience by implementing these four steps, facilitating effective recovery and future readiness. Only by integrating robust post-breach measures can organizations confidently navigate the evolving cybersecurity landscape alongside preventative strategies.
Read more »
Willis Lease Finance
Black Basta Ransomware Cyber Security Cybersecurity Incident Data Breach Jet engines major airlines SEC filing unauthorized activity Willis Lease Finance

Dealers of Jet Engines to Major Airlines Reveals 'Unauthorized Activity'

 

The Willis Lease Finance Corporation has disclosed to US regulators that it was targeted in a "cybersecurity incident," with data allegedly taken from the company being shared on the Black Basta ransomware group's leak blog.

In a filing submitted to the Securities and Exchange Commission (SEC) on February 9, the publicly listed company on NASDAQ stated that it became aware of a potential breach on January 31, prompting immediate action to address the situation.

According to the filing, the company initiated an investigation into the incident with the help of leading cybersecurity experts, taking measures to contain and address the activity, including temporarily shutting down certain systems. The company reported no unauthorized activity after February 2, 2024, and believes it has successfully contained the breach.

During the period when systems were offline, the company acknowledged resorting to alternative methods to maintain operations and serve customers, although specific details were not provided.

Willis Lease Finance also stated it is still evaluating the extent of the breach and whether any data was compromised. Law enforcement has been notified about the breach.

Although the company refrained from explicitly mentioning "ransomware" or "attack" in its disclosure, the presence of passport scans on Black Basta's website suggests that the investigation into potential data theft may yield results soon.

The ransomware group claims to have obtained 910 GB of company data, including information about customers, employees, HR records, non-disclosure agreements (NDAs), among others. Black Basta published a selection of documents online, including screenshots of accessed files, HR documents containing social security numbers, and identity documents such as passports.

Attempts to match names on these documents with online profiles revealed matches predominantly in the US and UK, along with some from other countries.

Efforts to reach Willis Lease Finance for comment were unsuccessful at the time of reporting.

Established for over 45 years, Willis Lease Finance describes itself as a leading independent provider of jet engines to major airlines worldwide.

Black Basta, known for its high-profile ransomware attacks, is linked to the now-defunct Conti group and is believed to have amassed over $100 million from its victims, including major organizations like Capita and Southern Water in the UK.
Read more »
Privacy Breach
affected individuals CBS parent company Cybersecurity Incident Data Breach Online Security Paramount hack Privacy Breach

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.
Read more »
Taj Hotels data breach
CERT-In customer data compromise Cybersecurity Incident Data Breach Dnacookies hack Taj Hotels data breach

Taj Hotels Faces Data Breach, Revealing Data of 1.5 Million Customers

 

The cybersecurity landscape witnessed a recent data breach that sent shockwaves through the esteemed Taj Hotels chain. Perpetrated by the group "Dnacookies," the hack has potentially impacted more than 1.5 million consumers, prompting heightened concerns about data security, customer privacy, and the overall state of digital defenses within the hotel industry.

According to reports from CNBC-TV18, the compromised data spans a six-year period, ranging from 2014 to 2020. The exposed information includes addresses, membership IDs, mobile numbers, and other personally identifiable details. Despite the hacker's claim that the dataset is "non-sensitive," the reality is that any compromise of personal information can expose individuals to various risks, from identity theft to financial fraud.

The Indian Hotels Company Ltd. (IHCL), the entity overseeing Taj Hotels, promptly responded to the breach. A spokesperson for IHCL acknowledged the situation, emphasizing that the compromised customer data is deemed non-sensitive. However, the company is taking the incident seriously, initiating an investigation and notifying relevant authorities. A commitment to continuous system monitoring is deemed crucial to prevent further unauthorized access.

The severity of the situation is highlighted by the participation of the Indian Computer Emergency Response Team (CERT-In), a government agency responsible for addressing and mitigating cybersecurity incidents in India. CERT-In's involvement suggests that the breach extends beyond a concern for Taj Hotels, carrying broader implications for national cybersecurity.

"Dnacookies" has articulated specific demands, introducing complexity to an already intricate situation. The insistence on a middleman for negotiations, an all-or-nothing approach to data release, and a refusal to provide additional samples hint at a calculated and methodical strategy, raising questions about the motives behind the breach—whether purely financial or with more insidious intentions.
 
Beyond immediate concerns about breached data, the incident poses potential ramifications for both individuals and Taj Hotels. Affected customers face an increased risk of identity theft and financial fraud. Moreover, the reputation of Taj Hotels, synonymous with luxury and trust, is at stake. Customer trust in the overall security measures of the hospitality industry may be compromised.

Taj Hotels and similar establishments find themselves at a critical juncture in reassessing and strengthening their cybersecurity procedures as the investigation unfolds. This involves implementing sophisticated encryption techniques, regularly updating security systems to address new threats, and providing comprehensive training to staff members to raise awareness and prevent security lapses. Staying ahead of cyber threats necessitates collaboration with cybersecurity specialists and government organizations, exemplified by CERT-In's active engagement.
:
The Taj Hotels data breach underscores the intrusive and dynamic nature of cyber threats. Data security should be a primary concern for all businesses, particularly those in the hospitality industry where digital interactions are integral to modern life. The industry at large is urged to learn from the Taj Group's experience, bolster cybersecurity protocols, and collaborate to ensure digital infrastructure resilience against evolving cyber threats.
Read more »
world's biggest bank
Cyber Attacks Cybersecurity Incident ICBC cyberattack Treasury markets disruption world's biggest bank

World's Largest Bank, China's ICBC, Faces Cyberattack Causing Disruption in Treasury Markets

 

t
The U.S. Treasury Department, addressing a cybersecurity concern, informed CNBC that it is actively engaged with key players in the financial sector and federal regulators, maintaining continuous vigilance on the situation. Meanwhile, ICBC, a major Chinese bank, asserted that the cyber incident impacting its U.S. financial services arm did not extend to its operations in China or other affiliated institutions globally.

In response to the attack, Wang Wenbin, the spokesperson for China’s Ministry of Foreign Affairs, stated that ICBC is working to mitigate the impact and losses incurred. He emphasized the bank's effective emergency response and supervision during a regular news conference.

As for the ransomware attack, the perpetrator remains unidentified, and ICBC has not disclosed the responsible party.. Cybersecurity experts, including Marcus Murray from Truesec, identified the ransomware as LockBit 3.0. However, tracing the origin of such attacks is challenging due to hackers' sophisticated techniques to conceal their identities.

LockBit 3.0, known for its modularity and evasiveness, poses difficulties for security researchers. The malware's unique password requirement for each instance makes analysis challenging, according to the VMware cybersecurity team. The Cybersecurity and Infrastructure Security Agency describes LockBit 3.0 as a highly adaptable and elusive threat, complicating detection.

LockBit, the group behind the ransomware, operates on a "ransomware-as-a-service" model, selling its malicious software to other hackers, known as affiliates. The group, led by "LockBitSup" in online forums, claims to be based in the Netherlands and asserts a non-political motivation. LockBit has a history of targeting small and medium-sized businesses, and data from cybersecurity firm Flashpoint indicates that it accounts for approximately 28% of known ransomware attacks.

The group has previously claimed responsibility for ransomware attacks on prominent entities such as Boeing and the U.K’s Royal Mail. In June, the U.S. Department of Justice charged a Russian national for involvement in deploying LockBit ransomware and other cyberattacks globally, revealing the extent of the group's activities and financial gains.
Read more »
unknown third party
000 customers 665 Cyber Threats Cybersecurity Incident Data Breach Data protection Investigation Marina Bay Sands Personal Information Singapore unknown third party

Marna Bay Sands: Data of 665,000 Customers Hacked by Unknown Third Party

 

Singapore is renowned for maintaining stringent cybersecurity and data protection standards in the region. Companies in the country are keenly aware of their responsibility to safeguard cybersecurity, particularly concerning data privacy. In the event of cybersecurity incidents, organizations promptly notify both customers and regulators, implementing swift plans to rectify the situation. 

Recently, Marina Bay Sands (MBS) encountered a data leak involving the personal information of approximately 665,000 members in its shoppers' rewards program, prompting a rapid response from the company.

MBS took immediate action, informing members of its Sands LifeStyle program via email on November 7th about the data leak that occurred between October 19th and 20th. The resort disclosed its awareness of the incident on October 20th and initiated investigations. 

The inquiry revealed that an unidentified third party had accessed the personal data of the affected members. Paul Town, MBS's Chief Operating Officer, reassured members that, as of the investigation's findings, there is no evidence indicating misuse of the data by the unauthorized third party.

The compromised personal data included members' names, email addresses, contact details, country of residence, membership numbers, and tiers. MBS advised affected users to closely monitor their accounts for suspicious activity, change login pins regularly, and stay vigilant against phishing attempts. The company reported the data leak to relevant authorities in Singapore and other applicable countries, collaborating with them in their investigations.

Despite a decline in cybersecurity incidents in Singapore earlier in the year, recent weeks have witnessed an increase in such occurrences. Between the first quarter of 2020 and the first quarter of 2023, data breach statistics in Singapore showed significant fluctuations in the number of exposed records. Besides the MBS data leak, a recent incident involved web service outages in public hospitals and polyclinics due to a distributed denial-of-service (DDoS) attack.

While some might draw parallels between the MBS data leak and recent ransomware attacks on Las Vegas casinos, the situations differ. Unlike the ransomware incidents at Caesars Palace and MGM, MBS did not report any ransom demands. The company asserts that only the personal data of its members was compromised, without any disruption to services. However, the stolen data holds significant value on the dark web. The exact cause of the MBS data leak and whether other data was compromised remains to be determined.
Read more »
Subscribe to: Posts (Atom)