Monthly Round Up for the month of November 2024

Insurance Administrator Landmark Admin Ransomware Data Breach Impacted Over 800,000 People

Landmark Admin, a third-party insurance administrator, has confirmed a data breach. The May 2024 ransomware attack affected nearly one million customers. “The forensic investigation determined that data was encrypted and infiltrated from Landmark’s system,” the company said.

Canada faces a cybersecurity crisis with critical infrastructure at risk

From energy grids to health-care systems, our nation’s most essential assets face a growing range of sophisticated threats. These threats come from both state and non-state actors.

500,000 Ohio Residents Exposed In Data Breach

A July ransomware attack on the city of Columbus, Ohio, exposed the personal information of approximately 500,000 residents. This incident marks one of the most substantial cyber attacks involving a U.S. city. The Rhysida ransomware group is attributed to the attack. It has drawn attention due to the extent of the data stolen. It also highlights the controversial response from city officials.

Cyberattack on American Water: A warning to critical infrastructure

American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident. This incident forced the company to disconnect key systems. These systems included its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector. The sector has increasingly become a target for cyberattacks.

Hacker Behind Snowflake Data Breach Arrested in Canada

Authorities have arrested a man suspecting him to be the hacker responsible for this year’s wave of data breaches. These breaches involve Snowflake, a popular cloud-based data platform. The arrest occurred in Canada.

The arrest marks a significant breakthrough in high-profile cyberattacks affecting major companies, including AT&T, Ticketmaster, and LendingTree.

The hacker uses the pseudonyms “Judische” and “Waifu” online. Authorities believe they are linked to more than 165 breaches of Snowflake instances.

SETU Confirms Cyberattack on Waterford Campus, Classes Set to Resume with Limited Services

Ireland’s South East Technological University (SETU) has disclosed a cybersecurity incident. It affects its Waterford campus. This incident has temporarily halted classes and disrupted IT services. The university’s internal IT team is working with external cybersecurity experts. They aim to resolve issues related to the SETU cyberattack. Their goal is to minimize disruptions.

Cyber-Attack on Microlise Disrupts DHL and Serco Tracking Services

A cyber-attack targeted telematics provider Microlise. It disrupted tracking services for key clients like DHL and Serco. The attack also exposed some employee data.

The company, which supplies asset-tracking software to large corporations, announced the breach on October 31. Following the disclosure, Microlise’s stock price dropped by 16%. The company has been working to restore its systems by the end of the week.

The attack compromised “some limited employee data,” according to Microlise’s statement to the London Stock Exchange. The company has indicated that customer data was not affected.

Schneider Electric investigating cyber intrusion after threat actor gains access to platform

• Schneider Electric said on Monday that it is investigating a cyber incident. This follows claims by a suspected threat actor who alleges gaining access to company data.
• A spokesperson for the French multinational company reported the incident. It involved “unauthorized access to one of our internal project execution tracking platforms.” This platform is hosted within an isolated environment. The firm has extensive operations in the U.S. 
• The company immediately mobilized its global incident response team. The spokesperson said the company’s products and services were not affected by the incident.

Newpark Resources hit by ransomware; activates cybersecurity response

Texas-based oilfield services supplier Newpark Resources detected a ransomware attack by an unauthorized party accessing internal systems. The company activated its cybersecurity response plan and began investigating with external advisors to assess and contain the threat. However, the ransomware incident disrupted access to some of the company’s information systems and business applications. Manufacturing and field operations continued using downtime procedures.

“On October 29, 2024, the Company detected a ransomware cybersecurity incident (‘Incident’). Newpark Resources disclosed the breach in an SEC filing last week. An unauthorized third party gained access to certain of the Company’s internal information systems.” “Upon detection, the Company activated its cybersecurity response plan. The Company launched an investigation internally. They received support from external advisors to assess and to contain the threat.”

Cyberattack on Microlise hits operators triggering call for stronger continuity plans

Third party cyber attacks present a challenge for all logistics operators. Europa Worldwide has warned about this issue. Even operators vigilant to security breaches face difficulties because of attacks like the one that hit Microlise services last week.

IT experts continued to secure the systems affected by the attack on Halloween. This attack left Microlise’s tracking system disabled. Europa told Motor Transport that mitigating against third-party incidents was particularly difficult. This difficulty was due to their extensive reach.

Chinese Hackers Breach Telecom Security

Experts reveal vulnerabilities exploited during attacks on personal devices of high-profile individuals

Chinese hackers have been making headlines lately, gaining notoriety for their increasingly bold operations targeting telecommunications networks around the globe. The most recent reports indicate a significant breach involving the personal devices of high-profile individuals, including former President Donald Trump. This alarming development highlights vulnerabilities within telecom infrastructure, raising concerns over the security of personal communications.

Experts have pointed out serious flaws within various telecommunications companies. This includes those operating within Australia. These companies could be susceptible to these types of breaches. The hacking attempts involved threat actors linked to the Chinese state. They did not just steal data but also aimed to monitor communications. Such tactics opened up discussions about the security protocols currently employed by telecom operators.

CrowdStrike’s massive IT outage: Wake-up call for businesses to rethink cybersecurity and insurance

In July 2024, CrowdStrike, a cybersecurity leader, conducted a routine software update. This update unexpectedly caused a massive IT outage. The outage rippled through industries worldwide. Over eight million computers were impacted, and sectors as varied as banking, healthcare, media, and aviation saw halted operations. Although this incident resulted from a software glitch, not a malicious cyberattack, it raised critical questions for businesses. How do they handle digital risks? How ready are they to recover when unforeseen disruptions strike?

CrowdStrike acted quickly to manage the issue, yet the outage highlighted a sobering reality—no system is completely immune to errors. Today’s businesses need to rethink their approach in terms of cybersecurity. They must also consider comprehensive insurance coverage that addresses the complexity of today’s digital landscape.

Nokia Security Breach Leaks Source Code, Login Credentials, Keys and More; Hacker Sells Data To Special Buyers

The threat actor claims the stolen data includes SSH keys and source code files. It also includes RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials. The compromised repository also contained Python source code as well as JavaScript, JSON, and PHP files.

Besides exposing the company’s internal secrets, threat actors could reveal product security vulnerabilities. They could abuse exposed credentials to carry out more cyber attacks. Compromised credentials are among the top causes of potent cyber attacks, including ransomware.

Amazon Confirms Data Breach Linked to MOVEit Vulnerability

Amazon has confirmed a data breach involving employee information. A third-party vendor’s vulnerability caused this breach. The vulnerability exposed contact details like work email addresses, desk phone numbers, and building locations.

Amazon attributed the breach to the widely exploited vulnerability in the MOVEit file transfer software, developed by Progress Software. Amazon reassured customers that its internal systems, including Amazon Web Services (AWS), remained uncompromised.

Maxar Space Systems Suffers Data Breach, Hackers Gain Unauthorized Access

Maxar Space Systems is a leading provider of space technology and geospatial intelligence. It has recently fallen victim to a significant cybersecurity incident.

On October 11, 2024, the company’s information security team made a discovery. A hacker operating from a Hong Kong-based IP address had successfully targeted and accessed a Maxar system. This system contained sensitive employee data.

The breach, which is believed to have lasted for approximately one week before detection, exposed various categories of personal information.

Affected data includes home addresses, social security numbers, business contact details, employee numbers, job titles, and employment dates.

However, the company has confirmed that no bank account information or dates of birth were compromised in the incident. Besides this, researchers at IDX observed that Maxar discovered the unauthorized access. They immediately took action to prevent further intrusion and secure their systems.

T-Mobile hit by alleged Chinese cyber attack in major data breach

T-Mobile has confirmed a significant cyber attack. Chinese state-sponsored hackers allegedly carried out the attack. This marks the latest in a series of breaches targeting major telecom providers globally.

The breach was disclosed on November 16. Initial investigations reveal the attackers gained unauthorised access to the company’s systems. They exposed sensitive customer data and internal communications.

The attack has been linked to advanced persistent threat (APT) groups with alleged ties to the Chinese government.

Starbucks Hit by Ransomware Attack Via Third-party Software Supplier

A ransomware attack hit Blue Yonder. This company is a critical supply chain management software provider. The attack forced Starbucks to revert to manual processes. These processes manage employee schedules and payroll systems.

The incident, which began on November 21, 2024, has not affected customer service or store operations.

Store managers are now using pen and paper to track employee hours. The attack disrupted the company’s back-end scheduling. It also affected time management processes.