Here’s your Cyber Security Incidents Update for wk28 2024
(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)
-Organisation
⦿ Evolve Bank & Trust, Arkansa, USA (this was the breach that criminals falsely claimed to be of the US Federal Reserve)
-Data compromised
⦿ Names, Social Security numbers, bank account numbers, and contact information of 7.6 MILLION individuals
-Initial access
⦿ "An employee clicked on a malicious link which resulted in access to Evolve's database and file shares which were then downloaded"
-Possible Prevention
⦿ Security Awareness Training (sometimes one click by one employee is enough to compromise a whole organisation)
-Organisation
⦿ Data breaches at third-party contractors leaked the personal and contact details of thousands of Nokia and Microsoft employees (important to note that neither organisation was directly compromised)
-Data compromised
⦿ Nokia: Job title; Full name; Company name; Country and State; Direct and corporate phone numbers; and email addresses of 7,528 employees
⦿ Microsoft: Job title; Full name; City, State, and Country; Links to LinkedIn profiles; Company phone number; Direct and corporate phone numbers; and email addresses of 2,047 employees
-Although passwords and payment data were not included in the breaches the leaked data can be exploited for identity theft and targeted phishing attacks
-Organisation
⦿ FIA (Fédération Internationale de l'Automobile), the governing body for Formula 1 and other racing classes
-Data compromised
⦿ "The organisation has yet to disclose when the breach was detected, how many individuals' personal information was accessed, and what sensitive data was exposed or stolen in the incident" (how unlike the FIA to be secretive 🤦♂️)
-Initial access
⦿ "attackers gained access to personal data after compromising several FIA email accounts in a phishing attack"
-Possible Prevention
⦿ Security Awareness Training
One piece of good news 👍:
(actually two this week to make up for being unable to find something last week, despite scouring the WHOLE of the World-wide Web 😉)
⦿ Vyacheslav Igorevich Penchukov was sentenced in the US to nine years in prison plus three years of supervised release for helping to operate the Zeus banking malware and then the IcedID (aka Bokbot) infostealer
⦿ Two internet domains have been seized by the US DoJ that were being used to spread Russian disinformation on social media via Bots
One final note:
The sensitive information of millions of customers has been exposed in a data breach
While normally I would have sympathy for customers whose data is revealed, less so for the organisation that doesn't protect the data, in this case I have different feelings
This breach affected users of a spyware application for phones, mSpy. This type of software is frequently used to track a partner or ex-partner in what are sadly, often, abusive relationships. For these customers, my sympathy evaporates