Thanks to all 11,856 subscribers. It really takes a community to fight against cyberattacks. By sharing these newsletters, we can reach more people and help others from becoming a statistic. Share the post in the top right corner.
Also, follow me on LinkedIn for daily cyber security discussions >> Luigi Tiano.
US authorities hacked the ransomware group called Hive. Hive is notorious for hacking hospitals and schools and responsible for extorting over $100 million, US authorities seized Hive’s servers. The investigation has been going on since last year. It was not announced whether members of the group will be held responsible.
“In a 21st-century cyber stakeout, our investigative team turned the tables on Hive,” the deputy attorney general, Lisa Monaco, said at a news conference announcing the seizure at department headquarters in Washington. “Using lawful means, we hacked the hackers.” (theguardian)
My thoughts: It was estimated that ransomware costs the US government almost $1 billion yearly. Taking down a ransomware group is a huge effort and is great to save costs, and keep people safe. We can only presume and hope government agencies are working on taking down other groups as well.
Coinigy is a SaaS product that tracks your digital wallets. It came forward to customers announcing of the Zendesk hack. Zendesk, the customer relationship management solution, had emailed their customers about the breach to each of their customers who may have been affected.
"Zendesk determined that Service Data belonging to your coiningy.zendesk.com account may have been in the (exposed) unstructured logging platform data," the email from Zendesk explained. "There is no evidence suggesting the threat actor accessed the Zendesk instance of your coiningy.zendesk.com account at any time."
Zendesk explained that their email to Coinigy was the result of an SMS phishing campaign targeting Zendesk employees.
It is unknown if other Zendesk customers were affected (darkreading)
My thoughts: When it comes to public relations, you want to take control of the narrative. In this case, Zendesk shied away from the media and I think, were a bit too secretive about this matter. We don’t even know if it affected any other Zendesk customers. As a large corporate software, Zendesk customers need to start asking more questions before this escalates.
Yum! Brands include KFC, Pizza Hut and Taco Bell. The parent company confirmed a ransomware attack in the United Kingdom. Yum! Brands initiated incident response protocols after discovering leaked company data. As a result, 300 restaurants were shut down for a day. Investigations have started, but they aren’t sure any customer data was stolen, at this point.
“With the ransomware being contained to a third of Yum! Brands UK outlets and the downtime being limited to 1 day – Yum! Brands have done relatively well recovering,” said Morten Gammelgard EVP, EMEA at BullWall. “The average amount of downtime for organizations when hit by Ransomware is approximately 24 days.”
“Yum withheld the identity of the threat actor responsible for the ransomware attack, the extortion amount demanded, and the attack vector used to compromise the company. The company also has not disclosed the nature of the stolen information and which branches were affected, although an instigation was still in progress.” (cpomagazine)
My thoughts: I think it was impressive that Yum! Brands were able to maintain business continuity quite well. I also think it was smart of them to withhold the identity of the ransomware group. I really do think we are giving ransomware groups way too much exposure.
Running Room is a community for devoted runners, offering gear, access to races and training. (In Quebec, they are called Coin Des Coureurs). They just announced that their website was hacked.
The unknown unauthorized group stole emails, names, addresses, phone numbers and credit card information including number, expiry date and CVV security code. Personal information of clients between November 19, 2022 and January 18, 2023 have been stolen.
It is speculated that the motive of the hack was to steal credit card information to sell it on the dark web. Running room has announced that they “enhanced security measures.” (ctvnews)
My thoughts: Reset your passwords and verify your credit card statements for additional charges. To be extremely safe, get a new credit card. On another note, Running Room did not notice the breach for two months. Hundreds, if not thousands, of people could have been safe if they had just noticed sooner. Unfortunate.
I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Microsoft 365 backup, and Quebec's Law 25 training.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.