This Week in Cyber Security - June 8, 2023

It’s that time of the week again! 

As usual, we look at what went down in the world of cybersecurity and tell you if we had a good week or a bad week. Spoiler alert: we had a bad week. 

In the last round-up, we told you about some significant breach disclosures. Turns out, the bad actors were just warming up. Our not-so-favorite hacking groups were busier than ever, wreaking havoc across the public and private sectors, impacting almost every industry and corner of the globe. 

How bad was bad? Let’s find out.

Russian-linked hacking group Cl0p exploits a zero-day flaw in file transfer software to unleash an international ransomware attack. 

It all started when Progress Software announced a zero-day vulnerability in its MOVEit file transfer program earlier this week. Now, the victims are rolling in, including the BBC and British Airways. According to Bloomberg, “the Russian-speaking gang recently exploited a previously unknown vulnerability” in the software. Keep in mind, this is the same hacking group that took credit for breaching the City of Toronto using a vulnerability in GoAnywhere. It got ugly enough that the FBI had to issue an advisory on the attack. CNN has more here.

Our take: The hackers’ utilization of this obscure tech demonstrates their adaptability and ability to find new vulnerabilities in the defenses of organizations, emphasizing the importance of strong cybersecurity measures needed to counter the increasing sophistication of these attacks. It’s no longer good enough to meet industry standards for cybersecurity. If your organization isn’t one step ahead, it could suddenly be ten steps behind and picking up the pieces of a disaster.

Free VPN service logged data it said it didn’t log, then had over 360 million user records exposed. 

CPO Magazine covered the continued fallout over a significant data leak involving a free VPN service, SuperVPN, that has exposed over 360 million user records. The breach, attributed to a misconfigured Elasticsearch database, allowed unauthorized access to sensitive information such as email addresses, IP addresses, and user activity logs. Apparently, the app has over 100 million downloads across various marketplaces. That’s a lot of impacted users.

Our take: This incident highlights the risks associated with using free VPN services and the potential consequences of inadequate security practices. It serves as a reminder for individuals and organizations to exercise caution and prioritize reputable VPN providers that prioritize user privacy and data protection. In fact, the article points out that, “The breach revealed SuperVPN stored logs despite its “no logs policy,” raising concerns about similar free VPNs.”

Hacking group “Anonymous Sudan” takes Microsoft Outlook offline. 

Cybernews discussed a recent outage of the Microsoft Outlook email platform that was allegedly caused by a cyberattack at the hands of a pro-Russian group called “Anonymous Sudan.” The attack disrupted Microsoft’s email service for a significant number of users. During the attack, the group seemingly taunted the tech giant, writing, “Microsoft, the fate of your services is under our hands, we decide when to shut it down and when to leave it open.” 

Our take: While Microsoft quickly responded and resolved the issue, the incident highlights the vulnerability of widely used platforms and the potential impact of cyberattacks on users’ daily activities. It serves as yet another reminder for companies to stay vigilant, implement stringent and cutting-edge security measures, and have contingency plans in place to mitigate the impact of these disruptions.

Quick Bites

CoinTelegraph covered the hack of a non-custodial, decentralized crypto wallet called Atomic Wallet. While the cause of the attack remains under investigation, the well-known, pseudonymous Twitter user ZachXBT estimated that victim losses are over $35 million and counting. 

Verizon released a compelling report on the state of cybersecurity and methods of attack used by bad actors. After analyzing 16,000 security incidents over the past year, the study found that ransomware attacks are the most common cause of them. Perhaps most alarming to us, the report concluded that “employees continue to pose more of a practical cyber threat to most organizations than the Russian GRU or Chinese Ministry of State Security.” 

This, right here, is why we keep preaching the need for organizations to be proactive about their cybersecurity programs. 

Breaking Defense dropped a thorough debrief of the Chinese ‘Volt Typhoon’ hack, suggesting that it underlines a shift in Beijing’s targets and skills. Basically, the PRC wants to be able to disable critical infrastructure anywhere in the world in the event of a conflict.