The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Stalled. Ferrari confirms IT systems were accessed in data breach.
- Under attack. LockBit targets cities in California, Michigan, and Ohio.
- Crackdown. Ukrainian police and American law enforcement arrest cyber criminals.
- Supplier slip-up. Latitude Financial and NBA suffer data breach from third-party suppliers.
- Double the ransomware. Ransomware incidents doubled in Europe’s transport sector in 2022.
1. FERRARI DISCOVERS DATA BREACH
Ferrari has confirmed a threat actor accessed its IT environment after receiving a ransom demand to not leak stolen data. Although the nature of the stolen data has not been confirmed, Ferrari has notified affected customers of the breach.
2. US CITIES NAMED ON RANSOMWARE LEAK SITE
The LockBit ransomware group has threatened to release stolen data of three US city governments following a series of attacks targeting the American public sector. The criminal group has named the City of Oakland, City of Allen Park, and the Regional Government of Port Clinton on its dark web leak site. The targeted cities have not yet made any ransom payments.
3. UKRAINIAN MALWARE DEVELOPER ARRESTED; OWNER OF LEAK SITE DETAINED
Ukraine’s cyber police have arrested the individual responsible for developing a remote access trojan malware that infected over 10,000 computers. The attacker promoted and disguised the malware as a gaming application. Once installed, the attacker could remotely control 600 computers at one time.
Separately, American law enforcement has arrested the alleged owner of major leak forum Pompompurin. The site’s administrators have stated it will continue to operate as normal, despite its owner's absence.
4. LATITUDE FINANCIAL AND NBA SUFFER DATA BREACHES
The Australian company Latitude Financial Services has confirmed a data breach affecting more than 300,000 of its customers. The threat actor stole a Latitude employee's login credentials from a third-party vendor and used them to steal customer documents from two other service providers.
Separately, the National Basketball Association (NBA) confirmed a data breach of a third-party newsletter service that held access to its customers' personal information.
Organisations should conduct regular vendor assessments to evaluate how their sensitive information is being stored and secured. Furthermore, appropriate security controls for third-party access must be implemented.
5. EUROPEAN TRANSPORT SECTOR RANSOMWARE INCIDENTS DOUBLED IN 2022
The European Union Agency for Cybersecurity (ENISA) Transport Threat Landscape report reveals that ransomware and data breaches were the most prevalent cyber threats affecting Europe's transportation sector in 2022. Ransomware incidents almost doubled, while data breaches and leaks dropped by over 50 percent. Data-related threats remained the second most common category, with attackers continuing to target credentials, personal information, and intellectual property.
While the ENISA report is focused on the transport sector, ransomware remains pervasive across multiple sectors. Backing up important data and storing them offline will greatly reduce the impact of a ransomware attack.