Weekly Cyber News Roundup

September 18th to September 22nd 2023

Content 

01. News Bites
  • UK Police Data Compromised in Third-Party Ransomware Attack

  • Hackers of MGM also hit three other companies

  • Major North Carolina Hospitals Targeted in International Cyber Attack

  • Lazarus Group Escalates Crypto Thefts, Steals $240 Million Since June 2023
     

02. Conclusion

Quick News Bites

UK Police Data Compromised in Third-Party Ransomware Attack

Greater Manchester Police (GMP), one of the UK's major police forces, confirmed a data breach following a suspected ransomware attack on Stockport-based identity card maker, Digital ID. The company, which serves over 22,000 clients globally, had "some information" related to GMP employees. Although the exact nature of the compromised data remains undisclosed, financial information is not believed to be affected. As many as 20,000 individuals may have had their information stolen.

According to reports, GMP has contacted the Information Commissioner’s Office and a nationally-led criminal investigation is underway. Employees are being kept informed and supported throughout the process. Digital ID declined to provide specifics but confirmed they were the target of a ransomware attack affecting multiple clients. The company had previously been responsible for printing cards requiring employee data from organisations, including GMP.

This breach follows a similar incident last month involving London’s Metropolitan Police. At the time, names, ranks, and other details of officers were exposed due to a fault in a supplier's IT system. Both investigations are ongoing, and at the time of writing neither organisation has commented on whether ransom demands have been received.

Hackers of MGM also hit three other companies

Hackers targeting casino giants MGM Resorts International and Caesars Entertainment have also breached three other companies in diverse sectors. David Bradbury, Chief Security Officer at Okta, a global identity management firm, revealed that five clients, including MGM and Caesars, fell prey to hacking groups ALPHV and Scattered Spider. While the names of the other targeted companies remain confidential, Okta is assisting official investigations into the multi-sector attacks.

The breaches have refocused attention on ransomware attacks, affecting a broad spectrum of industries annually. These incidents led to a decline in market value for MGM and Caesars, disrupting MGM's operations across its global hotel and gaming venues. Okta, which provides security services like multi-factor authentication, issued an alert last month after identifying multiple breaches among its customers.

The hacking group ALPHV claimed responsibility for the MGM attack, hinting at further strikes unless a deal is reached. The exact ransom amount remains undisclosed. Scattered Spider, appears to have collaborated with ALPHV on the hacks.

Major North Carolina Hospitals Targeted in International Cyber Attack

Microsoft’s health-care tech subsidiary, Nuance has disclosed that personal data at key North Carolina hospitals may have been compromised in a large-scale cyber attack earlier this year. The Russian ransomware group Clop claimed responsibility for the May incidents, hacking into Nuance as well as Sony, Norton, and other major tech companies. The breach originated from an attack on software company Progress during May 28-29, affecting “thousands of organisations,” according to Nuance. Compromised data included patients' services and demographic information.

Upon learning of the breach on May 31, Nuance immediately secured its systems, enlisted cyber security experts, and installed security patches. Nuance emphasised that data privacy and security are among its top priorities, reassuring that they have extensive measures in place to protect sensitive information.

Lazarus Group Escalates Crypto Thefts, Steals $240 Million Since June 2023

The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency, marking a significant escalation in cyberattacks. The hacking collective is suspected of a $31 million theft from CoinEx on September 12, 2023 adding to a string of heists targeting various cryptocurrency platforms like Atomic Wallet, CoinsPaid, Alphapo, and Stake.com.

Elliptic noted that the Lazarus Group is shifting focus from decentralized to centralized services, likely due to advancements in DeFi security and increased vulnerabilities in centralized exchanges. This shift coincides with North Korean leader Kim Jong Un’s recent visit to Russia, believed to be related to an arms deal, and ongoing missile tests.

Cryptocurrency theft serves as a financial lifeline for North Korea to bypass international sanctions and fund its weapons programs. Fraudulent employment tactics have also been employed, as seen in CoinsPaid's disclosure of the "Operation Dream Job" scam, where phony recruiters targeted its employees to compromise systems.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.