Monthly IntSum - June 2024

Our monthly IntSum report is a compilation of the most important and relevant news stories.

Our team of cybersecurity experts are constantly monitoring the latest threats and vulnerabilities from around the world to provide you with the most up-to-date information.

3rd June - 7th June: Customers of Cloud Computing and Analytics Company Snowflake Breached

This week, we reported a breach of Snowflake user accounts affecting single-factor authentication, compromising data from Ticketmaster and Santander. The threat actor ShinyHunters advertised this data on BreachForums, accessing it via a third-party breach using Lumma malware to infiltrate an employee's ServiceNow account and obtain authentication tokens. Additionally, Sp1d3r compromised Advance Auto Parts, exposing personal information of job applicants and millions of customer profiles and employee data.

The low sophistication of these attacks highlights a lack of basic security measures and may inspire more opportunistic breaches. This incident underscores the need for robust password policies, multi-factor authentication, and considering passwordless authentication methods to prevent further malicious activities like phishing, fraud, and identity theft.

10th June - 14th June: Ransomware continues to impact government services in the US

This week, we reported on ransomware impacting government services in Cleveland, Newburgh, and Traverse City. A suspected ransomware attack led Cleveland, the largest US city yet affected, to shut down several IT systems, including citizen-facing services. Similarly, Traverse City and Newburgh experienced ransomware incidents disrupting resident payments for services like taxes and water.

Although emergency services were not impacted, past incidents have shown potential risks. These events highlight a growing trend of ransomware attacks on local governments, disrupting critical public services and compromising sensitive citizen information. The increasing frequency of these attacks underscores the urgent need for robust security practices in government IT systems.

17th June - 21st June: IntelBroker claims data breach of multiple high-profile organisations

This week, we reported on the alleged compromise of several high-profile organizations by the threat actor IntelBroker, who has claimed numerous data breaches in 2024, including Europol’s Platform for Expats, the National Parent Teacher Association, HSBC, and Barclays. IntelBroker recently claimed unauthorized access to Apple’s website, exfiltrating internal source code for three Apple tools, and compromising semiconductor manufacturer AMD, obtaining sensitive intellectual property (IP) and personally identifiable information (PII).

The AMD breach may have been facilitated by exploiting public-facing vulnerabilities. Although IntelBroker may exaggerate their claims, their history suggests they likely possess the capability to conduct such breaches. The potential exposure of sensitive IP could lead to competitive disadvantages for Apple and AMD and may attract regulatory scrutiny and reputational damage over time. Leaked technical information and PII also increase the risk of follow-up attacks, potentially resulting in more severe data loss or disruption of critical functions.

24th June - 28th June: LockBit claims to compromise the US Federal Reserve and Indonesia’s National Data Centre

This week, we reported on the listing of two governmental entities, the US Federal Reserve and Indonesia’s National Data Centre, on LockBit’s data leak site, with threats to expose large amounts of allegedly stolen data if ransomware demands were not met. On June 23, 2024, LockBit claimed to have 33 terabytes of sensitive information from the Federal Reserve, although recent updates suggest the actual compromised entity is Evolve Bank & Trust. Meanwhile, Indonesia’s National Data Centre, run by Kominfo, suffered a LockBit ransomware attack disrupting critical services and demanding a ransom of USD 8 million.

These incidents highlight LockBit’s intensified focus on critical national infrastructure following the takedown of its infrastructure by the FBI in February 2024. The trend is alarming due to the essential nature of these services and the widespread disruption caused by such compromises. Also, false claims, like those involving the US Federal Reserve, enhance the group's reputation and increase the ransom payment likelihood. These events underscore the persistent and evolving threat posed by ransomware groups like LockBit, impacting various organizations and causing significant disruptions and financial losses.

We are committed to keeping you informed and helping you stay ahead of the ever-evolving cybersecurity landscape.

By subscribing to our newsletter, you can ensure that you stay ahead of the ever-evolving cybersecurity landscape.

You'll receive monthly updates on the latest trends and threats, in-depth analysis and expert commentary. With this information at your fingertips, you can better protect yourself and your organisation from potential cyber-attacks. Subscribe here.

To see the Orpheus platform in action, click here