The Week in Breach News: 11/13/24 – 11/19/24
This week: The MOVEit vulnerability is back, with a threat actor claiming to have stolen data from two dozen more major companies, including Amazon; China-aligned threat actors hack T-Mobile as part of a massive operation; a deep dive into mitigating holiday cyberattack risk; and eight new big brand-themed phishing simulations are now available in French, Spanish and Portuguese.
Amazon
Exploit: Zero Day Exploit
Industry: Retail
Another round of victims of 2023’s epic MOVEit hack has come to light, and some of them are very big fish. A hacker going by the name “Nam3L3ss” claimed in a post on a dark web leak site that they had exploited the MOVEit zero-day vulnerability, also known as CVE-2023–34362. The threat actor claims to have snatched data from 25 major organizations. Topping the list is Amazon, with the hacker boasting of obtaining 2,861,111 records largely containing employee data. Amazon was quick to reassure the public that Amazon and AWS are secure, claiming that the breach occurred at a third-party property-management vendor. The hacker also released datasets containing hundreds of thousands of records from major companies that purportedly contain data labeled as belonging to MetLife Cardinal Health, HSBC, Fidelity, US Bank, Delta and HP.
How It Could Affect Your Customers’ Business: The MOVEit zero-day exploit is an example of just how far the damage can spread from one vulnerability.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
T-Mobile
Exploit:?Hacking (Nation-State)
Industry: Telecommunications
A Chinese state-aligned threat actor dubbed Salt Typhoon, also known as UNC2286 has breached T-Mobile’s network as part of a widespread cyber-espionage campaign targeting U.S. and international telecommunications companies. The operation, which lasted over eight months, accessed sensitive systems, potentially compromising national security by intercepting call logs, unencrypted texts, and audio from high-value targets, including senior U.S. government officials and politicians. According to The Wall Street Journal, the group employed advanced tactics, including infiltrating Cisco Systems routers and leveraging AI and machine learning for their espionage. The U.S. Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that they expect their understanding of the extent of the compromises to grow as the investigation continues. This is a developing story.??
How It Could Affect Your Customers’ Business: This is a strategic, dangerous hacking operation that could have serious repercussions for U.S. national security.
Kaseya to the Rescue: ?Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
New big-brand-themed phishing simulations in 3 languages are here!
Cybercriminals are quick to impersonate big brands to make their email phishing messages enticing. These eight new phishing simulation kits in French, Spanish and Portuguese are available now for your next round of employee education. LinkedIn – Password Reset
View UPS – Package Delivered
H&R Block – Verify Email
Learn more about these new phishing simulations and other developments for BullPhish ID in the Release Notes.?READ NOW>>
Stay up-to-date. Read the entire The Week in Breach from this week here.