CYBER SECURITY NEWS – WEEK OF MARCH 06, 2023
LastPass says hackers broke into an employee PC to steal the company’s password vault
- The bad actors needed the engineer’s logins to access the company’s cloud storage.
- Apparently, the bad actors involved in those incidents also infiltrated a company DevOps engineer’s home computer by exploiting a third-party media software package.
- They implanted a keylogger into the software, which they then used to capture the engineer’s master password for an account with access to the LastPass corporate vault.
- After they got in, they exported the vault’s entries and shared folders that contained decryption keys needed to unlock cloud-based Amazon S3 buckets with customer vault backups.
British retail chain WH Smith says data stolen in cyberattack
- British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees.
- “WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” reads the company’s cybersecurity notice filed with London’s Stock Exchange.
- The company states that the attack did not impact its trading business. Customer data was not affected because this information is stored on separate systems that remained safe from unauthorized access.
Indigo Books & Music refuses to pay ransom after hackers stole employee information
- With help from Shopify, a brand new temporary website was brought online within days and was able to fulfil orders for hungry bookworms.
- In an update posted on its new website, Indigo has not only confirmed that the security incident it experienced was a ransomware attack, but also that data related to current and former employees was stolen by hackers.
- The notorious LockBit ransomware gang is threatening to release the exfiltrated data as early as today on the dark web unless its ransom demands are not met. Indigo, however, has said that it is not prepared to cave in to the extortionists’ demands as there is no guarantee that any money paid won’t “end up in the hands of terrorists.”
Southeastern Louisiana University ‘likely’ suffered cyber attack
- The university is still without network services after shutting them down last week due to a possible cyber attack, leaving students without access to study materials and forcing professors to reach out on Facebook.
- University and State Police officials both said they couldn’t offer additional information on the incident as the investigation continues.
- However, a local cybersecurity expert says that, from the information available, it appears to be “some type of cyber attack.”
Poland blames Russian hackers for cyberattack on tax service website
- The distributed denial-of-service (DDoS) attack occurred, causing the website to crash for approximately one hour and blocking users’ access to the online tax filing system.
- In an interview Wednesday with Polish news channel Polsat News, Secretary of State at the Government Plenipotentiary for Cyber Security Janusz Cieszynski blamed the attack on Russia. “We have information that makes it very likely that this is the adversary,” he said.
- No data was leaked as a result of the attack, Cieszynski said. The tax service did not respond to The Record’s request for comment.
Hatch Bank discloses data breach after GoAnywhere MFT hack
- Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.
- As reported by TechCrunch, data breach notifications sent to impacted customers and filed with Attorney General’s offices warned that hackers exploited a vulnerability in the GoAnywhere MFT software to steal the data of 139,493 customers.
- “On January 29, 2023, Fortra experienced a cyber incident when they learned of a vulnerability located in their software,” warned the Hatch Bank data breach notification.