28th December | Be Cybersafe – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Snatch ransomware group claims a major attack on Kraft Heinz

The notorious Snatch ransomware group has declared responsibility for orchestrating a significant cyber attack on Kraft Heinz, a prominent American food manufacturer. The group initially listed Kraft Heinz on its dark web platform on August 16, but the information became publicly visible on December 14. Despite the claim, the Snatch ransomware group has not provided any data samples to substantiate their assertions.

The cyber attack has raised concerns about the potential compromise of sensitive information and the overall impact on the company’s operations.

Acknowledging the situation, a spokesperson for Kraft Heinz confirmed that the company is actively investigating the claims made by the Snatch ransomware group. The focus of the investigation revolves around a decommissioned marketing website hosted on an external platform. The spokesperson emphasised that internal systems usually operate as of the current assessment, and there is no discernible evidence of a broader attack. Despite the reassurances, it remains unclear whether the hacker group has demanded a ransom or if the cyber attack has affected the day-to-day operations of the food and beverage giant.

This incident follows a broader trend in 2023, where leading food producers increasingly become targets of cyber attacks. Earlier in the year, Dole, a significant player in the Ireland-based food production industry, fell victim to a sophisticated ransomware attack. The attack compromised Dole employees’ sensitive personal information and disrupted the company’s daily operations.

In response to the incident, Dole promptly contained the attack upon detection. They also enlisted the services of reputable third-party cyber security experts and notified law enforcement agencies. The cyber attack impacted at least 3,885 individuals.

As the frequency and sophistication of cyber attacks on major food producers continue to rise, the industry faces heightened challenges in safeguarding sensitive data and ensuring the uninterrupted flow of daily operations. The incidents involving both Kraft Heinz and Dole underscore the critical need for robust cyber security measures in the increasingly digitised food and beverage sector landscape.

—

Xfinity reveals data breach linked to Citrix server hack

Comcast Cable Communications, operating as Xfinity, disclosed a data breach linked to a Citrix server hack between October 16 and 19. The intrusion was discovered following malicious activity on the network after Citrix security updates for a critical vulnerability named Citrix Bleed (CVE-2023-4966) on October 25. Security firm Mandiant confirmed active exploitation of this flaw as a zero-day from late August 2023.

Xfinity’s investigation revealed data exfiltration impacting an undisclosed number of customers, compromising usernames, hashed passwords, names, contact information, dates of birth, and secret questions and answers. Despite proactive password reset requests, users reported receiving these requests without clear explanations.

This incident follows a prior pattern, as Xfinity customers experienced widespread account hacks a year ago through credential-stuffing attacks that bypassed two-factor authentication. Compromised accounts were used to reset passwords for external services like Coinbase and Gemini crypto exchanges.

In response, Xfinity has recommended password resets and urged users to enable two-factor or multi-factor authentication for enhanced security. While no reported ransom demand or evidence of customer data leakage has emerged, Xfinity emphasised its commitment to customer protection and stated that its operations remained unaffected, highlighting the importance of continuous cyber security vigilance.

—

Newsquest cyber attack: DDoS attack impacts news publishing on several sites

Newsquest, a prominent UK-based regional media group owned by American mass media holding company Gannet, encountered a significant cyber attack affecting its daily operations and impeding journalists from publishing content. The disruption stemmed from a Distributed Denial of Service (DDoS) attack, as reported by local news agencies.

The DDoS attack, initiated on Monday, involved flooding Newsquest’s websites and apps with excessive traffic, causing intermittent disruptions and impacting reader experiences. The media organisation assured its audience that, despite the incident, there was no evidence of compromised reader or subscriber data, and none of its systems sustained damage.

In response to the cyber attack, Newsquest promptly notified the National Cyber Security Centre and law enforcement, collaborating with them to resolve the issue swiftly. The attack emphasises the severity of DDoS attacks, noting their potential to conceal data breaches and disrupt organisational operations.

Throughout the years, we’ve highlighted the importance of IoT security, emphasising the role of IoT devices in executing DDoS attacks when recruited into botnets. It is recommended to integrate IoT devices into corporate security programs, conducting continuous assessments, and vulnerability testing to prevent their accidental involvement in DDoS attacks against other organisations.

This incident underscores the critical need for robust cyber security measures in the B2B landscape to safeguard against evolving cyber threats.

—————————————————————————————————————————–

Contact Neuways to help your business become

Cybersafe

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today.