Cyber security update, May

Latest security breaches

A ransomware attack affecting molecular diagnostics company Enzo Biochem led to the exposure of clinical test information and Social Security numbers of almost 2.5 million individuals. Despite reporting that it immediately disconnected its systems from the internet, notified law enforcement and engaged a cybersecurity organisation’s help, the company still suffered a significant data leak.

An investigation by cybersecurity researcher Jeremiah Fowler found that more than 360 million records of user data were leaked in a breach experienced by the free VPN provider SuperVPN. The data included personal information such as IP addresses, email addresses, information on visited websites and more.

A misconfigured cloud environment led to the leaking of additional customer data from Japanese automaker Toyota, which has now reported a total of 260,000 leaked records since 2015. In this case, Toyota explains in a publicly released statement that the leak “was caused by insufficient dissemination and enforcement of data handling rules.”

Cyber security awareness

Japanese pharmaceutical company Eisai says it “immediately” created a company-wide taskforce following a cyber attack in early June. It is currently investigating whether any data was leaked and is working to respond with law enforcement officials and external experts, Eisai reports.

Two lawsuits surrounding the 2022 data breach targeting Mercer University seem to suggest that leaders at the institution failed to prevent the cyber attack when they could have and then waited roughly three months before notifying any affected individuals. One of the lawsuits also claims that the breach led to the fraudulent use of credit cards.

Russian cyber crime gang ClOp has delivered an ultimatum to a number of companies targeted in the recent MOVEit zero-day attack, giving them a deadline of June 14th. The hack resulted in payroll data from 100,000 members of staff at the BBC, Boots and British Airways being leaked. ClOp is threatening to publish this data if the companies fail to email the gang by its deadline.

Cyber security intelligence

A joint cyber security advisory issued on May 9th 2023 warns of Russia’s Federal Security Service (FSB) “Snake” malware. The advisory describes Snake as “the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service”. The Snake tool has been identified in over 50 countries across North America, South America, Europe, Africa, Asia and Australia. It is used to collect sensitive data from high-priority targets, such as international relations documents and diplomatic communications.

Another joint cyber security advisory by the FBI and CISA details the exploitation of a Common Vulnerability and Exposure (CVE) called CVE-2023-27350, which occurs in some versions of PaperCut NG and PaperCut MF print management systems. It allows unauthenticated actors to remotely execute malicious code without any credentials.

Hot Topic of the month: Movelt

After the leak of 100,000 individuals’ data in the MoveIt attack on the BBC, British Airways and Boots, the BBC is offering advice on the actions that organisations affected by data breaches can take.