Expert Insights Cybersecurity News Recap: November 26 – December 3 2024

Welcome to the weekly Expert Insights cybersecurity news roundup.

It’s officially the holiday season – we’re in the final stretch now! 🎄

🚨 Expert Insights is a sponsor at the 2024 CybersecurityMarketingCon next week. If you’re attending, we’d love to see you there!

Here’s your weekly lightning roundup of the top cybersecurity stories that matter this week.

Got a story to share with our team? Email [email protected].

1. Major Disruption After Ransomware Hit On Supply Chain Vendor Blue Yonder

A software technology provider was hit by ransomware last week, disrupting hundreds of large retailers, reports TheRecord, CSO and BleepingComputer.

Blue Yonder, headquartered in the UK, provides supply logistics systems for more than 3,000 companies globally. Last week, the company announced its managed services had been disrupted by a ransomware attack.

“On Nov. 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident. Blue Yonder has been working diligently together with external cybersecurity firms and hardened our defensive and forensic protocols,” the company said. It’s unknown at this stage if a ransom demand had been issued.

The impact: Several customers have reportedly adopted contingency measures to deal with the ransomware attack. The Wall Street Journal reports that Starbucks and major grocery stores in the UK including Sainsburys and Morrisons have been impacted, including processing employee payrolls and managing schedules.

The big picture: The busy holiday season provides hackers with an opportunity to enact mass disruption on retail and grocery businesses. A Semperis study showed that 86% of ransomware incidents took place on weekends or on public holidays, reports CSO.

More broadly, ransomware attacks targeting supply chain vulnerabilities continue to rise, with 15% of breaches in 2024 targeting a third-party according to Verizon.

Staying protected: Basic IT hygiene and user awareness training is a good starting point for protecting your business against ransomware attack, Brett Stone-Taylor, Snr Director Threat Intelligence at Zscaler told Expert Insights.

“Employ two-factor authentication, require strong passwords that you rotate, [and] maintain offline backups. Monitoring network traffic is incredibly important from a number of perspectives. Utilize endpoint solutions and make sure your software is up to date. And use a zero-trust architecture to make sure that when someone authenticates, you’re connecting them to an application, not the network.”

2. INTERPOL Arrests 5,500 Suspected Cybercriminals And Seizes Over $400 Million In Major Cyber Crime Operation

INTERPOL has arrested over 5,500 suspects and seized more than $400 million in a coordinated operation involving 40 countries, reports TheHackerNews.

Operation HAECHI-V took place between July and November 2024 and targeted seven types of cybersecurity fraud, including voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, business email compromise, and e-commerce fraud.

Fighting back: Cyber-crime often crosses borders and can be extremely difficult for one country to tackle on its own. The success of this campaign demonstrates how critical internal cooperation is to effectively take down cybercriminal networks.

“The borderless nature of cybercrime means international police cooperation is essential, and the success of this operation, supported by INTERPOL, shows what results can be achieved when countries work together. It’s only through united efforts that we can make the real and digital worlds safer,” said INTERPOL Secretary General Valdecy Urquiza.

3. A German Taskforce Will Tackle Foreign Cyber-Attacks And Disinformation During Snap-Election

Germany’s domestic intelligence agency (BfV) announced this week it has set up a task to tackle foreign interference in its election campaign, Reuters reports.

The taskforce will aim to prevent foreign state attempts to disrupt or influence the upcoming election, including fighting disinformation, deepfakes, cyberattacks, and sabotage.

BfV warned in a statement that Russia “probably has the greatest and most obvious interest in influencing the election in its own favour,” but that it would also be looking at other potential origins of foreign interference.

Fake news: 2024 has been a year of elections, with nearly half the world’s population heading to the polls this year, including the USA, the UK, France, India, and Mexico. Generative AI technologies and deepfake software has sparked fears of accelerated election interference and disinformation.

Ahead of the US election last month, the Office of the Director of National Intelligence (ODNI), the FBI, and the Cybersecurity and Infrastructure Security Agency said that “Russia is the most active threat,” they were tracking.

4. Two Hospitals In The UK Breached By Cyberattacks In One Week

Two hospitals in the UK were hit by cyberattacks last week, including one children’s hospital, reports SecurityWeek.

Alder Hey Children’s Hospital was hit by a ransomware attack that may have breached patient records and other information ranging from 2018-2024. Details of the attack were published on the dark web by ransomware group “Inc Ransom”.

Meanwhile, Wirral University Teaching Hospital also disclosed last week that it was hit by a cyberattack that forced it to shut down systems and switch back to using pen and paper. The attack will likely lead to longer than usual waiting times.

Health warning: While it’s not clear if both attacks involved ransomware at this stage, hospitals and healthcare providers continue to be major targets for ransomware gangs.

According to Sophos, two-thirds of healthcare providers were hit by ransomware in the last year, up from 60% in 2023. This far outpaces growth in other sectors. Healthcare organizations are also facing longer recovery times, with 37% of organizations taking more than a month to recover from an attack.

5. Hacker Arrested After Breaching Two Organizations To Pitch His Own Security Services

A man in Kansas City has been charged with hacking into a nonprofit and a health club in an effort to pitch his own security services to the owner, reports The Kansas City Star.

The 31-year-old was charged with accessing a protected computer without authorization and obtaining information, and one count of reckless damage to a protected computer during unauthorized access.

Buyer beware: Allegedly, the defendant visited a health club in April before emailing the business owner claiming to have circumvented the login for security cameras and gaining access to user accounts and files on computers.

Staff then found his monthly gym fee had been reduced to $1 and a staff nametag had been stolen. A few weeks later, the man allegedly posted on social media an image that appeared to show him controlling security cameras at the company, with a caption reading “how to get a company to use your security service.”

That’s all for this week. 👋

We’re back on Thursday for our weekly cybersecurity vendor news roundup.

Expert Insights Cybersecurity Resources: