In the dynamic expanse of the digital world, a month unfolds with the richness of an entire year. September 2023 was testament to this, brimming with cyber-centric events. With the guidance of Thomas Ricardo, our esteemed Cyber Analyst Reporter, and insights from our special guest, Tim Dole—a seasoned security veteran well-versed in global cybersecurity and tech global affairs—our editorial team at the Cyber News Centre meticulously documented each pivotal moment.
September 2023: A Month of Rising Cyber Threats Globally
September 2023 stands as a stark reminder to global businesses and institutions: cyber threats are not just evolving; they're escalating. Sony's scramble following a ransomware intrusion and MGM's operational halt post-cyber attack reveal a hard truth - even the giants aren't invulnerable. The vast landscape of breaches this month, spanning from entertainment titans to revered institutions like the International Criminal Court, shows that cyber threats are more than mere IT challenges; they're strategic business risks. And with the alleged state-sponsored cyber espionage on Egypt's presidential hopeful, we're reminded that these cyber threats carry geopolitical consequences.
In the face of these digital assaults, the corporate world must rethink its cybersecurity approach. The attacks on MOVEit, a file transfer platform, and the potential compromise of Airbus's vendor database illustrate the domino effect: one vulnerable node can trigger a cascade of breaches. Furthermore, Duolingo's data scraping incident underlines the broader challenge tech platforms face in safeguarding user data, even when the platforms themselves aren't directly breached. In today's interconnected digital economy, it's no longer about guarding one's castle but ensuring the entire kingdom is fortified.
Major Corporations Under Siege
Sony's Digital Walls Breached
Sony is currently probing an alleged intrusion by the ransomware group 'Ransomed.vc'. The group has released a data sample, indicating a significant breach. Sony is currently investigating the situation. Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
Clop Group Expands Its Reach
MOVEit is a file transfer platform made by Progress Software Corporation. The platform is used by thousands of governments, financial institutions and other public and private sector bodies all around the world to send and receive information.
The Clop ransomware group's previous MOVEit attack reverberates with over 2,000 organisations now compromised. Major corporations, including the Housing Industry Association, are addressing data breaches tied to this attack. In late May 2023, data started to be transferred from hundreds of MOVEit deployments, however, these were not normal file transfers initiated by legitimate users. MOVEit had been hacked and the data was being stolen by a ransomware operation called Cl0p.
Why MGM's Recent Attack Is A Disturbing Trend
MGM Resorts International had to halt operations at over a dozen of its properties after a debilitating cyberattack left its computer systems compromised. This shutdown wasn't isolated to its Las Vegas properties but also impacted locations as far-reaching as Atlantic City and Ohio. With $3.9 billion in revenue for the quarter ending June 30, and a stock price that fell 3.8% since the attack, the financial ramifications are significant.
MGM, the global hospitality giant, assures its stakeholders that operations continue seamlessly despite a recent cyber threat from Scattered Spider, a notorious ransomware group. See CNC Article September 14,2023.
Airbus Vendor Database in the Crosshairs
The ransomware group USDoD alleges to possess comprehensive data from an Airbus vendor database. On 12 September 2023, they showcased a snippet of this data on a widely-visited hacking forum, revealing information about top-tier executives from firms including Thales Avionics and Aerolux.
Spotlight on Social Engineering: ECSM Takes the Lead
Europe vs. Australia: Varied Cyber Approaches Europe is emphasising the threat from social engineering, with initiatives like the European Cybersecurity Month (ECSM). In contrast, Australia's strategy leans towards intelligence collection and advisory roles, indicating the multi-dimensional nature of cyber defence strategies.
Vulnerabilities in Renowned Tech Giants
ECSM's Campaign Against Phishing
The European Cyber Security Month (ECSM) unveils its spotlight on social engineering as phishing strategies become more sophisticated. This move by ECSM emphasises the significance of collective efforts against cyber threats.
Australia's Distinctive Approach to Cyber Threats
Contrasting with the EU's awareness-centric strategy, Australia focuses on a combination of intelligence on cybercriminal activities and advisory protocols for cyber safety.
Global Institutions and Vital Services: No Longer Untouchable
The International Criminal Court Faces Cyber Intrusion
The ICC is delving into a recent breach of its computer systems, emphasising the vulnerability of global justice institutions to cyber threats. This attack is not an isolated phenomenon but rather a testament to the escalating stakes for court and legal systems around the globe. The court, stationed in The Hague, stands as the embodiment of humanity’s fight against war crimes and crimes against humanity, currently juggling 17 multifaceted investigations in nations like Ukraine, Uganda, Venezuela, Afghanistan, and the Philippines.
Ransomware: The New Pandemic for Healthcare & Education
First-hand testimonies spotlight the crippling aftermath of ransomware attacks. Stephen Leffler of the University of Vermont Medical Center states that coping with a cyberattack was even more challenging than the pandemic.
This global problem of ransomware is echoing in Department of Education schools in Australia and New Zealand, compelling leaders in education and healthcare to seek proactive and preventive measures. The experiences shared in the congressional panel underscore the urgency of establishing robust cybersecurity frameworks, upgrading antiquated systems, and allocating resources to defend against the multiplying threat of ransomware.
Nation-State Cyber Espionage: A Rising Concern
Cyber Attacks From North Korea Put Global Western Cloud Providers On High Alert
Google TAG sheds light on a calculated cyber campaign from North Korean hackers targeting specific security researchers.
Google TAG recently unveiled a cyber campaign conducted by North Korean hackers that specifically targeted security researchers involved in vulnerability research and development. Since January 2021, the group has effectively identified and neutralised several campaigns orchestrated by North Korean threat actors. Within the last few weeks, TAG discovered the exploitation of at least one zero-day vulnerability, leading them to promptly report it to the affected vendor, who is now developing a fix for the security flaw.
Predator's Prey: Unveiling Cyber Espionage Against Egypt's Democratic Hope
Ahmed Eltantawy, a presidential candidate for Egypt's 2024 elections, becomes a target of a cyberattack suspected to be backed by the Egyptian government.
On September 21, 2023, Apple resolved three zero-day vulnerabilities that were being used as a way to get a spyware called Predator into iPhones. This secret operation mainly targeted Ahmed Eltantawy, occurring between May and September 2023.
This cyberattack happened after Eltantawy publicly announced his plans to run for President in Egypt's 2024 elections. Citizen Lab is pretty certain that the Egyptian government is behind this attack because they have been known to use this kind of spyware before.
Cyber Vulnerabilities in Popular Tech
NSO Group IPhone Zero-Click, Zero-Day Exploit Captured In The Wild
Elevated Threats to Public Cloud and Civilian Devices: The Evolving Landscape of Apple Device Exploits. For a long time, Apple's reputation stood as the pinnacle of cybersecurity. Its operating systems and apps were commonly perceived as nearly invulnerable to cyber threats. However, a recent security update for Apple products—including iPhones, iPads, Mac computers, and Apple Watches—suggests otherwise. We strongly recommend users promptly update their devices and consider activating Lockdown Mode to counter potential threats.
Duolingo's User Data on the Market
The personal data of 2.6 million Duolingo users is now available on a cybercrime platform, emphasising the need for heightened security even for popular apps.
Duolingo has acknowledged the presence of a post on a hacking forum which offers information from 2.6 million user accounts for a price of $1,500. While the company spokesperson confirms that this data was obtained through scraping public profile details and not a direct breach, the incident underscores the ongoing challenges tech platforms face in safeguarding user data. Notably, data scraping, where tools are used to extract massive amounts of data from websites and APIs, is an increasing concern, with even giants like Meta taking legal action against services that employ such methods to gather user information.
September 2023 has been a turbulent month in cyberspace, with significant breaches impacting both major corporations and global institutions. While ransomware remains a persistent threat, state-sponsored cyber espionage is on the rise. As businesses usher in the last quarter of 2023, it's imperative to view cybersecurity not as a technicality but as a core business strategy. The events of September underscore the dual need for robust technological defences and adaptive strategies that can weather the unpredictabilities of the cyber realm.
As the line between cyber and global politics blurs, the need for international collaboration and heightened security measures has never been clearer.
Tim Dole serves as the CEO of Zirilio and brings two decades of experience in the cybersecurity industry. He is an expert in cyber intelligence and specialises in designing security solutions for crisis management.
