Top news stories this week
- Please HODL. Coinbase responds to USD 400 million insider threat attack.
- Off the shelf. Dior and M&S confirm customer data exposed following separate cyberattacks.
- A new hope. EU launch new vulnerability database following drop in funding for the CVE program.
- Heist in the cloud. Threat actors steal sensitive data from UK education giant, Pearson.
- It’s o-phish-ial. Scams in Singapore cost victims GBP 635 million in 2024.
- Router rumble. Law enforcement shuts down a botnet of hacked routers.
1. Cryptocurrency exchange Coinbase rejects USD 20 million ransom demand
Coinbase has disclosed that unknown cyber criminals broke into its systems and stole account data for a small subset of its customers. The threat actors allegedly bribed insiders to copy data in its customer support tools. Coinbase has fired the compromised customer agents, offered reimbursements to defrauded customers, and established a USD 20 million reward fund for information leading to the arrest and conviction of the attackers. The company estimated the cost of the breach could reach USD 400 million.
So what?
While Coinbase’s response is being widely lauded, customers should review their various arrangements with their financial services providers, and ensure controls such as two-factor authentication (2FA) and permitted transfers to listed entities in their address books are used where available.
[Researcher: Lester Lim]
2. Dior and Marks & Spencer confirm customer data stolen following cyberattacks
The French Luxury retail brand House of Dior has confirmed that customer data in China and Korea was been exposed following a cyberattack discovered on 7 May. Separately, British retailer M&S has confirmed that personal customer data was stolen in the attack which took place three weeks ago, likely including information such as phone numbers and home addresses. In both cases, the organisations have stressed that no financial information was accessed.
So what?
Keeping customers and wider stakeholders informed during an incident is complex. Organisations should include crisis communication planning and exercising as part of their cyber resilience strategy.
[Researcher: Katarina Zotovic]
3. EU launch new vulnerability database
The European cyber security agency ENISA announced the official launch of a new vulnerability database, the European Union Vulnerability Database (EUVD). Although the NIS2 Directive mandates this project, its launch also addresses concerns about MITRE’s long-standing CVE program which arose recently due to a disruption in funding by the US government.
So what?
While the EUVD was not designed to replace the US program, it will provide a centralised, aggregated source of information on cyber security vulnerabilities, their exploitation status and suggested mitigations.
[Researcher: Milda Petraityte]
4. Threat actors exfiltrate data from UK education giant, Pearson
Threat actors targeted Pearson, a large UK education company, in a cyberattack, exfiltrating sensitive corporate and customer data. They exploited an exposed GitLab token to access the company's source code, which contained further hard-coded credentials for cloud platforms such as AWS and Google Cloud.
SO WHAT?
Organisations should periodically conduct secret scanning in their cloud infrastructure to detect sensitive information such as passwords and API keys in code and storage. This can reduce human error and prevent unauthorised access.
[Researcher: Aditya Ganjam Mahesh]
5. Scams in Singapore cost victims GBP 635 million in 2024
Recent reports indicate that phishing scams targeting Singaporean bank POSB customers led to losses of at least SGD 172,000 (GBP 100,000) over the past month. Singaporean police revealed that scammers in Singapore stole a total of SGD 1.1 billion (GBP 635 million) in 2024 alone. This amount reflects a 70% increase compared to 2023, with nearly 25% of these scams involving cryptocurrency.
So What?
Continued reported rises in the cost of cyber incidents across the world underpin the need for constant vigilance across all constituencies, not just employees but consumers. Financial institutions should also seek to implement further controls to protect their customer base.
[Researcher: Mark Farley]
6. FBI warning about routers and seizure of IOT Botnet.
A joint international law enforcement operation, "Operation Moonlander," led by the FBI and Dutch National Police, successfully dismantled two services, Anyproxy and 5Socks, accused of running a botnet of hacked routers under the pretence of being legitimate proxy services. Four individuals, three Russians and one Kazakh, were indicted for profiting from these services by exploiting vulnerabilities in older wireless routers. The four are believed to have made more than USD 46 million from selling access to the botnets.
SO WHAT?
Organisations should check their internet-connected devices vulnerabilities regularly and take proactive measures with an effective vulnerability management process to secure them against exploitation.
[Researcher: Nor Liana Kamaruzzaman]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
