Top news stories this week
- Not just any breach. M&S responds to cyber incident as online services disrupted.
- Trouble in paradise. Airport retailer agrees $6.9 million settlement over 2020 data breach.
- Slippery phish. Google issues warning over emails impersonating legitimate Gmail address.
- Wide open. Dental clinics in North Carolina accuse IT contractor of withholding domains.
- Spirited away. Japanese online brokerage accounts hacked.
- Zoom and gloom. Cyber criminals exploit Zoom remote access feature in targeted crypto scams.
1. M&S takes systems offline in response to a cyber incident
The British multinational retailer Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack that has impacted contactless payments and ‘Click and Collect’ services. Retail stores have remained open, but customers are taking to social media to complain about the disruption to the services. M&S has not disclosed the nature of the attack or the identity of the threat actor.
So what?
Securing a network after a breach can cause significant temporary disruption, but decisive containment action is essential to remove unauthorised access.
[Researcher: Milda Petraityte]
2. Paradise Shops agrees USD 6.9 million settlement over 2020 data breach
The airport retail operator Paradise Shops, has agreed to a USD 6.9 million settlement following a class-action lawsuit in relation to a 2020 ransomware attack. The company has been accused of negligence for failing to adequately secure its systems and for notifying the approximately 76,000 victims about the breach nearly eight months after it occurred.
So what?
Insufficient investment in vulnerability management and incident response communication strategies can expose organisations to significant financial and legal risks, even years after the initial incident.
[Researcher: Clay Palmer]
3. Google issues warning to 3 billion users over new phishing attack
Google has raised the alarm regarding a new phishing scam targeting Gmail users, in which threat actors can send an official-looking email that appears to come from a real Google address. This tactic manages to bypass Google’s DomainKeys Identified Mail (DKIM) security checks. Google has reported that they have already patched the issue and have advised users to adopt two-factor authentication and passkeys.
So what?
Phishing attacks can be highly convincing. Users should always exercise extreme caution with messages or phone calls asking for passwords or account credentials even if the source appears legitimate.
[Researcher: Stephen Ross]
4. Dental practitioners accuse long-term contractor of holding web domains hostage
Dental practices in North Carolina have accused a long-term IT contractor of holding at least nine domains hostage after their contract ended in late 2023. The contractor claims to own the domains because they were registered on his personal HostGator account. The dental clinics have approached the US court to seek a temporary restraining order and an injunction, aiming to prevent the contractor from altering the domains.
SO WHAT?
Effectively safeguarding your digital assets and preserving your brand requires maintaining digital hygiene, including clearly determining asset ownership and management.
[Researcher: Lena Krummeich]
5. Japanese online brokerage accounts hacked; fake sites steal millions
Six Japanese brokerages have reported cases of hacked trading worth US 700 million. The unauthorised transactions are the result of attackers using stolen customer information harvested from phishing websites masquerading as legitimate broker portals. In most cases, the fraudsters used the accounts to purchase Chinese stocks, artificially inflating the prices in a “pump-and-dump” tactic.
So What?
This is another timely reminder to take precautions to avoid falling victim to phishing attacks – account holders should avail of the various enhanced security features offered by these securities companies, which include multifactor authentication and notification services when logging in, executing trades and withdrawing funds.
[Researcher: Lester Lim]
6. Cyber criminals exploit Zoom remote access feature in targeted crypto scams
Threat actors are abusing Zoom’s remote control feature to steal cryptocurrency from high-value targets. Attackers pose as crypto journalists, inviting victims to fake interviews via Calendly and Zoom. During the call, they rename themselves "Zoom" to trick users into approving a remote control request, obtaining full access to systems to steal data, install remote access malware and access crypto wallets.
SO WHAT?
This incident highlights the increasing sophistication of social engineering attacks and the risks associated with legitimate remote access tooling. To mitigate the risk, businesses should limit Zoom usage on sensitive systems.
[Researcher: Virginia Romero]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
