Average cost of a data breach rises to €4.5m

According to IBM’s annual ‘Cost of a Data Breach Report,’ the average cost of data breaches globally has risen to €4.49 million this year, marking a significant 10% increase year-over-year — the largest since the pandemic began.

The report reveals that 70% of breached organisations experienced significant disruptions, with lost business and post-breach customer and third-party response costs contributing heavily to the financial impact. The consequences of data breaches are not just monetary; they also harm reputations and disrupt operations, with 12% of breached organisations taking over 100 days to fully recover.

Stolen or compromised credentials were reported as the most common attack vector, often taking nearly 10 months to identify and contain.

Zero Day Exploit: VMWare ESXi Auth Bypass Exploited by Ransomware Attackers

Microsoft has warned that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in cyber attacks.

The vulnerability, tracked as CVE-2024-37085 , is a medium severity flaw (CVSS Score 5.3-6.8) which enables a new user to join an ‘ESX Admins’ group. The user will automatically be assigned full privileges on the ESXi hypervisor.

Over 100K Malware Android Apps Deployed to Steal OTP Codes

A new large-scale malware campaign has been active since at least February 2022, leveraging over 107,000 malicious Android apps to steal users’ SMS messages. These apps are specifically designed to intercept one-time passwords (OTPs) used for online account verification, facilitating identity fraud.

Remarkably, more than 99,000 of these malicious applications were unknown and not available in common app repositories.

The malware targets OTP messages from over 600 global brands, some with user bases in the hundreds of millions. The attack initiates when a victim is deceived into installing a malicious app via ads mimicking Google Play Store listings or through 2,600 Telegram bots posing as legitimate services. Once installed, the app requests permission to access incoming SMS messages and connects to one of 13 command-and-control (C2) servers to transmit the stolen data.

While the perpetrators remain unidentified, they are known to accept various payment methods, including cryptocurrency, to support Fast SMS (fastsms[.]su), a service offering access to virtual phone numbers.

Norfolk and Norwich University Hospitals investigating cyber attack

NHS England’s cyber security operations centre is investigating a cyber security incident at Norfolk and Norwich University Hospitals NHS Foundation Trust, detected and terminated on July 17, 2024.

No data is believed to have been removed, but a full forensic investigation is underway, and enhanced security measures are in place. The incident has been contained with no impact on patient care.

This follows an £88 million deal with Meditech for an electronic patient record system and recent cyber attacks on the NHS, including a ransomware attack on Synnovis in June 2024 and an attack on NHS Dumfries and Galloway in March 2024, leading to significant data breaches. Increased cyber attacks on critical infrastructure are predicted, and the government has announced plans for a new Cyber Security and Resilience Bill to better protect public service data supply chains.

Microsoft says massive Azure outage was caused by DDoS attack

Microsoft confirmed that a nine-hour outage on Tuesday, affecting multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack.

The impacted services included Microsoft Entra, various Microsoft 365 services like Intune and Power BI, and several Azure services such as App Services and IoT Central. An error in the implementation of Microsoft’s DDoS protection mechanisms amplified the attack’s impact rather than mitigating it. To address the issue, Microsoft made networking configuration changes and performed failovers to alternate networking paths. The company plans to release a Preliminary Post-Incident Review (PIR) within 72 hours and a Final Post-Incident Review within two weeks to provide additional details and lessons learned from the outage.

Facebook users targeted by ads leading to scam e-commerce websites

Facebook users are being targeted by a sophisticated scam e-commerce network, dubbed ERIAKOS, that uses hundreds of fake websites to steal personal and financial data through brand impersonation and malvertising tricks.

Detected by Recorded Future’s Payment Fraud Intelligence team on April 17, 2024, the campaign employs 608 fraudulent websites accessible only through mobile devices and ad lures on Facebook, evading automated detection systems.

The scam targets mobile users with limited-time discount ads, serving up to 100 Meta Ads daily for a single scam website. Originating from merchant accounts registered in China, the campaign aims to steal victims’ funds, card data, and personally identifiable information (PII) by exploiting well-known brands and creating a sense of urgency.

The short-lived nature of the scam domains and the high volume of concurrent ads help bypass Facebook’s filters. Despite its recent discovery, the ERIAKOS campaign remains active.

X reveals security incident that made your ‘private’ likes public

Social media platform X, previously known as Twitter, experienced a significant security incident shortly after implementing a change that made likes private. This update was intended to ensure that only account owners could see their own liked posts. However, a breach allowed these private likes to be viewed by others, compromising user privacy.

In an email to affected users, X acknowledged the issue and stated that some likes may have remained publicly available despite the privacy settings. The company has since taken measures to secure the privacy of likes, though the total number of likes a post receives still remains visible to all users. This incident underscores the importance of rigorous security protocols, especially when changes affect user privacy.

Company Paid Record-Breaking $75 Million to Ransomware Group

A recent report uncovered that a record-breaking $75million ransom was paid out to a ransomware group known as Dark Angels. This payment is nearly double the highest publicly known ransomware payment.

Companies which have reportedly paid large ransom payments in the past included CNA Insurance ($40 million), CDK Global ($25 million) and Change Healthcare ($22 million).

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.