.png)
In a cybersecurity breach, Southern Water, a utility provider in the South East of England, has disclosed that a cyberattack in January compromised the personal data of nearly 470,000 customers. This breach, which may have impacted between 5 to 10 percent of its clients, is under forensic analysis to determine the full extent of the breach. While specific details of the compromised data are not fully disclosed, it is reported that sensitive information such as dates of birth, national insurance numbers, and banking details have been accessed. The incident also affects both current and former Southern Water employees, indicating a significant risk of data exposure.
Attribution of the attack has been made to the Black Basta ransomware group, which has links to Russia and has previously targeted notable firms like Capita. Black Basta has claimed responsibility for the theft of 750GB of critical data, encompassing both corporate and personal information. Southern Water has not confirmed any payment to the attackers. Southern Water's efforts post-attack have focused on collaborating with cybersecurity specialists to search for any signs of the stolen data on the dark web, with no subsequent data leaks reported thus far.
Following this breach, Southern Water has taken steps to inform impacted customers and employees and has reported the incident to the UK's Information Commissioner's Office.
Risks
Individuals affected by the Southern Water cyberattack face several risks, including:
Identity Theft: With personal data like national insurance numbers and dates of birth compromised, individuals are at a heightened risk of identity theft.
Financial Fraud: Access to banking details could lead to unauthorised transactions and financial fraud.
Privacy Breaches: The exposure of personal information could lead to privacy invasions and potential misuse of data.
Recommendations
To mitigate the risks associated with this breach, individuals should consider the following steps:
Monitor Financial Accounts: Regularly check bank statements for any unauthorised activity and report suspicious transactions immediately.
Fraud Alerts and Credit Freezes: Consider placing a fraud alert on your credit files or a freeze to prevent new credit accounts from being opened in your name without your consent.
Change Passwords: If you use similar passwords across multiple accounts, change them immediately, especially for accounts associated with Southern Water.
Stay Vigilant: Be wary of phishing attempts or suspicious communications claiming to be from Southern Water or related entities.
This cybersecurity breach serves as a stark reminder of the vulnerabilities in critical infrastructure sectors and the importance of adopting comprehensive cybersecurity measures to protect against potential threats.
Bank of America has informed 57,000 of its customers about a data breach involving a third-party service provider, Infosys McCamish System (IMS). The breach, disclosed on November 3, 2023, by IMS's parent company Infosys in a filing with the US Securities and Exchange Commission, resulted from a cyberattack that rendered several applications and systems inoperative.
Infosys announced on January 11 that it had successfully restored all affected systems by December 31st, with the incident's financial repercussions estimated at $30 million. IMS has identified that during the cyberattack, unauthorised parties likely exfiltrated specific customer data.
Since 1st February, Bank of America has been notifying impacted customers, advising them of the potential compromise of their personal data due to the IMS incident. Despite the uncertainty regarding the exact nature of the accessed information, it's believed that compromised data could include names, addresses, dates of birth, Social Security numbers, business email addresses, and other account details.
Although there has been no reported misuse of the stolen information.
The nature of the cyberattack was not explicitly detailed by either IMS or Bank of America. However, the LockBit ransomware gang claimed responsibility for the attack on November 4th, alleging that they had released the data stolen from IMS.
Risks
Identity Theft: The exposure of sensitive personal information could cause identity theft.
Financial Fraud: With Social Security numbers and account information at risk, there's an increased possibility of financial fraud.
Phishing Attempts: Affected customers may be targeted by phishing campaigns using their personal information to deceive them into providing additional details or making payments.
Recommendations
Monitor Accounts: Regularly review bank statements and credit reports for any unauthorised transactions or changes.
Secure Personal Information: Change passwords for online accounts, especially those linked to banking and financial services, and enable two-factor authentication where available.
Stay Alert to Phishing: Be cautious of unsolicited communications asking for personal or financial information, even if they appear to be from legitimate sources.
This incident underscores the critical importance of cybersecurity vigilance and the need for robust protective measures to guard against the ever-present threat of cyberattacks and data breaches.
Microsoft has announced a comprehensive security update as part of its February 2024 Patch Tuesday, targeting 73 vulnerabilities across its software range. Highlighting the urgency of these patches are two zero-day vulnerabilities currently under active exploitation. This batch includes fixes for 5 Critical, 65 Important, and 3 Moderate severity issues, alongside 24 flaws rectified in the Chromium-based Edge browser since January 2024's updates.
Key vulnerabilities under active exploitation include:
CVE-2024-21351 (CVSS score: 7.6): A security feature bypass vulnerability in Windows SmartScreen, allowing malicious code injection with potential for data exposure or system unavailability.
CVE-2024-21412 (CVSS score: 8.1): A vulnerability in Internet Shortcut Files that enables unauthenticated attackers to bypass security features through specially crafted files.
Microsoft elaborates that CVE-2024-21351 could allow attackers to circumvent SmartScreen protections to execute arbitrary code, provided they can convince a user to open a malicious file. Similarly, CVE-2024-21412 involves social engineering to induce users to click on malicious file links, bypassing security checks.
CVE-2024-21351 is notably the second SmartScreen bypass flaw addressed following CVE-2023-36025, which hackers exploited to spread various malware. Trend Micro's investigations into CVE-2024-21412 revealed its use in sophisticated zero-day attack chains by Water Hydra (aka DarkCasino) against financial market traders, marking a significant threat evolution.
Both vulnerabilities are now listed in the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalogue, with a recommended patch deadline of March 5, 2024, for federal agencies.
Critical flaws patched in this update include vulnerabilities in Windows Hyper-V, Windows PGM, Microsoft Dynamics, Microsoft Exchange Server, and Microsoft Outlook, with CVE-2024-21410 and CVE-2024-21413 receiving the highest severity ratings. These vulnerabilities pose significant risks, including remote code execution and elevation of privilege, which could lead to comprehensive system or data compromise.
The update also addresses a longstanding design flaw in the DNSSEC specification, CVE-2023-50387 (KeyTrap), capable of stalling DNS resolvers through CPU resource exhaustion, demonstrating the complexity and age of some vulnerabilities being addressed.
Recommendations
Apply Patches Promptly: Prioritise the installation of Microsoft's February 2024 security updates to mitigate the vulnerabilities.
Educate Users: Increase awareness about the risks of opening unsolicited attachments or clicking on unknown links.
Enhance Monitoring: Implement advanced security monitoring to detect and respond to signs of compromise quickly.
*Subscribe to our newsletter
.svg)
.png)
.png)
