Welcome to the latest edition of the Cyber Safe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.
Here are the most prominent threats which you should be aware of:
Boeing sensitive data allegedly leaked after ransomware gang threat ‘ignored’
LockBit, a ransomware gang we always seem to mention in our Cyber Threats updates recently, has reportedly leaked sensitive data from Boeing after the US aircraft manufacturer allegedly ignored warnings. On October 27, 2023, LockBit claimed to have stolen a substantial amount of sensitive data from Boeing, threatening to leak it online unless a ransom was paid by November 2, 2023. Boeing acknowledged the attack on November 1, stating that it impacted parts and distribution business but not flight safety.
On November 6, 2023, Cybernews published a screenshot from LockBit’s dark web site, indicating the timer had stopped on November 2, 2023, the alleged ransom deadline. LockBit accused Boeing of ignoring warnings and announced the release of a 4GB sample data batch, with a threat to publish half a terabyte in a few days without positive cooperation.
Between October 30-31, 2023, Boeing was reportedly removed from LockBit’s hack threat list, fueling speculation of negotiations. The leaked Boeing data included training materials, a list of technical suppliers, names, locations, and phone numbers of suppliers and distributors in Europe and North America, as well as financial details.
LockBit, known for double extortion tactics, encrypts data and threatens to leak it. The group’s Russian-speaking operators are considered prolific and destructive, launching 1,700 attacks on US organisations from January 2020 to June 2023, collecting around $91 million. Boeing is actively investigating, collaborating with authorities, and notifying customers and suppliers.
Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
Okta has attributed the recent breach of its support system to an employee logging into a personal Google account on a company-managed laptop. This action exposed credentials, enabling the theft of data from multiple Okta customers, including cyber security companies BeyondTrust and Cloudflare.
According to the Okta security chief, the internal lapse was the “most likely avenue” for the breach that impacted approximately 1% of Okta customers from September 28, 2023, to October 17, 2023. The threat actor gained unauthorised access to files within Okta’s customer support system, including HAR files containing session tokens susceptible to session hijacking attacks.
The hackers used these session tokens to hijack legitimate Okta sessions for five customers by leveraging a service account with permissions to view and update customer support cases. The company revealed that an employee had signed into their personal Google profile on the Chrome browser of their Okta-managed laptop, storing the service account’s username and password in their personal Google account.
Acknowledging a failure in internal controls, the leadership team admitted that Okta did not identify suspicious downloads in logs during the active investigation for 14 days. The breach was eventually detected when BeyondTrust shared a suspicious IP address linked to the threat actor.
Okta has been targeted by multiple hacking groups seeking to exploit its infrastructure to infiltrate third-party organisations. In a previous incident in September, a sophisticated hacking group targeted IT service desk personnel to reset multi-factor authentication for high-privilege users. Okta has faced various cyber threats, including the financially motivated 0ktapus campaign targeting its customers the previous year.
Cyber attack hits council computer systems at Comhairle nan Eilean Siar
Western Isles local authority, Comhairle nan Eilean Siar, is grappling with a suspected ransomware attack that has led to substantial disruptions in its IT systems. The council has reported that access to its systems has been compromised, prompting assistance from the Scottish government and computer company Dell to address the situation.
In a ransomware attack, malicious software is employed by hackers to encrypt and pilfer an organisation’s computer data. Comhairle nan Eilean Siar’s Chief Executive, Malcolm Burr, disclosed that the council is collaborating with Police Scotland, the National Cyber Security Centre, and the Scottish government in an ongoing criminal investigation.
The Chief Executive emphasised the severity of the criminal attack on their IT system, causing significant disruptions to services. The council’s top priority is the swift restoration of services to ensure uninterrupted access for those dependent on them. While not all services have been affected, external communications are gradually returning to normal.
It has highlighted the omnipresent threat of cyber attacks to organisations and individuals, underscoring the continuous attempts that their firewall repels on a daily basis from various locations worldwide.
This incident follows a cyber attack in 2020 where the Scottish Environment Protection Agency (Sepa) had thousands of digital files stolen. In February of the current year, Audit Scotland reported some public money being written off as a result, with the full financial impact still undisclosed. Auditor General Stephen Boyle noted that the attack continued to exert a “significant impact” on Sepa’s performance.
Contact Neuways to help your business become
If you need any assistance with cyber security assistance, then please contact Neuways and we will help you where we can. Just get in touch with our team today.