Welcome to the latest edition of the Cyber Safe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.
Boeing Investigates LockBit Ransomware Breach Claims
Aerospace company Boeing is evaluating claims made by the ransomware group LockBit, which asserts it has acquired a significant amount of sensitive data from Boeing, according to Info Security Magazine. The group warned that the data would be published unless Boeing contacts them before a specified deadline, and the company has until November 2 to pay an undisclosed ransom to prevent the data from being made public.
LockBit is a highly active ransomware-as-a-service group responsible for numerous attacks. It has allegedly made around $91 million from US victims alone since January 2020. Boeing has yet to confirm whether it will engage with LockBit’s demands, with its response likely dependent on the quality of the exfiltrated data.
While LockBit typically provides decryption keys after receiving ransom payments, there is always a risk of data not being recovered, and paying ransoms to ransomware groups is illegal in many countries. Security experts recommend that organisations affected by ransomware contact their countries’ cyber security agencies for assistance.
Hear more about this particular scenario on our latest Neuways Cyber Safe Digest Podcast, brought to you by the experts at Neuways.
‘My business had £1.6m stolen in 20 minutes’ – The impact of cyber attacks on small businesses
Kent Brushes, a company established in 1777 that supplies hairbrushes to the Royal Family, suffered a significant blow when £1.6 million was stolen through a sophisticated authorised push payment (APP) scam. The firm, with around £11 million in turnover and several dozen employees, does not have the same protections as individual consumers regarding fraud, leading to delays in recovering the stolen funds.
How can cyber attacks affect small and medium enterprises?
The boss of the small business in the UK affected by the cyber attack is highly critical of the response from authorities after his company lost £1.6 million in a matter of minutes due to fraud. An employee was tricked into giving access to the company’s account, leading to a substantial loss. The business owner, Steve Wright, expressed frustration with both his bank and Action Fraud for their handling of the case.
In related news, the Home Office recorded 1.25 million fraud cases in the year ending March 2023, with only about 4% of cases investigated and roughly 4,000 resulting in court proceedings.
Despite the severity of the crime, the bank has not refunded the money, no arrests have been made, and there is no sign of further investigation. Mr Wright criticised the handling of the case, emphasising the need for serious attention to such crimes.
As for Kent Brushes, Mr Wright stated that the company is resilient but had to reevaluate its cyber security strategies following the theft, resulting in a slower rollout of new products to maintain financial stability. Despite the setback, all staff received their pay on time.
One month after the theft, Action Fraud sent a letter to Mr Wright stating “case closed,” but it was later revealed that the crime details were recorded incorrectly. The bank, Barclays, noted that the customer had fallen victim to a sophisticated scam, but it maintained that the business would be held liable.
BlackCat ransomware group claims major cyber attack on LBA Hospitality
The ALPHV/BlackCat ransomware group has announced that it successfully targeted LBA Hospitality, one of the largest hospitality management companies in the United States, and managed to steal approximately 200 GB of sensitive data from the firm’s servers. The company oversees nearly one hundred hotels operating under four major brands: Marriott, Hilton, Holiday Inn, and Best Western. All very big names who are all well-renowned in the UK.
According to information, the infamous ALPHV/BlackCat ransomware group infiltrated LBA Hospitality’s internal systems and identified the company as a victim of its data leak platform. The ransomware group has claimed to have exfiltrated approximately 200 GB of susceptible data from the company’s primary servers and has given LBA Hospitality a three-day ultimatum to make a ransom payment. Failure to comply would result in the publication of the stolen data.
In a statement posted by ALPHV/BlackCat, the group stated, “You have three days to contact us to decide this pity mistake, which made your IT department decide what to do in the next step. If you prefer to keep silent, we will begin publicising the data, most consisting of citizens’ confidential documents.”
The group alleges that the stolen data includes employees’ personal information, such as CVs, IDs, driver’s license numbers, Social Security Numbers, financial reports, accounting data, loan records, insurance agreements, etc. Additionally, the group claims to possess information about LBA’s clients, including their driver’s license numbers, other IDs, Social Security Numbers, financial data, credit card details, loan records, agreements, and more. The stolen database also contains confidential commercial data.
LBA Hospitality has yet to issue many comments regarding the claims made by the ransomware group, so it remains uncertain whether the cyber threat actors’ assertions are accurate or if the company intends to comply with the hacker group’s ransom demands.
The BlackCat ransomware group is also known for its involvement in a significant cyber attack on MGM Resorts International, which resulted in 31 MGM property websites and the company’s mobile rewards app being taken offline.
Per a post on social media platform X from vx-underground, the hacker group claimed to have infiltrated MGM Resorts’ network using social engineering tactics. The post read, “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
—————————————————————————————————————————–
Contact Neuways to help your business become
Cyber Safe
If you need any assistance with cyber security assistance, then please contact Neuways and we will help you where we can. Just get in touch with our team today.
