Microsoft revealed on Friday that its corporate email servers were breached by the hacking group Midnight Blizzard, which is believed to be funded by the Russian-sponsored online crime group Nobelium. The cyberattack, which occurred on January 12th, targeted customer data and information belonging to Seattle-based staff. Evidence suggests that the data theft was likely planned in November 2023 when Microsoft was subjected to a password spray attack. The attackers seemingly leveraged credentials obtained in last year’s breach to access and steal email content.
In a separate incident, Tietoevry Cloud Hosting, based in Sweden, fell victim to a ransomware attack by the AKIRA malware group. This led to significant disruptions in data center operations, affecting companies such as Moelven, Rusta, Grangnarden, Primula, and Filmstaden. Several municipalities and universities also confirmed disruptions in their services due to the attack.
The third incident involves TeamViewer, a widely used remote access service, targeted by the LockBit Ransomware group 3.0. While the initial attempts did not disrupt services, one attempt allowed criminals to gain access to a network from an endpoint device. Cybersecurity firm Huntress detected and flagged this ongoing campaign related to the spread of crypto-mining software.
India’s CERT team issued a red alert against potential cyber attacks on government websites, orchestrated by cybercriminals funded by a neighboring nation. The attacks were planned as a diversion during the celebration of Lord Ram’s consecration in Ayodhya. The Information and Technology Ministry of India, however, assures proactive measures to counter these attacks.
The Veeam Data Protection Trends report predicts a 24% surge in cybersecurity spending in 2024. The increase is attributed to the widespread rise in ransomware attacks, which pose a severe threat to businesses. Additionally, the report also emphasized on the fact that the recently concluded year saw cyber attacks as the number one cause for business outages in America.
According to research by Checkpoint Software, cyber attacks on the American populace and companies have reached an all-time high in the past two years. The education and research sectors have been particularly affected due to the sensitive information they hold. Additionally, geopolitical events like the Israeli war with Hamas and Russia’s conflict with Ukraine have spurred the emergence of criminal groups seeking monetary gains in the cybercrime domain.
A North Korea related hacking group dubbed ScarCruft is found targeting employees working for media organizations with data stealing cyber attacks. First they started to launch digital assaults on South Korean media companies. But their focus seems to have shifted now to those operating in the United States. The group also known as InkySquid or APT37 started to target academic sector operating in South Korea since July 2023 and then shifted the focus to media organizations since November last year. Now, in this new year, the focus seems to have shifted towards media organizations functioning in the west.
The global fast-food chain, Subway, has recently become the focal point of attention due to an attack by the LockBit 3.0 ransomware gang. This group of cybercriminals asserts that they have successfully pilfered a multitude of files containing sensitive information, including employee salaries, franchise royalty payments, card payment details, and annual turnover data for the chain’s restaurants. In a notice issued on January 21, 2024, the hackers have set a deadline of 10 days, until February 2 of the same year, for Subway to fulfill a ransom payment. Failure to comply within the specified time frame would result in the gang either leaking or selling the pilfered data on the dark web.
