Every week CS Hub covers an Incident of the Week and explores what happened in a recent cyber-attack or data breach as well as what security professionals can learn from the attack.
In this overview discover how car rental company Sixt dealt with a recent cyber incident, why greeting card retailer Funky Pigeon halted orders and the reason social engineering attacks remain a threat to businesses.
Car rental chaos after DNS incident
Car rental company Sixt confirmed on 1 May 2022 that it had detected IT irregularities on 29 April and had been subject to a cyber-attack. The attack resulted in a number of customer services being taken offline, resulting in many disgruntled Sixt patrons.
While the cause or type of attack was not disclosed, Andy Jenkinson, group CEO at CIP, commented that the company has shown vulnerabilities in their Domain Name System (DNS) which was exposed and insecure. Read the full story here.
Funky Pigeon goes offline
WHSmith subsidiary and online card retailer Funky Pigeon was forced to halt all online orders as it dealt with a cyber security incident which occurred on 14 April 2022. The company said customer data was not at risk but it was investigating the extent to which any personal data had been accessed.
Michael Stout, a UK-based contract CISO and cyber security consultant, said it looked to be a “straightforward data exfiltration attempt” where an attacker seeks to steal information from a system”. Read the full story here.
Ukraine keeps up the battle
Since the start of the war in Ukraine the nation’s government and critical infrastructure has been subjected to a tidal wave of cyber-attacks. Ukraine’s Governmental Computer Emergency Response Team of Ukraine (CERT-UA) confirmed on 12 April 2022 that it had taken urgent measures in response to a security incident related to a targeted cyber-attack on Ukraine’s energy facilities.
CERT-UA said the attack was carried out by the Russian Sandworm group using malware including Industroyer2 and CaddyWiper. Read the full story here.
Mailchimp falls victim to social engineering
Email marketing company Mailchimp disclosed on 4 April 2022 that it had been targeted by hackers who gained access to and exported information from Mailchimp accounts. Bitcoin wallet, Trezor, was at the heart of the incident after it confirmed it was affected following an insider compromise of a newsletter database hosted on Mailchimp.
Social engineering attacks are growing more sophisticated. Read the full story here.
Lapsu$ gang infiltrates Okta and Microsoft
The Lapsus$ hacker group targeted Microsoft and Okta in recent breaches confirmed by both technology organizations in March 2022. The Lapsus$ hacking group is based in Brazil, South America and, according to Microsoft, is known for using a pure extortion and destruction model without deploying ransomware payloads.
The Okta incident led to a spate of statements from the company’s CSO, David Bradbury and in April 2022 the company released a comprehensive conclusion of its investigation into the compromise. Read the full story here.