Cyber Security Hub takes a look at the most significant cyber security incidents in November.
Healthcare delivery system McLaren Health Care notified around 2.2 million individuals that their personal information was compromised in a data breach earlier this year. The Michigan-based company said hackers accessed its systems between late July and August in a breach notice filed with Maine’s attorney general.
Exposed information includes Social Security numbers, health insurance information, medical information including billing or claims information, medical record numbers, prescription/medication information and diagnostic and treatment information, according to McLaren. Notorious ransomware gang BlackCat/ALPHV claimed responsibility for the attack, though McLaren has not confirmed whether it has received or paid a ransom demand.
A cyber attack on Toyota’s European and African financial services department forced the car maker to take systems offline. In a statement, Toyota Financial Services Europe and Africa said it identified unauthorized activity on systems in a limited number of its locations before taking certain systems offline to investigate. The Medusa ransomware group claimed responsibility for the attack and said it has stolen data from the car giant, giving the company 10 days to pay a US $8 million ransom.
Toyota’s internet-accessible systems were vulnerable to the “Citrix Bleed” vulnerability that affects Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances, according to cyber security expert Kevin Beaumont.
Sensitive information of employees at the Idaho National Laboratory (INL), part of the US Department of Energy, was exposed following a data breach at the advanced nuclear energy testing lab. The breach occurred on Sunday November 19.
An unnamed hacktivist group claimed responsibility for the incident, alleging to have obtained “hundreds of thousands” of data points from the INL. This reportedly includes dates of birth, email addresses, phone numbers, Social Security numbers, physical addresses and employment information.
The breach highlights the severity of cyber threats and the potential consequences for both individuals and national security, commented Erfan Shadabi, cybersecurity expert at comforte AG.
In an unprecedented move, ransomware group BlackCat/APLHV reported one of its victims to the US Securities and Exchange Commission (SEC) for failing to comply with a four-day cyber attack disclosure rule. This came after it claimed to have breached and stolen data from software company MeridianLink.
The gang said it breached MeridianLink’s network on November 7 and stole company data without encrypting systems, giving the victim a 24-hour deadline to pay a ransom before it would publish the information.
An apparent lack of response appeared to prompt the hackers to exert more pressure by sending the complaint to the SEC about the incident that impacted “customer data and operational” information. However, the newly-formed cyber attack notification rule (Form 8-K, under Item 1.05) that it accused MeridianLink of breaking had not actually come into force yet.
The Canadian Government suffered a data breach after contractor hacks exposed the sensitive information of an undisclosed number of employees. The breaches occurred last month (October 19) and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, which provide location services to Government workers.
The Government said it took immediate action to investigate the breach which involves information held by the companies about current and former employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel. Details on specific individuals impacted were not shared at the time of writing, but the preliminary information indicates that breached information could belong to anyone who has used relocation services as early as 1999, the Government stated.
The LockBit ransomware group claimed responsibility for breaching SIRVA’s systems, leaking what appear to be archives containing 1.5TB of stolen documents.
Affiliates of the LockBit ransomware group have been detected actively exploiting the “Citrix Bleed” vulnerability, a cyber security advisory warned. The flaw affects Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. It allows threat actors to exploit and bypass password requirements and multifactor authentication (MFA) to hijack legitimate user sessions and acquire elevated permissions to harvest credentials, move laterally and access data and resources.
“Malware identified in this campaign is generated beginning with the execution of a PowerShell script which concatenates two base64 strings together, converts them to bytes and writes them to the designated file path,” according to the advisory.
General Electric (GE) revealed that it is investigating claims that a threat actor breached the company’s development environment in a cyber attack and leaked allegedly stolen data. This came after “IntelBroker” attempted to sell access to GE’s “development and software pipelines” for $500 on a hacking forum, before posting again to say they would be selling both the network access and the allegedly stolen data.
GE confirmed it is aware of the hacker’s claims and is investigating the alleged data leak, reported Bleeping Computer. “We are aware of claims made by a bad actor regarding GE data and are investigating these claims. We will take appropriate measures to help protect the integrity of our systems,” said a GE Spokesperson. The American multinational company has divisions in power, renewable energy and aerospace industries.
Get the latest insights on the cyber threat landscape
Download our ‘Mid-Year State of Cyber Security Report’ to learn about the current challenges that cyber security practitioners in Europe, the Middle East, Africa, and North America are facing, and discover where they are focusing their investment decisions in 2023 and beyond.
Download our ‘Mid-Year State of Cyber Security Report’ to learn about the current challenges that cyber security practitioners in Europe, the Middle East, Africa, and North America are facing, and discover where they are focusing their investment decisions in 2023 and beyond.
March 18 – 19, 2024
Heathrow Marriott Hotel, London
19 – 21 March, 2024
Sheraton Ann Arbor Hotel, Ann Arbor, MI
June 11 – 13, 2024
Melbourne, Victoria
Insights from the world’s foremost thought leaders delivered to your inbox.
2021-05-19
01:00 PM – 02:00 PM EST
2021-06-09
11:00 AM – 12:00 PM EDT
2021-09-08
11:00 AM – 12:00 PM EST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.
