Cyber Security Report for May 17

The cyber security report is a unique report that covers cyber incidents reported in the past 24 hours. We cover cyber incidents or cyber attacks that have been reported from all over the world.

The list of cyber security incidents gets updated as the day progresses. You can find yesterday’s cyber security incident report on this page.

Capita Data Breach

Capita is the subject of another data breach incident. This comes after the March 2023 data breach incident that was carried out by the Black Basta ransomware threat actor.

The latest cyber attack has been brought to the attention by the Colchester Council. This data breach occurred through an unsecured Amazon data bucket. The AWS bucket was used by Capita to store the database of its customers.

Capita has stated that it is working to investigate the data breach. It may be too early to speculate about the nature and impact of the latest data breach involving Capita. We will update the story as we hear from Capita.

UK based Services firm Capita was the subject of a cyber attack in March 2023. The first disruption was reported on 31st March 2023. It has emerged that Capita came under attack from the Black Basta threat actor.

Capita is an outsourcing firm that provides services to Government firms, city councils and big companies in the United Kingdom. The data breach may have impacted over 350 pension funds in the UK.

The details and impact of the cyber attack are shared in brief:

  • Capita is a publicly traded firm in the United Kingdom.
  • It has over 50000 employees and enjoys UK Government contracts worth over $8 billion.
  • Capita confirmed a cyber incident on 3rd April through a released statement.
  • Universities Superannuation Scheme is one of the clients of Capita. USS has reported that personal records of over 470,000 active, deferred, and retired members may have been accessed by the hackers.
  • Samples of information being listed included bank account details, personal information for teachers applying for jobs, as well as names, email addresses, and other contact information
  • Colchester Council has advised its residents that personal details may have been accessed by the hackers on account of “the unsafe storage of personal data by its financial services contractor, Capita.” It has directly blamed Capita for maintaining weak security for the digital assets and infrastructure.
  • Black Basta ransomware operator infiltrated Capita’s network with Qakbot malware on 21st March 2023. It accessed data over the next few days, and this has been corroborated by Kevin Beaumont in his incident report.
  • Subsequent to the data breach incident, Black Basta tried to encrypt the data. However, the ransomware attack was isolated and Capita shut off the systems to prevent further damage on 31st March.
  • Capita has claimed that the data breach has not led to any adverse use.
  • Black Basta had initially posted Capita’s name on its victim list. However, it removed Capita’s name after a few days. This makes many believe that Capita paid the ransom demands to secure the data of its customers.
  • As per analysts, the cleanup costs for this ransomware attack could cost Capita $25 million

Source – FT

Scansource

Nasdaq-listed Scansource (SCSC) has released a public statement about a recent cyber incident. The cyber attack is in the nature of a ransomware attack that was detected on 14th May 2023. Here are brief details of the incident.

  • The company is in the middle of a forensics audit as its systems have been a subject of a recent ransomware attack.
  • The website of the company is working fine.
  • The remediation process is expected to follow a graded approach.
  • No ransomware threat actor has claimed ownership of this ransomware attack yet.
  • The true impact and scope of the ransomware incident are likely to be uncovered over the next few days or weeks.

Scansource is a leading hybrid distributor connecting devices to the cloud and accelerating growth for customers across hardware, SaaS, connectivity, and cloud.

Emirates National Oil Company

UAE’s Emirates National Oil Company (ENOC) has come under a DDoS attack from the Anonymous Sudan group of threat actors. The brief details of the cyber incident are reported below:

  • ENOC website is unreachable as we write this.
  • There has been no confirmation of the DDoS attack by ENOC. The Twitter profile for the company works fine.
  • Anonymous Sudan group of hackers, primarily, targets the websites of the attacked entities.
  • It remains unclear if the DDoS attack has caused any disruptions in operations at the ENOC.
  • It also remains unclear if the DDoS attack has affected the public-facing IT infrastructure of the ENOC.

Lacroix Group Ransomware attack

A ransomware attack has been reported on the French company Lacroix Group. The brief details of this incident are shared below:

  • Lacroix has shut down its plants in France, Germany, and Tunisia after reports of a ransomware attack.
  • The threat actor behind the attack remains unconfirmed at this point.
  • Lacroix expects to resume plants on 22nd May 2023.
  • We believe that the Lacroix group is in the middle of a forensics audit to gauge the impact of the ransomware attack.

Source – Security Affairs

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.