Windows TCO: the Cost of Microsoft
-
The Register UK ☛ CDK Global said to have paid $25M ransom after cyberattack
Last week, CDK restored services to car dealerships across the US after a two-week outage caused by a "cyber incident" that looked a lot like a ransomware infection. The shutdown of CDK's software platform caused chaos for up to 15,000 car dealerships, including the Asbury, AutoNation, Group 1, Lithia, and Sonic chains, stopping sales going through and registrations being filed in some states.
CDK hasn't yet disclosed how exactly it was able to get its business back online, but CNN cites sources who claim the software firm had to pay a ransom of $25 million to the ransomware's operators.
-
CNN ☛ How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom
CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the [crooks], multiple sources familiar with the matter told CNN.
The company has declined to discuss the matter. Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer. But data on the blockchain that underpins cryptocurrency payments also tells its own story.
-
Threat Source ☛ Checking in on the state of cybersecurity and the Olympics
With the 2024 Olympics’ Opening Ceremony only two weeks away now, there is one thing that’s an absolute guarantee of one thing happening during the traditionally unpredictable games: Cyber attacks.
Every time there is a new Olympic Games, there’s a renewed discussion about how threat actors, hacktivists and state-sponsored groups are all gearing up to try to disrupt the games in some way. The Opening Ceremony at the 2018 Olympic Games in South Korea was disrupted by a major cyber attack called Olympic Destroyer, briefly pausing ticket-taking operations and taking down several Olympics-related websites.
-
Krebs On Security ☛ Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
“Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident,” the FBI statement reads. “In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety. AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”
-
Scoop News Group ☛ Phone, text message records of ‘nearly all’ AT&T customers stolen
An AT&T spokesperson confirmed the data was pulled from Snowflake, making this incident one of the most significant data exfiltration attacks tied to the cloud platform’s recent security woes. AT&T said that they believe at least one person linked to the breach is under federal custody, per the company’s SEC filing describing the incident.
-
Semafor Inc ☛ Data breach exposes data of ‘nearly all’ AT&T customers
The disclosure comes just days after a report showed that billions of passwords had been leaked in potentially the biggest incident of its kind, and massive ransomware attacks earlier this year targeted US health tech company Change Healthcare, as well as the UK’s National Health Service. An International Monetary Fund study estimated that ransomware attacks have more than doubled since the pandemic.
-
Security Week ☛ Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks
Patched in March 2023, the exploited security defect is tracked as CVE-2023-27532 (CVSS score of (CVSS score of 7.5). Proof-of-concept (PoC) code targeting it was published shortly after, and the first exploitation of unpatched Veeam Backup & Replication instances was seen in April 2023.
-
Tripwire ☛ RansomHub Ransomware - What You Need To Know
Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence.
It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware code and infrastructure, and rents it out to other cybercriminals who act as affiliates.