Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Company Breach. Show all posts
Technology
Black Basta Company Breach Ransomware Stolen Data Technology

Securing Sensitive Data: Lessons from Keytronic’s Recent Breach


Keytronic, a prominent printed circuit board assembly (PCBA) manufacturer, recently confirmed a significant data breach. The breach occurred after the Black Basta ransomware gang leaked over 500GB of the company’s stolen data. In this blog post, we delve into the details of the breach, its impact, and Keytronic’s response.

The Breach Details

Attack Timeline 

The breach came to light two weeks ago when Black Basta claimed responsibility for the attack. Keytronic had reported the cyberattack in an SEC filing over a month ago, on May 62.

Operational Disruption 

The attack disrupted Keytronic’s operations, limiting access to critical business applications. As a result, the company had to shut down domestic and Mexico operations for two weeks to address the incident.

Stolen Data

The stolen data included sensitive information such as human resources, finance, engineering, and corporate data. Black Basta shared screenshots of employees’ passports, social security cards, customer presentations, and corporate documents2.

As required by new SEC criteria, the Company has also stated that the attack and loss of production will have a material impact on its financial position in the fourth quarter of 2024, ending on June 29.

Impact and Response

Personal Information Compromised: Keytronic confirmed that personal information was stolen during the breach. The threat actor accessed and exfiltrated limited data from the company’s environment, including personally identifiable information.

Financial Implications: The resulting production loss could impact Keytronic’s financial condition for the fourth quarter, which ends on June 29. The company incurred approximately $600,000 in expenses for external cybersecurity experts, with more costs anticipated.

Lessons Learned

The company has already spent around $600,000 on hiring external cybersecurity experts and expects to pay more. While Keytronic could not identify a specific threat group, the Black Basta ransomware organization claimed the attack two weeks ago, revealing what they claim is all of the stolen data.

The threat actors say that the attack stole human resources, finance, engineering, and business data, and they have shared photos of employee passports and social security cards, as well as customer presentations and company documents.

Black Basta Ransomware

The Black Basta ransomware operation began in April 2022 and is thought to be made up of former members of the Conti ransomware operation, which broke into smaller groups after it shut down.

Black Basta has since grown to be one of the biggest and most damaging ransomware operations, responsible for a large number of attacks, including those against Capita, Hyundai's European division, the Toronto Public Library, the American Dental Association, and, most recently, a ransomware attack on U.S. healthcare giant Ascension.

Between April 2022 and May 2024, a ransomware campaign breached 500 businesses and stole data from at least 12 out of 16 key infrastructure sectors, according to CISA and the FBI.
Read more »
FBI
Company Breach Cyber Attacks data security Facebook FBI

Behind the Breach: How ARRL Fought Back Against Cyber Intruders


The American Radio Relay League (ARRL), the primary body for amateur radio in the United States, has released new details about the May 2024 cyberattack. The ARRL cyberattack took down its Logbook of the World (LoTW), leaving many members dissatisfied with the organization's perceived lack of information.

ARRL Targeted in Sophisticated Cyber Attack

According to a recent ARRL update, on or around May 12, 2024, the company was attacked by a rogue international cyber gang via its network. When the ARRL cyberattack was discovered, the organization quickly contacted the FBI and enlisted the assistance of third-party specialists in the investigation and cleanup efforts.

The FBI classified the ARRL cyberattack as "unique," owing to its nature of infiltrating network devices, servers, cloud-based services, and PCs.

ARRL's management swiftly formed an incident response team to contain the damage, repair servers, and test apps for appropriate operation.

In a statement, ARRL reiterated its commitment to resolve the issue: thank you for being patient and understanding as our staff works with an exceptional team of specialists to restore full operation to our systems and services. We will continue to provide members with updates as needed and to the degree possible."

The Attack

The cyber attack on ARRL was well-coordinated and multifaceted:

  • Infiltration: The attackers gained unauthorized access to ARRL’s network devices and servers. They exploited vulnerabilities, likely through phishing emails or compromised credentials.
  • Scope: The attack affected various systems, including communication channels, member databases, and administrative tools. The attackers aimed to disrupt services and compromise sensitive information.
  • Attribution: While ARRL has not publicly disclosed the identity of the cyber group, experts believe it to be an international entity with advanced capabilities.

ARRL’s Response

  • Emergency Measures: ARRL immediately isolated affected systems, shut down compromised servers, and engaged cybersecurity experts to assess the damage.
  • Collaboration with Law Enforcement: The organization promptly reported the incident to the FBI, which launched an investigation. Cooperation with law enforcement agencies is crucial in such cases.
  • Transparency: ARRL communicated transparently with its members, providing regular updates via email, website announcements, and social media. Transparency builds trust and helps members stay informed.
  • Recovery Efforts: ARRL worked tirelessly to restore services. Backups were crucial for data recovery, and the organization implemented additional security measures.

Lessons Learned

  • Vigilance: Organizations, regardless of size, must remain vigilant against cyber threats. Regular security audits, employee training, and robust incident response plans are essential.
  • Collaboration: Cybersecurity is a collective effort. Collaboration with law enforcement, industry peers, and security experts enhances resilience.
  • Communication: Transparent communication during a crisis fosters trust and ensures that affected parties receive timely information.
Despite ARRL's efforts, many members believed that the organization was not open with information. A Facebook user wrote a lengthy article criticizing ARRL's communication technique.

Read more »
Subscribe to: Posts (Atom)