Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Attacks. Show all posts
GPS Spoofing
aviation aviation cyber attacks Cyber Attacks Cybersecurity Attack GPS GPS interference GPS Spoofing

Delhi Airport Hit by Rare GPS Spoofing Attacks Causing Flight Delays and Diversions

 


Delhi’s Indira Gandhi International Airport witnessed an unusual series of GPS spoofing incidents this week, where fake satellite signals were transmitted to mislead aircraft about their real positions. These rare cyber disruptions, more common in conflict zones or near sensitive borders, created severe flight congestion and diversions. 

According to reports, more than 400 flights were delayed on Friday alone, as controllers struggled to manage operations amid both spoofing interference and a separate technical glitch in the Air Traffic Control (ATC) system. The cascading impact spread across North India, disrupting schedules at several major airports. Earlier in the week, Delhi Airport ranked second globally for flight delays, as reported by the Times of India. 

At least seven flights had to be diverted to nearby airports such as Jaipur and Lucknow, even though all four of Delhi’s runways were fully operational. On Tuesday, the Navigation Integrity Category value—a critical measure of aircraft positioning accuracy—fell dramatically from 8 to 0, raising alarms within the aviation community. Pilots reported these irregularities within a 60-nautical-mile radius of Delhi, prompting the Directorate General of Civil Aviation (DGCA) to initiate an investigation, as confirmed by The Hindu. 

The situation was worsened by the temporary shutdown of the main runway’s Instrument Landing System (ILS), which provides ground-based precision guidance to pilots during landings. The ILS is currently being upgraded to Category III, which will allow landings even in dense fog—a major requirement ahead of Delhi’s winter season. However, its unavailability has forced aircraft to rely heavily on satellite-based navigation systems, making them more vulnerable to spoofing attacks. GPS spoofing, a complex form of cyber interference, involves the deliberate transmission of counterfeit satellite signals to trick navigation systems. 

Unlike GPS jamming, which blocks genuine signals, spoofing feeds in false ones, making aircraft believe they are in a different location. For example, a jet actually flying over Delhi could appear to be over Chandigarh on cockpit instruments, potentially leading to dangerous course deviations. Such cyber manipulations have grown more frequent worldwide, raising serious safety concerns for both commercial and military aviation. 

In India, GPS spoofing incidents are not entirely new. The Centre informed Parliament earlier this year that 465 such cases were recorded between November 2023 and February 2025 along the India-Pakistan border, primarily near Amritsar and Jammu. A report by the International Air Transport Association (IATA) also revealed that over 430,000 cases of GPS jamming and spoofing were documented globally in 2024, a 62% increase from the previous year. The consequences of such interference have sometimes been deadly. 

In December 2024, an Azerbaijan Airlines aircraft crashed in Kazakhstan, reportedly due to Russian anti-aircraft systems misidentifying it amid GPS signal disruption. Earlier this year, an Indian Air Force aircraft flying humanitarian aid to earthquake-hit Myanmar encountered GPS spoofing suspected to originate from Chinese-enabled systems. Data from the GPSjam portal shows India’s borders with Pakistan and Myanmar among the world’s top five regions with poor navigation accuracy for aircraft. 

With Delhi Airport handling over 1,550 flights daily, even brief interruptions can cause widespread delays and logistical chaos. The Airports Authority of India (AAI) has assured that technical teams are working to strengthen the ATC system and implement safeguards to prevent future interference. As investigations continue, the recent incidents serve as a crucial reminder of the evolving cybersecurity challenges in modern aviation and the urgent need for resilient navigation infrastructure to ensure passenger safety in increasingly contested airspace.
Read more »
Jennings O'Donovan
Cyber Attacks Data Leak Engineering firm Ireland Jennings O'Donovan

Cyber Attack Exposes Data of 861 Irish Defective Block Grant Applicants

 

An engineering firm that assesses applications for Ireland's defective concrete blocks grant scheme has been hit by a cyberattack, potentially exposing the personal data of approximately 861 homeowners across multiple counties. The breach targeted Sligo-based consulting firm Jennings O'Donovan, which works with the Housing Agency to evaluate applications under the enhanced defective concrete blocks scheme. 

The incident, first reported in October 2025, resulted in unauthorized access to a limited portion of the company's IT systems. Affected data includes applicants' names, local authority reference numbers, contact details, and technical reports containing photographs of damaged dwellings. However, the Housing Agency confirmed that no financial or banking information was compromised, as this data was stored securely on unaffected systems.

Donegal County was the most severely impacted, with approximately 685 applicants affected, representing over 30% of all Donegal applications to the scheme. Mayo County had 47 affected applicants, while 176 applications from other counties were also caught in the breach. The defective concrete blocks scheme, commonly known as the mica or pyrite redress scheme, provides grants to homeowners whose properties have been damaged by defective building materials containing excessive levels of mica or pyrite.

According to Jennings O'Donovan, the firm experienced a network disruption involving temporary unauthorized access and immediately activated established IT security protocols. The company worked with external specialists to identify, isolate, and mitigate the disruption. The Housing Agency emphasized that its own systems remained unaffected and the incident appears isolated to the single engineering company.

The Housing Agency has contacted all impacted applicants, advising that homeowners who were not contacted were not affected by the breach. Security experts warn that exposed personal data could potentially be used for targeted phishing or social engineering attacks against vulnerable homeowners. Despite the breach, the Housing Agency stated that no material delays to grant applications are expected.

The incident adds further complications to a scheme already facing criticism for processing delays and administrative challenges. As of June 2025, only 164 of 2,796 applicants had completed remediation work on their homes, with €163 million paid out in grants. The cyberattack highlights cybersecurity vulnerabilities in government contractor systems handling sensitive citizen data.
Read more »
Western Sydney University
Cyber Attacks Data Leak Private Data User Security Western Sydney University

Western Sydney University Hit by Major Cyberattack

 

Western Sydney University has suffered a significant cyberattack, marking the latest in a series of incidents targeting the institution since 2023. Sensitive data belonging to students, staff, and alumni—including tax file numbers, bank account details, passport and driver license information, visa and health data, contact information, and even ethnicities—was compromised when threat actors gained access to the university’s Student Management System hosted on a cloud-based platform by a third-party provider. 


The breach was discovered after two instances of unusual activity on August 6 and August 11, 2025. Investigations revealed that unauthorised access occurred through a chain involving external systems linked to the university’s infrastructure between June 19 and September 3, 2025. The attackers subsequently used this stolen data to send out fraudulent emails to students and graduates on October 6, 2025. 

These emails falsely claimed recipients had been excluded from the university or had their degrees revoked, causing widespread concern. Some scam emails appeared especially credible as they included legitimate student numbers and exploited ongoing web vulnerabilities.

The university responded by immediately initiating investigations, directing its third-party supplier to shut down access, and cooperating closely with the NSW Police Cybercrime Squad’s Strike Force Docker. Notably, in June 2025, police arrested a former student, Birdie Kingston, alleged to have played a role in earlier hacks, although officials stopped short of directly connecting this individual to the latest attack.

In recent statements, Vice-Chancellor Professor George Williams apologised for the disruption and emphasised the institution’s ongoing efforts to rectify the issue and bolster cybersecurity. The attack forms part of a troubling pattern of breaches, including incidents involving Microsoft Office 365 and other IT environments exposed since 2023. Data from previous attacks has surfaced on both the dark web and clear web, affecting thousands of current and former students.

WSU has advised affected community members to change passwords, enable multi-factor authentication, and avoid using the same password across multiple online accounts. Victims are encouraged to follow university guidance and make use of support services available. The institution continues to work with law enforcement and remains on high alert for further attacks.
Read more »
North Korean Hackers
Bybit crypto hack cryptocurrency theft Cyber Attacks DPRK nuclear funding fake remote tech jobs North Korea cyberattacks North Korean Hackers

North Korean Hackers Steal Billions Through Crypto Heists and Fake Remote Jobs to Fund Nuclear Program, Report Reveals

 

North Korean hackers have siphoned off billions of dollars by breaching cryptocurrency exchanges and using false identities to secure remote tech jobs abroad, according to a new international assessment of the country’s cyber operations.

The 138-page report, released by the Multilateral Sanctions Monitoring Team—a coalition including the U.S. and 10 allied nations—found that Pyongyang’s government directs these covert schemes to bankroll its nuclear weapons research and development. The group was established last year to track North Korea’s adherence to U.N. sanctions.

The findings reveal that North Korea has leveraged cryptocurrencies to launder illicit funds and procure military equipment, effectively evading global restrictions tied to its nuclear ambitions. Investigators noted that hackers linked to Pyongyang routinely deploy malware against international corporations and institutions, aiming to disrupt systems and exfiltrate sensitive data.

Despite its isolation and limited economic power, North Korea has made substantial investments in offensive cyber warfare, achieving a level of sophistication that rivals China and Russia, the report concluded. Unlike other major cyber actors such as China, Russia, and Iran, North Korea primarily uses its hacking operations as a financial lifeline—employing cyberattacks and fake employees to generate state revenue.

The report further stated that, aided by actors in Russia and China, North Korea’s cyber campaigns have “been directly linked to the destruction of physical computer equipment, endangerment of human lives, private citizens’ loss of assets and property, and funding for the DPRK’s unlawful weapons of mass destruction and ballistic missile programs.”

The monitoring team—comprising the U.S., Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, South Korea, and the United Kingdom—was created after Russia vetoed a U.N. Security Council resolution that previously empowered a panel of experts to oversee North Korea’s sanctions compliance. Its initial report in May examined North Korea’s military aid to Russia.

Earlier this year, hackers tied to North Korea executed one of the largest cryptocurrency thefts in history, stealing $1.5 billion in Ethereum from the exchange Bybit. The FBI later attributed the theft to a hacker collective operating under North Korea’s intelligence agency.

U.S. authorities have also alleged that thousands of North Korean IT professionals are secretly employed by American companies using stolen or fabricated identities. These workers allegedly infiltrate internal systems and redirect their earnings back to the North Korean regime—sometimes juggling multiple remote jobs simultaneously.

A request for comment sent to North Korea’s mission to the U.N. on Wednesday went unanswered.
Read more »
supply chain security
Automotive Industry Cyberattack cyber attack Cyber Attacks cyber resilience Cyber Risk Management Cybersecurity Breach Data Breach impact industrial cybersecurity Jaguar Land Rover Hack supply chain security

Analysts Place JLR Hack at Top of UKs Most Costly Cyber Incidents


 

It has been said by experts that Jaguar Land Rover (JLR) has found itself at the epicentre of the biggest cyber crisis in UK history, an event that has been described as a watershed moment for British industrial resilience. It was in late August that hackers breached the automaker's computer system, causing far more damage than just crippling its computers. 

The breach caused a sudden and unexpected halt for the nation's largest car manufacturer, revealing how vulnerable modern manufacturing networks really are. Jaguar Land Rover's cyberattack has been classified as a Category 3 systemic event by the Cyber Monitoring Centre (CMC), the third-highest severity level on the five-point scale, emphasising the magnitude of the disruption that resulted. 

According to estimates, the company lost between £1.6 billion ($2.1 billion) and £2.1 billion ($2.8 billion) in losses, but experts warned that losses could climb higher if production setbacks persist or deep damage arises to the company's operational technology. It appears by some distance to be, by some distance, that this incident has had a financial impact on the United Kingdom that has been far greater than any other cyber incident that has occurred, according to Ciaran Martin, chairman of the CMC Technical Committee, in a statement to Cybersecurity Dive.

As the British authorities expressed growing concern after a sobering national cybersecurity review which urged organisations to strengthen their digital defences at the board and executive level, his comments came at the same time that the British government was growing increasingly concerned. National Cyber Security Centre reports that in the past year, 204 national-level cyberattacks have been recorded in the United Kingdom, and there have been 18 major incidents in the country. These include a coordinated social-engineering campaign that targeted major retailers, causing hundreds of millions of dollars worth of damage. 

Taking into account the severity level of the cyberattack on Jaguar Land Rover, the Cyber Monitoring Centre (CMC) has officially classified it as a Category 3 event on its five-point severity scale, which indicates the cyberattack resulted in a loss of between £1 billion and £5 billion and affected over 2,700 UK-based businesses.

During the late August break-up of JLR, which began in late August, an extended production freeze was imposed at the company's Solihull, Halewood, and Wolverhampton facilities, which disrupted the manufacturing of approximately 5,000 vehicles every week. As a result of this paralysis, thousands of smaller contractors and dealerships were affected as well, and local businesses that relied upon factory operations were put under severe financial strain.

A £1.5 billion ($2 billion) loan package was approved in September by British officials in response to the automaker's supplier network issues that had stalled the company's recovery efforts. Executives from the company declined to comment on the CMC's findings. However, they confirmed that production has gradually resumed at several plants, including Halewood and its Slovakia operation, indicating that after weeks of costly downtime, there has been some sign of operational restoration. 

Unlike widespread malware outbreaks, which often target a range of sectors indiscriminately in the hope of spreading their malicious code, this was a targeted attack that exposed vulnerabilities deep within one of Britain's most advanced manufacturing ecosystems in a concentrated area. 

While there was no direct threat to human life from the incident, analysts predicted substantial secondary effects on employment and industrial stability, with reduced demand for manufacturing likely to hurt job security, as production capacities remain underutilised despite the incident. 

As a way of cushioning the blow, the Government of the UK announced it would provide a £1.5 billion loan to help the automaker rebuild its supply chain, and JLR itself offered an additional £500 million to help stabilise operations. Based on the data collected by the CMC as of October 17, the estimated financial damage is about £1.9 billion - a figure that is likely to increase as new information becomes available.

However, the Centre clarified that the conclusions it came to were not based on internal JLR disclosures, but on independent financial modelling, public filings, expert analysis and benchmarks specific to each sector. As a consequence, JLR is expected to be unable to fully recover from the incident until January 2026. However, additional shifts may be introduced, and production will be increased to 12 per cent of pre-incident capacity in an effort to speed the company's recovery. 

In a concluding paragraph, the report urges both UK industries to strengthen their IT and operational systems to ensure a successful recovery from large-scale cyber disruptions. It also urged the government to develop a dedicated framework for the provision of assistance to those victims. It has thus far been agreed that Jaguar Land Rover has declined to comment on the CMC’s evaluation of the issue. 

However, the magnitude of the Jaguar Land Rover breach has been heightened by the intricate network of suppliers that make up the British automotive industry. As an example of what a Range Rover luxury vehicle entails, almost 30,000 individual components are sourced from a vast ecosystem of businesses that together sustain more than 104,000 jobs in the UK.

The majority of these firms are small and medium-sized businesses that are heavily reliant on JLR's production schedules and procurement processes. Approximately 5,000 domestic organisations were disrupted as a result of the cyberattack, which was conducted by the Cyber Monitoring Centre (CMC). This includes more than 1,000 tier-one suppliers, as well as thousands more at tiers two and three. 

Based on early data, approximately a quarter of these companies have already had to lay off employees, with another 20 to 25 per cent in danger of experiencing a similar situation if the slowdown continues. In addition to the manufacturing floor, the consequences have rippled out to other parts of the world as well. 

Dealerships have reported sharp declines in sales and commissions; logistics companies have been faced with idle transport fleets and underutilised shipping capacity; and the local economies around the major JLR plants have been affected as restaurants, hotels, and service providers have lost their customers as a result of the recession. 

The disruption has even affected aftermarket specialists, resulting in the inaccessibility of digital parts ordering systems, which caused them to lose access to their online systems. Though there was no direct threat to human lives, the incident has left a profound human impact—manifesting itself in job insecurity, financial strain, and heightened anxiety among the communities that were affected. 

There is a risk that prolonged uncertainty will exacerbate regional inequalities and erode the socioeconomic stability of towns heavily reliant on the automotive supply chain for their livelihoods, according to analysts. Jaguar Land Rover's unprecedented scale breach underscores the close ties that exist between cybersecurity and the stability of the global economy, which is why it is so sobering that there is a deep relationship between cybersecurity and the success of any business. 

Several analysts believe that this incident serves as a reminder that Britain's corporate and policy leadership should emphasise the importance of stronger digital defences, as well as adaptive crisis management frameworks that can protect interconnected supply networks from cyberattacks.

The automotive giant is rebuilding its operations at the moment, and experts stress the importance of organisations anticipating threats, integrating digital infrastructures across sectors, and collaborating across sectors in order to share intelligence and strengthen response mechanisms in order to remain resilient in the modern era. 

Governments are facing increasing pressure to make industrial cybersecurity a part of their national strategy, including providing rapid financial assistance and technical support to prevent systemic failures. Although JLR's recovery roadmap may have the power to restore production on schedule, the wider takeaway is clear: in an age when code and machine are inseparably linked, the health of the nation's manufacturing future is dependent on the security of its digital infrastructure.
Read more »
ransomware attacks
AI in cybersecurity Cyber Attacks Cyber Extortion Microsoft Digital Defense Report nation-state hackers ransomware attacks

Microsoft Warns: Over Half of Cyberattacks Driven by Extortion and Ransomware, Legacy Security Failing to Keep Up

 


More than 50% of cyberattacks are now motivated by extortion and ransomware, according to Microsoft’s latest Digital Defense Report. The tech giant revealed that outdated security systems are no longer capable of defending against today’s evolving cyber threats.

In its sixth annual report, Microsoft highlighted that around 80% of the cyber incidents its security teams investigated last year were financially motivated.

"That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%," said Amy Hogan-Burney, CVP for Customer Security and Trust at Microsoft.

She added, "Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit."

The report noted that critical public sectors, including hospitals and local governments, are prime targets. These institutions often handle highly sensitive information but operate with limited cybersecurity resources and response capabilities. In many cases, healthcare and other essential services are more likely to pay ransoms due to the critical nature of their operations.

Although nation-state-driven attacks account for a smaller share of total incidents, their volume is steadily increasing. Microsoft’s findings show that China continues its aggressive campaigns across industries to steal sensitive data, using covert systems and exploiting internet vulnerabilities to avoid detection.

Iran has widened its scope, targeting sectors from the Middle East to North America, including shipping and logistics companies in Europe and the Persian Gulf to gain access to valuable commercial data.

Meanwhile, Russia has extended its operations beyond Ukraine, focusing on small businesses in pro-Ukraine countries, perceiving them as softer targets compared to larger corporations.

Microsoft also identified North Korea as a major concern for both espionage and revenue-driven cyber operations. Thousands of North Korean IT workers are reportedly employed remotely by global companies, funneling their salaries back to the regime. When exposed, some of these operatives have shifted to extortion tactics.

"The cyber threats posed by nation-states are becoming more expansive and unpredictable," Hogan-Burney warned. "In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated."

She stressed the importance of collaboration: "This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors."

Microsoft’s report also underscored how artificial intelligence and automation have empowered cybercriminals, even those with minimal expertise, to execute more complex attacks. AI tools are being used to develop malware faster, generate convincing fake content, and enhance phishing and ransomware campaigns.

More than 97% of identity attacks are now password-related, with a 32% surge in the first half of 2025 alone. Attackers commonly exploit leaked credentials and use large-scale password guessing.

"However, credential leaks aren’t the only place where attackers can obtain credentials," Hogan-Burney explained. "This year, we saw a surge in the use of infostealer malware by cyber criminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale."

She added, "Cyber criminals can then buy this stolen information on cyber crime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware."

The report concludes by urging governments to establish stronger frameworks to ensure credible consequences for cyber activities that breach international laws and norms.


Read more »
Ransomware
Artificial Intelligence China Cyber Attacks NCSC Ransomware

NCSC Warns of Rising Cyber Threats Linked to China, Urges Businesses to Build Defences

 



The United Kingdom’s National Cyber Security Centre (NCSC) has cautioned that hacking groups connected to China are responsible for an increasing number of cyberattacks targeting British organisations. Officials say the country has become one of the most capable and persistent sources of digital threats worldwide, with operations extending across government systems, private firms, and global institutions.

Paul Chichester, the NCSC’s Director of Operations, explained that certain nations, including China, are now using cyber intrusions as part of their broader national strategy to gain intelligence and influence. According to the NCSC’s latest annual report, China remains a “highly sophisticated” threat actor capable of conducting complex and coordinated attacks.

This warning coincides with a government initiative urging major UK companies to take stronger measures to secure their digital infrastructure. Ministers have written to hundreds of business leaders, asking them to review their cyber readiness and adopt more proactive protection strategies against ransomware, data theft, and state-sponsored attacks.

Last year, security agencies from the Five Eyes alliance, comprising the UK, the United States, Canada, Australia, and New Zealand uncovered a large-scale operation by a Chinese company that controlled a botnet of over 260,000 compromised devices. In August, officials again warned that Chinese-backed hackers were targeting telecommunications providers by exploiting vulnerabilities in routers and using infected devices to infiltrate additional networks.

The NCSC also noted that other nations, including Russia, are believed to be “pre-positioning” their cyber capabilities in critical sectors such as energy and transportation. Chichester emphasized that the war in Ukraine has demonstrated how cyber operations are now used as instruments of power, enabling states to disrupt essential services and advance strategic goals.


Artificial Intelligence: A New Tool for Attackers

The report highlights that artificial intelligence is increasingly being used by hostile actors to improve the speed and efficiency of existing attack techniques. The NCSC clarified that, while AI is not currently enabling entirely new forms of attacks, it allows adversaries to automate certain stages of hacking, such as identifying security flaws or crafting convincing phishing emails.

Ollie Whitehouse, the NCSC’s Chief Technology Officer, described AI as a “productivity enhancer” for cybercriminals. He explained that it is helping less experienced hackers conduct sophisticated campaigns and enabling organized groups to expand operations more rapidly. However, he reassured that AI does not currently pose an existential threat to national security.


Ransomware Remains the Most Severe Risk

For UK businesses, ransomware continues to be the most pressing danger. Criminals behind these attacks are financially motivated, often targeting organisations with weak security controls regardless of size or industry. The NCSC reports seeing daily incidents affecting schools, charities, and small enterprises struggling to recover from system lockouts and data loss.

To strengthen national resilience, the upcoming Cyber Security and Resilience Bill will require critical service providers, including data centres and managed service firms, to report cyber incidents within 24 hours. By increasing transparency and response speed, the government hopes to limit the impact of future attacks.

The NCSC urges business leaders to treat cyber risk as a priority at the executive level. Understanding the urgency of action, maintaining up-to-date systems, and investing in employee awareness are essential steps to prevent further damage. As cyber activity grows “more intense, frequent, and intricate,” the agency stresses that a united effort between the government and private sector is crucial to protecting the UK’s digital ecosystem.



Read more »
Identity Theft
Airline Customer Data Cyber Attacks cyberattacks on airline Data Breaches Data Leak data security Hackers Identity Theft

Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks

 

Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses a “severe, long-term identity theft risk” since they are difficult to replace and can be exploited for years in fraud schemes involving fake identities, counterfeit documents, and impersonation scams. 

The recent Qantas Airways data breach, claimed by the Scattered LAPSUS$ Hunters group, underscores the sector’s growing vulnerability. The stolen data included names, email addresses, Frequent Flyer details, and limited personal information such as phone numbers and birth dates. Fortunately, Qantas confirmed that no passport details, financial information, or credit card data were compromised. 

However, experts warn that even limited leaks can have serious consequences. “Attackers often combine personal identifiers like names and loyalty program details from multiple breaches to build complete identity profiles,” said Darius Belejevas, Head of Incogni. Such composite records can enable large-scale fraud even without financial data exposure. 

The Qantas incident also highlights the danger of third-party compromises. The breach reportedly stemmed from Salesforce social engineering and vendor vulnerabilities, illustrating how a single compromised supplier can have ripple effects across industries. Belejevas emphasized that “one compromised partner can expose millions of records in a single incident.” 

Data breaches in the airline industry are escalating rapidly. According to Cyble’s threat intelligence database, more than 20 airline-related breaches have been reported on the dark web in 2025 — a 50% increase from 2024. Much of this surge is attributed to coordinated attacks by Scattered Spider and the broader Scattered LAPSUS$ Hunters alliance, although other groups have also begun targeting the aviation sector. 

In a separate incident, the CL0P ransomware group claimed to have breached Envoy Air, a regional carrier of American Airlines. Envoy confirmed the intrusion but stated that no customer data was affected, only limited business information. In contrast, WestJet, which suffered a breach in June 2025, had passports and government-issued IDs exposed, prompting it to offer two years of free identity monitoring to affected customers. Incogni, however, warned that identity theft risks from such documents can persist well beyond two years. 

Experts urge travelers to take preventive security measures. Incogni recommends enrolling in identity theft monitoring, reporting phishing attempts to national anti-fraud agencies, using strong passwords with multi-factor authentication, and removing personal data from data broker sites. 

“Individuals and organizations must do more to safeguard sensitive data,” said Ron Zayas, CEO of Incogni. “In today’s world, data isn’t just being stolen by hackers — it’s also being misused by legitimate entities to manipulate outcomes.”
Read more »
Ransomware attack
Aviation System Collins Aerospace Cyber Attacks European Flights Ransomware attack

Hundreds of European Flights Disrupted by Major Ransomware Attack

 

A major ransomware attack recently caused widespread disruption to airline operations across several key European airports, resulting in hundreds of flight cancellations and delays for passengers. The incident highlights the growing vulnerability of the aviation industry due to its heavy reliance on technology, especially third-party software for critical services such as check-in and baggage handling.

The attack specifically targeted the popular MUSE check-in and boarding system, developed by US-based Collins Aerospace, a subsidiary of RTX. European cybersecurity agency ENISA confirmed on September 22 that ransomware had affected MUSE’s operations, forcing airports in Berlin, Brussels, and London Heathrow to revert to manual systems. 

The impact was severe: Brussels Airport canceled half of its Sunday and Monday flights, and Berlin Airport reported delays exceeding an hour due to nonfunctional check-in systems. At London Heathrow, Terminal 4 experienced significant disruption, with departures delayed by up to two hours and ongoing manual check-ins.

While Collins Aerospace claimed that manual processes could mitigate problems, the scale of the disruptions proved otherwise. Staff struggled to manage operations without technological support, underscoring the risks posed by dependence on software and the critical need for robust cybersecurity measures. Restoration of MUSE was nearly complete by Monday, yet some airports like Dublin experienced minimal disruption, showing varying impacts across different locations.

The broader risk is amplified by the fact that MUSE is used by over 300 airlines at 100 airports worldwide, raising concerns about the possibility of further attacks if vulnerabilities remain unaddressed. Experts caution that a compromised update could still threaten other airports, or that attackers may use initial breaches to extort further ransom from software providers.

This incident is part of a dramatic surge in cyberattacks facing the aviation sector, which saw a staggering 600% increase in 2025 compared to the previous year, according to French aerospace company Thales. Experts point out the economic and geopolitical stakes involved, advocating for a comprehensive cybersecurity strategy, adoption of AI tools, and industry-wide collaboration to address threats. 

The attack highlights that cyberattacks may have objectives beyond operational disruption, potentially targeting sensitive data and system integrity and emphasizing the urgent need for more resilient aviation security protocols.
Read more »
Nation-State Attacks
CISOs Cyber Attacks Cyber Awareness cyber resilience Cyber Threats Cybersecurity CyberWar Digital Defense Identity Security Nation-State Attacks

The Silent Guardians Powering the Frontlines of Cybersecurity

 


There is no doubt that a world increasingly defined by invisible battles and silent warriors has led to a shift from trenches to terminals on which modern warfare is now being waged. As a result, cyberwarfare is no longer a distant, abstract threat; now it is a tangible, relentless struggle with real-world consequences.

Power grids fail, hospitals go dark, and global markets tremble as a result of unseen attacks. It is at this point that a unique breed of defenders stands at the centre of this new conflict: cyber professionals who safeguard the fragile line between digital order and chaos. The official trailer for Semperis Midnight in the War Room, an upcoming documentary about the hidden costs of cyber conflict, has been released, bringing this hidden war to sharp focus. 

Semperis is a provider of AI-powered identity security and cyber resilience. It has an extraordinary lineup of voices – including Chris Inglis, the first U.S. National Cyber Director; General (Ret.) David Petraeus, the former Director of the CIA; Jen Easterly, former Director of the CISA; Marcus Hutchins, one of the WannaCry heroes; and Professor Mary Aiken, a globally recognised cyber psychologist – all of whom are highly respected for their expertise in cybersecurity. 

The film examines the high-stakes battle between attackers, defenders, and reformed hackers who have now taken the risk of exploiting for themselves. As part of this documentary, leading figures from the fields of cybersecurity and national defence gather together in order to present an unprecedented view of the digital battlefield. 

Using their insights into cyber conflicts, Midnight in the War Room explores the increasing threat that cybercrime poses to international relations as well as corporate survival today. A film that sheds light on the crucial role of chief information security officers (CISOs), which consists of who serve as the frontlines of protecting critical infrastructure - from power grids to financial networks - against state-sponsored and criminal cyber threats, is a must-see. 

It is the work of more than fifty international experts, including cyber journalists, intelligence veterans, and reformed hackers, who provide perspectives which demonstrate the ingenuity and exhaustion that those fighting constant digital attacks have in the face. Even though the biggest threat lies not only with the sophistication of adversaries but with complacency itself, Chris Inglis argues that global resilience is an urgent issue at the moment. 

It has been reported that Semperis' Chief Marketing Officer and Executive Producer, Thomas LeDuc, views the project as one of the first of its kind to capture the courage and pressure experienced by defenders. The film is richly enriched by contributions from Professor Mary Aiken, Heath Adams, Marene Allison, Kirsta Arndt, Grace Cassy and several former chief information security officers, such as Anne Coulombe and Simon Hodgkinson, and it provides a sweeping and deeply human perspective on modern cyber warfare. 

With its powerful narrative, Midnight in the War Room explores the human side of cyberwarfare—a struggle that is rarely acknowledged but is marked by courage, resilience and sacrifice in a way that is rarely depicted. A film about those defending the world's most vital systems is a look at the psychological and emotional toll they endure, in which trust is continually at risk and a moment of complacency can trigger devastating consequences. 

The film explores the psychological and emotional tolls endured by those defending those systems. During his remarks at Semperis, Vice President for Asia Pacific and Japan, Mr Sillars, points out that cyber threats do not recognise any borders, and the Asia Pacific region is at the forefront of this digital conflict as a result of cyber threats. 

During the presentation, he emphasises that the documentary seeks to highlight the common challenges cybersecurity professionals face worldwide, as well as to foster collaboration within critical sectors to build identity-driven resilience. As the Chief Marketing Officer at Semperis and Executive Producer, LeDuc describes the project as one of the most ambitious in cybersecurity history—bringing together top intelligence leaders, chief information security officers, journalists, victims and reformed hackers as part of a rare collaborative narrative.

In the film, Cyber Defenders' lives are portrayed through their own experiences as well as the relentless pressure and unwavering resolve they face every day. Among the prominent experts interviewed for the documentary are Marene Allison, former Chief Information Security Officer of Johnson & Johnson; Grace Cassy, co-founder of CyLon; Heather M. Costa, Director of Technology Resilience at the Mayo Clinic; Simon Hodgkinson, former Chief Information Security Officer of BHP; and David Schwed, former Chief Information Security Officer of Robinhood. 

Among those on the panel are Richard Staunton, Founder of IT-Harvest, BBC Cyber Correspondent Joe Tidy, as well as Jesse McGraw, a former hacktivist who has turned his expertise towards safeguarding the internet, known as Ghost Exodus. As Jen Easterly, former Chief Information Security Officer of the U.S. Department of Homeland Security (CISA), points out, defeating malicious cyberattacks requires more than advanced technology—it demands the human mind's ingenuity and curiosity to overcome them. 

A global collaboration was exemplified through the production of this documentary, which was filmed in North America and Europe by cybersecurity and professional organisations, including the CyberRisk Alliance, Cyber Future Foundation, Institute for Critical Infrastructure Technology, (ISC)2 Eastern Massachusetts Chapter, Michigan Council of Women in Technology, and Women in CyberSecurity (WiCyS) Delaware Valley Chapter. 

As part of these partnerships, private screenings, expert discussions, and public outreach will be conducted in order to increase public awareness and cooperation regarding building digital resilience. By providing an insight into the human narratives that underpin cybersecurity, Midnight in the War Room hopes to give a deeper understanding of the modern battlefield and to inspire a collective awareness in the safeguarding of society's systems. 

There is something special about Midnight in the War Room, both as a wake-up call and as a tribute - a cinematic reflection of those who stand up to the threats people face in today's digital age. The film focuses on cyber conflict and invites governments, organisations, and individuals to recognise the importance of cybersecurity not just as a technical problem, but as a responsibility that people all share. 

In light of the continuous evolution of threats, people need stronger international collaborations, investments in identity security, and the development of psychological resilience among those on the front lines to help combat these threats. Semperis' initiative illustrates the power of storytelling to bridge the gap between awareness and action, transforming technical discourse into a powerful narrative that inspires vigilance, empathy, and unity among the community.

Providing a critical insight into the human aspect behind the machines, Midnight in the War Room reinforces a fundamental truth: that is, cybersecurity is not just about defending data, but also about protecting the people, systems, and values that make modern society what it is today.
Read more »
leaked sensitive data
Asahi Beer Cyber Attacks Cyberattacks cybercriminal group CyberSecurity Ransomware Attacks Data Leak Data protection data security leaked sensitive data

Asahi Group Confirms Ransomware Attack Disrupting Operations and Leaking Data

 

Japanese food and beverage conglomerate Asahi Group Holdings has confirmed that a ransomware attack severely disrupted its operations and potentially exposed sensitive data, including employee and financial information. The cyberattack, which occurred on September 29, 2025, forced the company to delay releasing its January–September financial results, originally scheduled for November 12. 

The attack paralyzed Asahi’s domestic order and shipment systems, halting automated operations across Japan. Despite the disruption, the company implemented manual order processing and resumed partial shipments to ensure a continued supply of its popular beverages and food products. 

The Qilin ransomware group has claimed responsibility for the breach, asserting that it stole over 9,300 files containing personal and financial data. On October 8, Asahi confirmed that some of the stolen data was found online, prompting a detailed investigation into the scope and type of compromised information. In a public statement, the company said it is working to identify affected individuals and will issue notifications once the investigation confirms unauthorized data transfer.  

Although the incident primarily impacted systems within Japan, Asahi stated there is no evidence of compromise affecting its global operations. 

Recovery efforts are steadily progressing. Asahi Breweries resumed production at all six of its factories by October 2, restoring shipments of Asahi Super Dry, with other product lines following soon after. Asahi Soft Drinks restarted production at six of its seven plants by October 8, while Asahi Group Foods has also resumed partial operations at all seven domestic facilities.  

However, Asahi’s systems have not yet been fully restored, and the company has not provided a definite recovery timeline. The ongoing disruption has delayed access to critical accounting systems, forcing a postponement of quarterly financial reporting. 

In its official statement, Asahi explained that the financial disclosure delay is necessary to ensure accuracy and compliance amid system recovery. The company issued an apology to shareholders and stakeholders for the inconvenience caused and promised transparent updates as investigations and remediation progress. 

The Asahi Group cyberattack serves as another reminder of the rising frequency and impact of ransomware incidents targeting major corporations worldwide.
Read more »
Hacker attack
Breaches Critical Infrastructure critical infrastructure attack Cyber Attacks Cyberhackers data security F5 Security Hacker attack

Nation-State Hackers Breach F5 Networks, Exposing Thousands of Government and Corporate Systems to Imminent Threat

 

Thousands of networks operated by the U.S. government and Fortune 500 companies are facing an “imminent threat” of cyber intrusion after a major breach at Seattle-based software maker F5 Networks, the federal government warned on Wednesday. The company, known for its BIG-IP networking appliances, confirmed that a nation-state hacking group had infiltrated its systems in what it described as a “sophisticated, long-term intrusion.” 

According to F5, the attackers gained control of the network segment used to develop and distribute updates for its BIG-IP line—a critical infrastructure tool used by 48 of the world’s top 50 corporations. During their time inside F5’s systems, the hackers accessed proprietary source code, documentation of unpatched vulnerabilities, and customer configuration data. Such access provides attackers with an extraordinary understanding of the product’s architecture and weaknesses, raising serious concerns about potential supply-chain attacks targeting thousands of networks worldwide. 

Security analysts suggest that control of F5’s build environment could allow adversaries to manipulate software updates or exploit unpatched flaws within BIG-IP devices. These appliances often sit at the edge of networks, acting as load balancers, firewalls, and encryption gateways—meaning a compromise could provide a direct pathway into sensitive systems. The stolen configuration data also increases the likelihood that hackers could exploit credentials or internal settings for deeper infiltration. 

Despite the severity of the breach, F5 stated that investigations by multiple cybersecurity firms, including IOActive, NCC Group, Mandiant, and CrowdStrike, have not found evidence of tampering within its source code or build pipeline. The assessments further confirmed that no critical vulnerabilities were introduced and no customer or financial data was exfiltrated from F5’s internal systems. However, experts caution that the attackers’ deep access and stolen intelligence could still enable future targeted exploits. 

In response, F5 has issued updates for its BIG-IP, F5OS, BIG-IQ, and APM products and rotated its signing certificates to secure its software distribution process. The company has also provided a threat-hunting guide to assist customers in detecting potential compromise indicators. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning that the breach “poses an unacceptable risk” to federal networks. Agencies using F5 appliances have been ordered to inventory all affected devices, install the latest patches, and follow the company’s threat-hunting protocols. Similarly, the UK’s National Cyber Security Centre (NCSC) has released guidance urging organizations to update their systems immediately. 

While no supply-chain compromise has yet been confirmed, the breach of a vendor as deeply embedded in global enterprise networks as F5 underscores the growing risk of nation-state infiltration in critical infrastructure software. As investigations continue, security officials are urging both government and private organizations to take swift action to mitigate potential downstream threats.
Read more »
IT Industry
Automakers Automotive Industry Breaches Cyber Attacks Cyber Breaches Cyberattacks IT incident IT Industry

Automakers Face Surge in Cyberattacks as Jaguar Land Rover and Renault Recover from Major Breaches

 

Cybersecurity experts have warned that global automakers are likely to face an increasing wave of cyberattacks, as recent incidents continue to disrupt operations at leading manufacturers. The warning follows a series of high-profile breaches, including a major cyberattack on Jaguar Land Rover (JLR), which remains one of the most significant security incidents to hit the automotive industry in recent years. 

Jaguar Land Rover suffered a severe cyberattack at the end of August, forcing the company to shut down its IT systems and suspend production across multiple facilities. The disruption caused widespread operational chaos, but JLR recently confirmed it has begun a phased restart of production at its Electric Propulsion Manufacturing Centre (EPMC) and Battery Assembly Centre (BAC) in the West Midlands. The automaker plans to expand the restart to other key sites, including Castle Bromwich, Halewood, Solihull, and its manufacturing facility in Nitra, Slovakia. 

JLR CEO Adrian Mardell expressed gratitude to employees for their efforts during the recovery, stating, "We know there is much more to do, but our recovery is firmly underway." However, the company remains cautious as it works to fully restore systems and strengthen security controls. 

French automaker Renault also confirmed that one of its third-party data processing providers had been targeted in a separate cyberattack, compromising customer information such as names, addresses, dates of birth, gender, phone numbers, vehicle registration details, and VIN numbers. While Renault clarified that no financial or password data was accessed, the company has begun notifying affected customers and advising them to be wary of phishing attempts or fraudulent communications.  
Ignas Valancius, head of engineering at cybersecurity firm NordPass, warned that cybercriminals often exploit such incidents to impersonate company representatives, lawyers, or even law enforcement to extract additional personal or financial data. He emphasized the growing sophistication of social engineering attacks, noting that scammers may pose as attorneys offering to help victims claim compensation, only to defraud them further. 

The automotive sector's vulnerability has become increasingly evident in 2025, with luxury manufacturers frequently targeted by ransomware and data theft operations. In addition to JLR and Renault, other global brands have reported breaches. 

Meanwhile, Swedish HR software provider Miljödata suffered a breach that compromised the personal information of Volvo North America employees, and Stellantis confirmed unauthorized access to its customer contact database via a third-party provider. Valancius highlighted that cybercriminals appear to be deliberately targeting luxury brands, seeking to exploit their association with high-net-worth clientele. "It seems that luxury brands have been prime targets for hacker groups in 2025," he said, adding that these incidents could lead to more sophisticated spear-phishing campaigns and targeted extortion attempts. 

As automakers increasingly rely on digital systems, connected vehicles, and cloud-based infrastructure, experts stress that robust cybersecurity measures and third-party risk management are now essential to safeguard both company data and customer privacy. The recent breaches serve as a stark reminder that the automotive industry's digital transformation has also made it a lucrative target for global cybercriminal networks.
Read more »
Salesforce
BreachForums Cyber Attacks Data Leak FBI LAPSUS$ Salesforce

BreachForums Taken Down by FBI and French Authorities as LAPSUS$-Linked Group Threatens Salesforce Data Leak

 



U.S. and French law enforcement agencies have seized the latest version of BreachForums, a cybercrime platform known for hosting stolen databases and leaked information. The takedown was carried out by the Federal Bureau of Investigation (FBI), the U.S. Department of Justice, and French cybercrime authorities, who placed an official seizure notice on the site on October 9.

This development comes just hours before an extortion deadline announced by a threat group calling itself Scattered LAPSUS$ Hunters, which had threatened to leak data allegedly stolen from Salesforce and Salesloft if ransom demands were not met by October 10.

The seizure was first noticed on Telegram before it became official. A threat actor using the alias “emo” had observed that BreachForums’ domain was using Cloudflare name servers associated with previously seized FBI sites, suggesting law enforcement action was imminent.

Following the seizure, Scattered LAPSUS$ Hunters confirmed the action on its Telegram channel through a PGP-signed message, claiming that all their BreachForums-related domains and backend infrastructure were taken offline and destroyed. The group, however, asserted that its members had not been arrested and that their Tor-based data leak site remained active.

“The era of forums is over,” the message read, warning members to maintain operational security and avoid new BreachForums clones, which the group claimed could be “honeypots” operated by law enforcement.


Compromised Infrastructure and Data

The group stated that during the seizure, all BreachForums database backups dating from 2023 to the present were compromised, along with escrow and server systems. They also alleged that their onion hidden service was affected because the underlying infrastructure had been seized and destroyed.

Despite this, Scattered LAPSUS$ Hunters insisted that the takedown would not affect their planned Salesforce data leak campaign. The group reiterated that the October 10 deadline for victims to comply with their ransom demands remained unchanged.

This marks the fourth major seizure in the history of BreachForums and its predecessors, including the earlier RaidForums. Both forums have been repeatedly targeted by global law enforcement operations and linked to several high-profile arrests over the years.

The group also revealed that the widely known administrator “pompompurin,” believed to have launched BreachForums after RaidForums’ closure, had merely been a “front,” suggesting that the forum’s operations were coordinated by a wider network of individuals from the start.


What Lies Ahead

While the seizure has temporarily disrupted the group’s clearnet operations, cyber experts caution that criminal forums often migrate to the dark web or encrypted channels to continue their activities. Authorities are expected to pursue further investigations in the coming weeks to identify and apprehend those involved.

For cybersecurity professionals and enterprises, it's high time to give importance to monitoring data exposure risks and staying alert to potential secondary leaks, especially when extortion groups remain active through alternate platforms.



Read more »
Ransomware attack
Asahi Beer Cyber Attacks Japanese Firm Qilin Ransomware attack

Asahi Beer Giant Hit by Cyberattack, Forced to Manual Operations

 

Japanese brewing giant Asahi Group Holdings, the manufacturer of Japan's most popular beer Super Dry, suffered a devastating ransomware attack in late September 2025 that forced the company to revert to manual operations using pen, paper, and fax machines. The cyberattack was first disclosed on September 29, when the company announced a system failure that disrupted ordering, shipping, and customer service operations across its 30 domestic breweries in Japan.

The ransomware incident, later claimed by the Qilin hacking group, forced Asahi to temporarily shut down nearly all its Japanese production facilities. The attack crippled the company's online systems, leaving vendors and business owners without access to information as call centers and customer service desks were closed. Asahi was forced to process orders manually using traditional paper-based methods and fax machines to prevent potential beverage shortages across the country.

Initial investigations revealed traces suggesting potential unauthorized data transfer, and the company later confirmed on October 14 that personal information may have been compromised. The Qilin ransomware gang claimed responsibility for the breach, alleging they stole approximately 27 gigabytes of data containing financial documents, budgets, contracts, employee personal information, and company development forecasts. Samples of allegedly stolen data included employee ID cards and other personal documents.

The cyberattack had widespread operational consequences beyond production disruptions. Asahi postponed its quarterly financial results for the third quarter of fiscal year 2025 because the incident disrupted access to accounting-related data and delayed financial closing procedures. Recovery efforts involved collaboration between Asahi's Emergency Response Headquarters, cybersecurity specialists, and Japanese cybercrime authorities.

While all breweries have partially resumed operations and restarted production, computer systems remain non-operational with no clear timeline for full recovery. The company has committed to promptly notifying affected individuals and implementing appropriate measures in accordance with personal data protection laws. This incident highlights Japan's vulnerability to ransomware attacks, as Japanese companies often have weaker cybersecurity defenses compared to other nations and are more likely to pay ransom demands.
Read more »
data security
Cyber Attacks cybercriminal group CyberSecurity Ransomware Attacks dark web data leak Data Leak data security

Qilin Ransomware Gang Claims Cyberattack on Japanese Beer Giant Asahi

 

The Qilin ransomware group has claimed responsibility for the recent cyberattack on Japanese brewing giant Asahi, adding the company’s name to its dark web data leak site. The cybercriminals alleged that they had stolen over 9,300 files amounting to 27GB of confidential data, including financial documents, employee identification records, contracts, and internal reports. To substantiate their claims, the group published 29 images showing snippets of the stolen files. 

Asahi, Japan’s largest beer manufacturer, employs around 30,000 people and produces approximately 100 million hectoliters annually, generating close to $20 billion in revenue. The company suffered significant operational disruptions following the attack. On September 29, Asahi temporarily halted production at six of its domestic facilities, later confirming on October 3 that a ransomware attack had crippled its systems and led to data exfiltration. 

At first, no threat actor took public credit for the breach. However, the Qilin ransomware group eventually listed Asahi among its victims, likely after ransom negotiations failed. Qilin, which emerged in 2023, is known as a multi-platform ransomware operation capable of targeting both Windows and Linux systems. The group has been associated with other notorious hacker collectives such as Scattered Spider and, more recently, North Korean state-linked actors. 

Qilin’s tactics include exploiting vulnerabilities in edge network devices, deploying credential theft tools, and developing sophisticated encryption mechanisms to hinder recovery. The group has previously targeted high-profile organizations including Nissan, Inotiv, Lee Enterprises, major hospitals within London’s NHS network, and automotive supplier Yangfeng.

In its post, Qilin claimed that the Asahi ransomware attack could result in losses exceeding $335 million due to production halts affecting six breweries and more than thirty beer labels. Despite the claims, Asahi has not verified the authenticity of the leaked files. In a statement to BleepingComputer, a company spokesperson confirmed that the matter remains under active investigation and declined to comment further. 

The company also shared that production of its flagship beer, Super Dry, has resumed through a temporary manual ordering system. While Asahi’s factories are not yet operating at full capacity, shipments for additional labels are expected to restart by October 15. However, as a direct consequence of the cyberattack and ongoing disruptions, Asahi announced it would delay the launch of new products that were initially planned for October 2025. 

The attack on Asahi underscores the growing reach and sophistication of ransomware groups like Qilin, whose increasingly destructive campaigns continue to target global corporations across industries, threatening both economic stability and consumer trust.
Read more »
Ransomware attack
Australia Cyber Attacks pharma scam Ransomware attack

Toowoomba Pharmacy Targeted in Ransomware Attack

A pharmacy in Toowoomba, Queensland, has become the latest victim of a ransomware attack, highlighting growing concerns about the digital vulnerability of small businesses. 

The incident occurred last month when hackers gained access to the Friendlies Society Dispensary’s private IT systems. Authorities believe sensitive data stored on the system may have been compromised. 

A coordinated investigation is now underway, involving the National Office of Cyber Security, the Australian Cyber Security Centre, Services Australia, Queensland Health, the National Disability Insurance Agency, and the Department of Home Affairs. 

Bayden Johnson, Chief Executive Officer of the Friendlies Society Dispensary, said the organisation acted quickly once the attack was detected. “We immediately took steps to secure our systems and understand the nature of the incident,” he said. “Our priority now is to determine what information was accessed and ensure all necessary precautions are taken.” 

The pharmacy, which offers healthcare services and mobility support equipment, is cooperating fully with federal authorities. The Department of Home Affairs stated that Services Australia’s systems remain secure and were not affected by the breach. It added that ongoing monitoring is being carried out to detect any irregular activity. 

According to the Australian Signals Directorate (ASD), ransomware incidents account for 11 percent of all reported cyberattacks in the country. 

The ASD’s 2023–24 Annual Cyber Threat Report revealed that a cybercrime report is lodged roughly every six minutes, with small businesses reporting an average loss of $49,600 per attack. 

Associate Professor Saeed Akhlaghpour from the University of Queensland’s Cyber Research Centre said cybercriminals are constantly evolving their tactics. “Attackers are no longer just locking files; they are also stealing and leaking data. Ransomware can even be delivered through browsers, apps, or malicious file uploads,” he explained. 

Dr Akhlaghpour, who researches cybersecurity risks in the healthcare sector, said health organisations such as pharmacies, medical practices, and gyms often face higher risks due to inconsistent monitoring and handling of sensitive information. 

He noted that human error is still the leading cause of ransomware attacks, as employees often reuse passwords or click on unsafe links in haste. With the rise of AI-powered tools that make it easier for criminals to conduct large-scale attacks, he urged small business owners to invest in better cybersecurity systems and response plans. 

“Many breaches occur because of poor risk management and the absence of a clear response strategy,” he said. “Regular monitoring can prevent many of these problems.” 

Dr Akhlaghpour also advised businesses not to pay ransoms if they fall victim to an attack. “You cannot trust criminals. Paying the ransom rarely restores data and often leads to further targeting. Stolen data is frequently resold on the dark web,” he warned. 

Authorities continue to monitor the situation in Toowoomba as cybersecurity experts remind small business owners across Australia to take preventive measures and strengthen their defences against the growing threat of ransomware.
Read more »
personal data leak
Customer Data Cyber Attacks Data Breaches Data Leak Data protection data security Personal Data personal data leak

WestJet Confirms Cyberattack Exposed Passenger Data but No Financial Details

 

WestJet has confirmed that a cyberattack in June compromised certain passenger information, though the airline maintains that the breach did not involve sensitive financial or password data. The incident, which took place on June 13, was attributed to a “sophisticated, criminal third party,” according to a notice issued by the airline to U.S. residents earlier this week. 

WestJet stated that its internal precautionary measures successfully prevented the attackers from gaining access to credit and debit card details, including card numbers, expiry dates, and CVV codes. The airline further confirmed that no user passwords were stolen. However, the company acknowledged that some passengers’ personal information had been exposed. The compromised data included names, contact details, information and documents related to reservations and travel, and details regarding the passengers’ relationship with WestJet. 

“Containment is complete, and additional system and data security measures have been implemented,” WestJet said in an official release. The airline emphasized that analysis of the incident is still ongoing and that it continues to strengthen its cybersecurity framework to safeguard customer data. 

As part of its response plan, WestJet is contacting affected customers to offer support and guidance. The airline has partnered with Cyberscout, a company specializing in identity theft protection and fraud assistance, to help impacted individuals with remediation services. WestJet has also published advisory information on its website to assist passengers who may be concerned about their data.  

In its statement, the airline reassured customers that swift containment measures limited the breach’s impact. “Our cybersecurity teams acted immediately to contain the situation and secure our systems. We take our responsibility to protect customer information very seriously,” the company said. 

WestJet confirmed that it is working closely with law enforcement agencies, including the U.S. Federal Bureau of Investigation (FBI) and the Canadian Centre for Cyber Security. The airline also notified U.S. credit reporting agencies—TransUnion, Experian, and Equifax—along with the attorneys general of several U.S. states, Transport Canada, the Office of the Privacy Commissioner of Canada, and relevant provincial and international data protection authorities. 

While WestJet maintains that the exposed information does not appear to include sensitive financial or authentication details, cybersecurity experts note that personal identifiers such as names and contact data can still pose privacy and fraud risks if misused. The airline’s transparency and engagement with regulatory agencies reflect an effort to mitigate potential harm and restore public trust. 

The company reiterated that it remains committed to improving its security posture through enhanced monitoring, employee training, and the implementation of additional cybersecurity controls. The investigation into the breach continues, and WestJet has promised to provide further updates as new information becomes available. 

The incident highlights the ongoing threat of cyberattacks against the aviation industry, where companies hold large volumes of personal and travel-related data. Despite the rise in security investments, even well-established airlines remain attractive targets for sophisticated cybercriminals. WestJet’s quick response and cooperation with authorities underscore the importance of rapid containment and transparency in handling such data breaches.
Read more »
cybersecurity research
Akira Akira Ransomware Arctic Wolf Arctic Wolf security research CVE CVEs Cyber Attacks Cyber Security Ransomware Attacks cybersecurity research

Akira Ransomware Bypasses MFA in Ongoing Attacks on SonicWall SSL VPN Devices

 

The Akira ransomware group continues to evolve its attacks on SonicWall SSL VPN devices, with researchers warning that the threat actors are managing to log into accounts even when one-time password (OTP) multi-factor authentication (MFA) is enabled. Cybersecurity firm Arctic Wolf reported that attackers appear to be exploiting previously stolen OTP seeds or a similar method to bypass MFA, though the exact technique remains unclear. 

Earlier this year, Akira was observed exploiting SonicWall SSL VPN devices to breach corporate networks. Initially, researchers suspected a zero-day vulnerability was involved. However, SonicWall later attributed the incidents to an improper access control flaw identified as CVE-2024-40766, disclosed in September 2024. The flaw had been patched in August 2024, but attackers continued to exploit stolen credentials from compromised devices even after updates were applied. SonicWall advised administrators to reset all VPN credentials and update to the latest SonicOS firmware.  

The latest Arctic Wolf findings reveal a persistent campaign in which multiple OTP challenges were triggered before successful logins, implying that attackers may be generating valid OTP tokens using previously harvested OTP seeds. The company confirmed that these logins were linked to devices affected by CVE-2024-40766, suggesting that stolen credentials remain a key entry point.

In a related investigation, Google’s Threat Intelligence Group (GTIG) observed a similar campaign in July, where a financially motivated group known as UNC6148 deployed the OVERSTEP rootkit on SonicWall SMA 100 series appliances. GTIG assessed that the attackers were using stolen one-time password seeds from earlier zero-day intrusions, allowing continued access even after organizations patched their systems. 

Once Akira gained access to networks, the attackers moved rapidly, often initiating internal scans within minutes. According to Arctic Wolf, they used Impacket SMB session requests, Remote Desktop Protocol (RDP) logins, and Active Directory enumeration tools like dsquery, SharpShares, and BloodHound to expand their reach. A major focus was on Veeam Backup & Replication servers, where a custom PowerShell script extracted and decrypted stored MSSQL and PostgreSQL credentials. 

To disable endpoint protection, Akira affiliates executed a Bring-Your-Own-Vulnerable-Driver (BYOVD) attack, using Microsoft’s legitimate consent.exe executable to sideload malicious DLLs that deployed vulnerable drivers such as rwdrv.sys and churchill_driver.sys. These drivers were then used to terminate security processes, enabling the ransomware to encrypt systems undetected. 

The report notes that some compromised systems were running SonicOS 7.3.0, the very version recommended by SonicWall to mitigate such attacks. Security experts urge all administrators to reset VPN credentials and review access logs on any devices that previously used vulnerable firmware, as threat actors may still exploit stolen data to infiltrate networks.
Read more »
Subscribe to: Comments (Atom)