Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberbreach. Show all posts
USA
Ahold Delhaize Cyberbreach CyberCrime Cyberleak CyberThreat Data Breach Data Sfety Global Footprint USA

Ahold Delhaize USA Faces Data Breach Exposing Sensitive Information

In an announcement published by Ahold Delhaize, a leading global food retailer, the company confirmed that a significant data breach has compromised the personal information of over 2.2 million people across several countries. 

With nearly 10,000 stores located across Europe, the United States, and Indonesia, the company serves more than 60 million customers every week from all over the world, employing approximately 400,000 people. The office of the Maine Attorney General received a formal disclosure from Ahold Delhaize USA on Thursday, which stated that 2,242,521 individuals had been affected by a cybersecurity incident but did not disclose the extent of the breach to date. 

According to preliminary indications, the breach may have affected a wide range of sensitive personal information aside from usernames and passwords. Information that is potentially compromised may include the full name, residential address, date of birth, identification numbers issued by the government, financial account information, and even protected health information. 

Clearly, the scale and nature of this incident demonstrate that large multinational retailers are faced with a growing number of risks and that there is a need for improved cybersecurity measures to be taken in the retail industry. There was a cyber incident in late 2024 that was officially acknowledged by Ahold Delhaize USA last week. Ahold Delhaize USA has acknowledged this incident, revealing that the personal data of more than 2.2 million individuals may have been compromised as a result. 

According to an official FAQ, based on current findings, the company does not believe that the intrusion affected its payment processing systems or pharmacy infrastructure, which are critical areas often targeted by high-impact cyberattacks. As further support for the disclosure, documentation submitted to the Maine Attorney General's Office indicated that approximately 100,000 Maine residents were affected by the breach as a whole. 

As Ahold Delhaize USA operates multiple supermarket chains under the Hannaford brand in this region, this state-specific detail has particular significance, especially since the Hannaford brand is one of the most prominent supermarket brands in the region. It is not known yet how much or what type of data was exposed by the company, however, the widespread scope of the incident raises significant concerns about the potential misuse of personal information and the implications that could have on many individuals across multiple states. 

As far as cyberattacks targeting Ahold Delhaize USA are concerned, this incident can be attributed to a broader pattern of rising threats within the grocery distribution and food industry in general. On November 8, 2024, the parent company of the retailer publicly acknowledged the security breach, and later in April 2025, the company's parent company confirmed that the attackers had accessed sensitive data related to individuals in the Netherlands, where the company is headquartered. 

It was imperative that Ahold Delhaize USA temporarily disable portions of its internal systems during the initial stage of the incident as a precautionary measure. In addition to maintaining a significant global footprint, Ahold Delhaize operates more than 9,400 stores in Europe, the United States, and Indonesia. It is a leading multinational retailer and wholesale conglomerate with more than 9,000 stores worldwide. 

It serves approximately 60 million consumers every week both physically and digitally through its network of more than 393,000 employees. By the year 2024, the company will report annual net sales of more than $104 billion, driven by a diverse portfolio of well-known retail brands that are part of a broad range of well-known retail brands. As an example of these, in the United States, users will find Food Lion, Stop and Shop, Giant Food, and Hannaford, while in Europe, it is represented by Delhaize, Maxi, Mega Image, Albert, Bol, Alfa Beta, Gall & Gall, and Profi among a variety of banners. 

In November 2024, the company first announced its breach, stating that certain U.S.-based brands and operations, including pharmacy operations and segments of its e-commerce infrastructure, had been compromised as a result of the breach. According to a formal filing filed with the Maine Attorney General's Office on Thursday, cyberattackers gained unauthorized access to Ahold Delhaize USA’s internal business systems on November 6, 2024, and this resulted in sensitive data belonging to 2,242,521 individuals being compromised.

Although the company has not yet confirmed whether customer information was among the stolen data, it has confirmed that internal employment records were also stolen as part of the theft. Ahold Delhaize USA and its affiliated companies may have collected and stored personal information about current and former employees, raising concerns about the possibility of misuse of personal identifying information as well as employment information, among other things. 

It is evident from the scale of this breach that large, interconnected retail networks face increasingly dangerous vulnerabilities, which underscores the need to enforce robust cybersecurity practices at all levels of an organisation. It has been discovered through further investigation into the breach that the compromised files might have contained very sensitive personal information in a wide variety of forms. 

Ahold Delhaize USA Services has made it clear that the data could be potentially exposed includes the full names of individuals, their contact information (such as postal addresses, telephone numbers, and email addresses) along with their dates of birth and numerous forms of government-issued identification number, such as Social Security numbers, passport numbers, or driver’s license numbers. 

The company also reported that, besides information about financial accounts, such as bank account numbers and medical information, which can be contained within employment files, there was also potentially confidential information concerning workers' compensation records and medical records. An unauthorised party has been able to gain access to employment-related records related to current and former employees. 

After receiving a formal notification from the Attorneys General of California, Maine, and Montana regarding the breach on June 26, 2025, the company began sending notification emails to those affected by the breach. Ahold Delhaize USA Services has stated that those individuals who receive confirmation that their personal information has been compromised may be eligible for compensation under this policy. 

Whenever such a data breach occurs, the effects can be far-reaching, as sensitive personal data may be used for identity theft, financial fraud, or malicious activities. It is widely understood by security experts that companies that collect and store sensitive information are bound by legal and ethical obligations to protect that information from unauthorised access. There is a possibility that affected individuals may be able to sue for damages that result from the misuse or exposure of their personal information when proper safeguards are not observed. 

In light of the increasing frequency of these breaches, the importance of strengthening corporate data protection frameworks and swiftly addressing incidents is increasing. An organisation known as Inc Ransom, formerly linked with sophisticated ransomware campaigns, claimed responsibility for the cyberattack. It has been found that the group has participated in the cyberattack, raising further concerns about the methods used and the possibility that the stolen data may be exploited in the future. 

There has been another cyberattack which has recently struck United Natural Foods, Inc., which coincided with the timing of Ahold Delhaize USA's complete disclosure of the exposure of personal information. In the wake of this breach, UNFI, a major grocery distributor in the United States, was forced to temporarily shut down several online systems, disrupting the fulfilment process and causing delays in delivering groceries to retailers.

After containing the incident, UNFI has also restored its electronic ordering and invoicing capabilities. These back-to-back breaches highlight the growing cybersecurity vulnerabilities in the retail sector and the supply chain sector, making it increasingly important for companies to develop coordinated defensive strategies to protect sensitive consumer and business data, both of which are in urgent need.

Read more »
United Natural Food
Cyber Attacks Cyberbreach Cybernetworks CyberThreat Food Company Food Supply Chain UNFI United Natural Food

United Natural Foods Confirms Network Disruption from Cyberattack

 


United Natural Foods Inc.'s operations were disrupted by a serious cybersecurity incident. There have been widespread supply chain issues and widespread product shortages at Whole Foods Market locations all over the United States due to the company's failure to meet the demands of its customers. In addition to serving as the primary distributor of Whole Foods, a flagship grocery chain under the umbrella of Amazon, UNFI also plays a crucial role in the organic food supply chain. 

It is headquartered in Rhode Island. This cyberattack was discovered by the company on June 5, according to a recent filing with the Securities and Exchange Commission. When the company discovered the cyberattack, several internal systems were immediately taken offline to contain the threat, which significantly hindered the company's ability to process and fulfil orders for customers. 

In spite of the ongoing investigation, specifics regarding the nature and origin of the breach remain unadvertised, but it is a troubling development that aligns with a troubling pattern of ransomware attacks recently targeting large retailers and supply chain operators. According to experts, sophisticated cybercriminal groups are likely to have been the perpetrators of the intrusion, using malicious software to compromise critical business systems and extort money in exchange for their recovery. 

A spokesperson for Whole Foods responded to the disruption by apologising briefly for the inconvenience it caused customers and reassuring the public that restocking efforts are underway right now. However, the company declined to comment further on the extent of the impact or if there were any timeframes for full recovery as a result of the disruption. 

The investigation has highlighted the growing vulnerabilities of the digital infrastructure of essential service providers, which have led to a cascading effect of such breaches on consumer access to everyday goods United Natural Foods Inc. As the investigation continues, the company has revealed that it has suffered a significant cybersecurity breach that has impacted the operations of the company and shaken investor confidence in its stock price. 

UNFI is a leading wholesale distributor for Whole Foods Market, owned by Amazon. According to the company's announcement made public by the Securities and Exchange Commission (SEC), unauthorised access to its IT systems was detected on June 5 of this year. As a result of the intrusion, UNFI immediately deactivated portions of its network, a measure that, since then, has resulted in widespread disruptions and delays in the fulfilment of customer orders due to widespread interruptions to operations.

The stock value of the company fell sharply after the disclosure of the incident, dropping by about 7%. This is indicative of the growing concerns among investors regarding the scope of the incident and the potential business ramifications. According to UNFI, the incident is currently being investigated by cybersecurity teams to assess the scope of the incident, as well as revert to normal operations as quickly and securely as possible. 

There has already been a temporary disruption to the company's business functions, including supply chain and order fulfilment processes, as a result of the cyberattack, and this will probably continue in the future, according to the company. With over 30,000 retail locations serving over $30 billion in annual revenue as one of North America's largest full-service food distributors, UNFI's vulnerability to such an attack highlights what is becoming increasingly evident: even industry giants with vast resources are not exempt from cyber threats in the digital age. 

Although experts are yet to confirm the exact nature of the breach, it appears that it may be part of a broader ransomware campaign that targets major supply chain operators. In light of the growing sophistication and aggressive nature of cybercriminals, essential service providers are faced with an increasing number of cybersecurity risks that should be emphasised to ensure robust digital defences are in place. 

UNITED NATURAL FOODS INC (UNFI) is a leading global food distribution company that operates a range of food brands like Wild Harvest, Culinary Circle, and Essential Everyday, all of which cater to the growing demand for natural, organic, and speciality items. In addition to its vast wholesale operations, Cub Foods and Shoppers also own and operate 76 retail stores that are operated under their respective banners.

It has, however, maintained a strong financial position because it is primarily reliant on its wholesale division for revenue, accounting for over 95% of the company's total revenue, emphasising the vital role it plays in the food supply chain as a whole. A recent earnings call of the UNFI leadership team was challenged on whether certain operational aspects of the business may have contributed to the company being vulnerable to cyberattacks as a result. 

Furthermore, analysts were pressed for more clarity on whether the security breach would prompt a re-evaluation of the company's future investment strategy, especially for IT infrastructure upgrades and cybersecurity improvements. In spite of the fact that the company has not yet provided a detailed response to the incident, there is no doubt that the incident has raised concerns about its digital defences and its risk mitigation protocols, which are undoubtedly being examined both internally and externally. 
Cyber threats are continuing to grow, both in scale and sophistication, as a result of the breach at UNFI. As a consequence, critical infrastructure operators, especially those operating in vital sectors like food distribution, are under increasing pressure to prioritise cybersecurity as an integral part of corporate governance and operational continuity. There is a good chance that the event will act as a catalyst for UNFI to reevaluate and strengthen its technological investments so as to ensure its expansive supply chain and digital ecosystem remain secure in the future. 

As a result of an escalation in cyberattacks within the food and agriculture industry within the past five years, industry data is revealing that over the next five years, cyberattacks will be at a staggering 600%. A growing threat has caused federal authorities to express greater concern, including the Federal Bureau of Investigation, which has issued formal warnings to private businesses concerning this growing threat. 

Specifically, the agency cited ransomware as a critical threat to farms, food processors, manufacturers, and large-scale producers—all of whom play an integral role in the supply chain both nationally and globally. In the past, notable incidents have highlighted the severity of the threat landscape. For example, in 2021, meat processing giant JBS fell victim to a ransomware attack attributed to the REvil (Sodinokibi) group, which is believed to have been linked to Russia as a ransomware-as-a-service operator. 

For JBS to regain access to its systems after the breach, cybercriminals charged it a $11 million fee. It is also important to point out that, in 2023, a large producer company called Dole temporarily stopped processing and distributing its products after it reported a ransomware attack that severely impaired its operational capabilities. 

A recent cyberattack on United Natural Foods Inc. reflects this troubling trend, and it highlights how retail and supply chain infrastructure are becoming increasingly vulnerable. Semperis' director of incident response, Jeff Wichman, a cybersecurity expert, said the breach falls within a larger wave of cyberattacks that have recently affected major retailers, such as Sam's Club and Ahold Delhaize, which is one of the largest food retail conglomerates in the world. 

A number of organisations within these sectors, including the food and beverage sector, must be vigilant against cyberattacks in the future. As cyberattacks continue to increase in frequency and sophistication, Wizman explained that this incident is yet another critical reminder that they must enhance their preparedness. In its most recent statement, United Natural Foods confirmed that efforts are underway to reestablish full operational capabilities after restoring affected systems. 

Also, the company reported that the police have been informed of the breach, digital forensics experts have been engaged, as well as several computer systems have been proactively taken offline to contain further exposure. United Natural Foods Inc. stated that the breach has limited its impact on the company's business and contained further exposure in its most recent financial disclosure. A company called UNFI (UNFI) reported net sales of $8.1 billion in the fiscal quarter ending May 3, 2025, demonstrating the company's continued dominance in the wholesale grocery market in North America. 

Despite strong performance on the top line, UNFI has indicated that despite its full-year outlook for 2025, it is expected to report a net loss in income and earnings per share, even though it achieved a strong top-line performance. As a result of terminating a significant supply contract with a large grocery chain located in the northeastern part of the United States, the company's financial prospects have already been severely impacted by this anticipated downturn. 

A recent cyberattack has not prompted UNFI to adjust its fiscal guidance at the present time, as a comprehensive internal assessment must be conducted to evaluate the full scope and potential financial consequences of this attack. Executives at the company stressed that, despite the fact that the breach has brought about operational uncertainty, any changes to the company's financial outlook will be determined based on the comprehensive analysis currently being conducted. 

Even though UNFI has lost contracts and suffered a cyberattack, the multifaceted challenges it is facing are underscored as it attempts to stabilise operations, maintain retailer confidence, and safeguard shareholders' value in an increasingly volatile environment that has made the organisation more vulnerable to cyberattacks. Despite the continuing effects of the cyberattack on United Natural Foods Inc., this incident continues to serve as a crucial lesson for organisations operating within complex supply chain ecosystems. 

As a consequence, it underscores the importance of adopting forward-looking, resilience-driven cybersecurity strategies that integrate digital risk management into the fabric of every company's daily operations as a way of addressing cybersecurity threats in the future. For food and logistics providers whose services directly affect national infrastructure and consumer access to essential goods, cybersecurity is a business-critical function that must not be overlooked as an IT peripheral concern. 

Increasing threat actor sophistication and a widening attack surface posed by increasingly complex digital ecosystems are the reasons why companies need to invest more in advanced threat detection, zero-trust architectures, and employee cyber hygiene in order to be on top of things. UNFI's recent breach may be a turning point in not only the company's history but also in the industry at large. 

This breach might prompt a broader reevaluation of how cybersecurity readiness is integrated into strategic planning, regulatory compliance, as well as stakeholder trust. With the rapidly evolving cyber threat landscape, organisations that take proactive, system-level action are going to be best positioned to mitigate disruption, protect brand integrity, maintain operational continuity, and maintain operational efficiency as they navigate these new, evolving threats.
Read more »
VPN
BitTorrent Cyber Security Cyberattacks Cyberbreach CyberThreat Server Torrent VPN

A Closer Look at Torrenting and Its Applications

 


Downloading through a peer-to-peer (P2P) network referred to as torrenting involves either using torrent files or magnet links to download files. Torrent files are index files that provide the necessary information to locate certain files, segments of files, or segments within a network. Using this method, the computer can download multiple parts of the same file from multiple peers across a network at the same time, greatly enhancing the efficiency of the download process. 

With magnet links, which function similarly to torrent files, it is unnecessary to host or download the torrent file itself, further streamlining the process and eliminating the need for hosting. As a result, both methods utilize the distributed nature of P2P networks to speed up and increase the efficiency of file transfers. It is worth mentioning that before streaming platforms made it possible to access digital content, torrents were used widely. 

It has been estimated that many individuals are turning to torrent websites to download movies, music albums, and video games; however, such practices often fall into the category of questionable and legally questionable behaviour. Digital piracy and its complex relationship with modern technology will continue to be relevant in 2025, despite controversies such as Meta's claims of using pirated books to train artificial intelligence, according to an article that discusses the principles and mechanisms of torrenting.

There has been an increase in the use of torrents as a method of sharing and downloading files over the Internet. As well as providing fast download speeds, torrenting also offers access to a wide variety of content, including movies, television shows, and music. However, torrenting carries significant legal and security risks, which make it difficult for torrenting to be successful. The possibility of inadvertently downloading copyrighted materials, which may result in legal consequences, or finding malware-containing files, which may compromise system security, is well known to users. 

The Torrent protocol, which is a peer-to-peer (P2P) file-sharing system that utilizes BitTorrent, is a decentralized method of file sharing. A torrent is an open-source file-sharing service that allows users to share and download files directly from one another, as opposed to traditional file sharing which relies on a central server to distribute content. 

To create a torrent, users connect and share files directly. Its decentralized nature enables the system to work efficiently and faster than other existing file transfer systems, especially for large files since it leverages the resources of multiple users instead of relying on a single source for file transfers. 

Understanding Torrent Files 


When it comes to torrenting, a torrent file plays a crucial role. A torrent is simply a small file containing metadata about the content downloaded. However, it does not contain the actual content of the downloaded content itself, such as a video, a music file, or a document. 

Instead, it is a roadmap that guides the torrent client, software that manages and facilitates the torrenting process, in finding and assembling the file you are looking for. Torrent files contain a lot of essential information, including the names and sizes of the files being shared, the structure and content of the content, as well as the location of the network servers that assist in coordinating the download process. 

There are certain pieces of information that the torrent client needs to reassemble the complete file, including the following information, as they are required for it to be able to break the content down into smaller segments, to retrieve these segments from multiple sources within the swarm, and then to reassemble them. As opposed to traditional methods of downloading, this approach to file sharing offers a significant advantage. 

Besides making these processes more effective and faster, it is also more resilient to interruptions as different parts of the image can be sourced from multiple peers simultaneously, making this process very fast and more reliable. Even if one peer goes down, the client will still be able to download the files from other active peers, ensuring that minimal interruption will occur. There is, however, a risk associated with torrenting not only that it provides a convenient way of sharing files, but also that there are some legal and security risks associated with it. 

Ensure that users exercise caution to make sure they do not unintentionally download copyrighted content or malicious files, as this can compromise both their legal standing as well as the integrity of their systems. There has been a negative perception of torrenting over the years due to its association with illegally downloading copyright-protected media. There were some early platforms, such as Napster, Kazaa, and The Pirate Bay, which gained attention and criticism as they began to enable users to bypass copyright laws and enable them to disseminate content illegally.

Although torrenting can be unlawfully used, it is equally important to remember that it is not inherently illicit and that its ethical implications depend on how it is employed. Similarly, seemingly benign objects can be misused to serve unintended purposes, just as any tool can have ethical implications. The reputation of torrenting has been diminishing in recent years because its potential for legitimate applications has been increasingly acknowledged, resulting in its decreased controversy. 

In addition to providing a variety of practical benefits, peer-to-peer (P2P) file-sharing technology allows for faster file transfers, decentralized distribution, and improved accessibility when it comes to sharing large quantities of data. To minimize the risks associated with torrenting, it is very important to observe certain safety practices. 

There is no inherently illegal aspect of torrenting technology, however, its reputation has often been shaped by its misuse for bypassing copyright laws, which has shaped its reputation. It is the most reliable and efficient way to ensure the safety of content is to restrict it to materials that do not possess any copyright protection, and by adhering to "legal torrenting" users will be able to avoid legal repercussions and promote ethical use of the technology safely. 

The use of Virtual Private Networks (VPN) is another important step in ensuring secure torrenting when users are downloading files. By encrypting the internet connection of a user, a VPN makes file-sharing activities more private and secure, while ensuring that the user's IP address remains hidden so that the user's online actions can remain safe. VPNs also offer a significant layer of protection against the possibility of monitoring by Internet Service Providers (ISPs) and third parties, thereby reducing the risk of being monitored. 

In addition to offering robust security features and user-friendly interfaces, trusted platforms such as uTorrent, qBitTorrent Transmission, and Deluge make it very easy for users to navigate torrenting. In addition to protecting against malicious files and potential threats, these clients help facilitate a seamless file-sharing experience. Torrents, while they are an efficient method of sharing content, can also pose several risks as well. 

There are several concerns associated with the use of copyrighted material without the proper authorization, one of which is the potential legal repercussions. Serious problems can arise if improper authorization is not obtained. Furthermore, torrents can contain malicious software, viruses, or any other dangerous element that can compromise the security of a user's device and their personal information. A user should practice caution when downloading torrents, remain informed about the risks, and take the appropriate steps to ensure that their torrenting experience is safe and secure.
Read more »
Trojan
cryptocurrency Cryptojacking Cyberattacks Cyberbreach Cyberhakcers Cybersecurity Cyberthreats IoT Malicious program Technology Trojan

Cryptojacking Attacks Soar 409% in India Amid a Global Shift in Cybersecurity Tactics

 


A rise in technology has also led to an increase in cybersecurity concerns as a result of the rise of technology. It is becoming more and more common for users across the world to fall victim to online scams day after day, and this is even getting the authorities in action, as they're now attempting to combat this trend by taking steps to introduce safeguards for users. 

According to the first half of 2024 global statistics, malware volume increased by a whopping 30 per cent on a global scale. As a result of this increase alone, the number of reports increased by 92 per cent in May. Throughout 2024, the number of malware attacks in the country increased by 11 per cent and ransomware attacks rose by 22 per cent, indicating that businesses are facing more cyber threats than ever before, according to a report by SonicWall. 

A SonicWall report published in February 2024 revealed that malware attacks increased by eleven per cent in volume from 12,13,528 in 2023 to 13,44,566 in 2024 as compared to the previous year. IoT (Internet of Things) attacks have increased by 59 per cent in the last year, with 16,80,787 attacks occurring annually in 2024 as opposed to 10,57,320 in 2023, the study found. 

There is no doubt that India is making substantial efforts to become one of the leading countries in the field of technology. While the use of technology has increased over the years, a recent trend has also been accompanied by significant cybersecurity risks. Attacks on Internet of Things (IoT) devices have increased by 59 per cent in 2024 as compared to 1,057,320 in 2023, which marks an increase of 11 per cent in malware attacks, a 22 per cent increase in ransomware attacks, and an 11 per cent increase in Internet of Things (IoT) attacks. 

According to the report, there was a marked increase in both ransomware attacks and crypto attacks; the latter grew by an astonishing 409 per cent. The SonicWall Vice President for APJ Sales, Debasish Mukherjee, noted that organizations are facing an increasingly hostile threat environment because attackers are continuing to innovate beyond traditional defences to become more successful. According to the "Mid-Year Cyber Threat Report" published by SonicWall, the rise of new cyber threats is becoming increasingly prevalent among businesses due to these new developments in cybersecurity. 

Cryptojacking attacks are increasing, and India has reported the highest number of attacks with a 409 per cent increase compared to a global decline of 60 per cent — a startling statistic. In a recent report published by SonicWall Capture Labs, SonicWall released the 2024 SonicWall Mid-Year Cyber Threat Report today. This report reveals that cyber threats are once again on the rise after an 11% increase in 2023, confirming the 11% rise in high-quality attacks since 2023.

A report published by the company details the changing threat landscape over the first five months of this year, showing the persistence, relentlessness, and ever-growing nature of cyber threats across the globe. A report that has been designed with SonicWall's partners in mind, has undergone several changes over the past few years, much like SonicWall itself has undergone several changes. As part of its evolution, the report has recently changed the way it measures vital cyber threat data to include time as a component. 

A key part of the report outlines the latest threats which are affecting our partners and the customers they serve, and for the first time, it highlights how attacks can have a direct impact on our partners, including threats to revenue. According to SonicWall intelligence, on average, companies are likely to be under critical attack - that is, attacks which are most likely to deplete business resources - for 1,104 of the 880 working hours they have in a given month. 

In the first five months of 2024, businesses were shielded from potential downtime of up to 46 days, a critical safeguard that protected 12.6% of total revenues from potentially devastating cyber intrusions. This significant finding was among the key insights from a recent report, underscoring the escalating threats faced by modern enterprises. 

Douglas McKee, Executive Director of Threat Research at SonicWall, emphasized the importance of robust cybersecurity measures, stating, "The data and examples found in the report provide real-life scenarios of how crafty and swift malicious actors operate, underscoring that traditional cybersecurity defences often prove to be the most reliable." One of the most pressing concerns highlighted in the report is the increasing sophistication of supply chain attacks. 

These attacks exploit the interconnectedness of modern enterprises, targeting vulnerabilities in third-party software and services to compromise broader networks. The first half of 2024 saw several sophisticated attacks, including a high-profile breach involving the JetBrains TeamCity authentication bypass. By the end of 2023, three out of the top five companies globally had already suffered supply chain breaches, affecting more than 50% of their customers. 

These breaches were primarily due to vulnerabilities such as Log4j Log4Shell and Heartbleed. The report also revealed that organizations, on average, took 55 days to patch even 50% of their critical vulnerabilities, further exposing them to risk. In response to these growing threats, Microsoft has made significant strides in addressing vulnerabilities. 

In 2023, the company patched more than 900 vulnerabilities, with Remote Code Execution (RCE) vulnerabilities accounting for 36% of them. Despite the high number of RCE vulnerabilities, they were exploited only 5% of the time. In contrast, Elevation of Privilege vulnerabilities, which were leveraged 52% of the time, posed a greater risk. By mid-2024, Microsoft had already patched 434 vulnerabilities, matching the record set in 2023. 

Notably, 40% of these vulnerabilities were classified as RCE, yet 86% of the exploited vulnerabilities were related to Security Feature Bypass or Elevation of Privilege issues. The report also sheds light on the growing threat posed by Remote Access Trojans (RATs). These malicious programs disguise themselves as legitimate applications to obtain necessary permissions and connect to command-and-control servers, enabling them to steal sensitive information and bypass multi-factor authentication (MFA). Industries will experience several sophisticated RAT attacks in 2024, with malware such as Anubis, AhMyth, and Cerberus evolving to bypass MFA, making them a significant cybersecurity threat. PowerShell, a versatile scripting language and command-line shell, has also become a favoured tool among malicious actors due to its user-friendly features. 

The report revealed that 90% of prevalent malware families, including AgentTesla, AsyncRAT, GuLoader, DBatLoader, and LokiBot, utilize PowerShell for malicious activities. Of these, 73% use PowerShell to download additional malware, evade detection, and carry out other harmful actions. This report serves as a stark reminder of the increasing sophistication and prevalence of cyber threats in 2024, underscoring the need for continued vigilance and robust cybersecurity measures to protect businesses and their customers.
Read more »
Privacy
Cyber Hackers Cyberbreach CyberCrime Cybersecurity CyberThreat Data Major Breach Password Breach Privacy

Security Nightmare with Hackers Releasing 1,000 Crore Passwords in Major Breach

 


Cyber-security breaches are becoming more and more prevalent and this is causing a lot of concerns amongst the public. The report by Semafor claims that some 10 billion (1,000 crore) passwords have been leaked from a hacking forum online about a file that contains nearly 10 billion (1,000 crore) passwords. The incident that took place on July 4th is regarded as being among the largest cyber-security breaches that have been recorded in history. As a result of the massive leak, a credential stuffing attack could be performed with the help of this massive leak, highlighted the report. 

As a type of cyberattack, credential stuffing involves hackers stealing usernames and passwords from several related data breaches to gain access to other accounts owned by the same individual. A significant increase in cyberattacks and malicious attempts to steal data in the past five years has led to an increase in the probability of financial harm becoming a worldwide problem, not only for individual citizens but also for governments and financial institutions spread around the globe. 

Cybersecurity reports state that around 10 billion passwords belonging to various people have been made public on global forums, whether they represent social media accounts or email accounts owned by individuals. There is no doubt that this was one of the biggest data breaches ever in the history of mankind. 

The Semafor news website reports that a file containing around 10 billion (1,000 crores) passwords was leaked via online hacking forums, which was compiled by an anonymous hacker. Several old and new password breaches were compiled into the compilation, which was uploaded to the internet on July 4 and is one of the largest leaks that anyone has seen to date. According to the SEMAFO report, this massive leak has increased the risk that credential-stuffing attacks will become possible. 

As a result of the leak's nature, as it yields a single searchable file, hackers will have an easier time discovering user data thanks to the single searchable file. An attack called credential stuffing occurs when hackers use an infected password to access multiple accounts connected to the same user as soon as the password has been compromised. In the example below, it is possible to break into user A's bank account by using the email password that they use for their email. 

The cyber-news is reporting that credential stuffing attacks are compromising users across various platforms such as AT&T, Santander Bank, Ticketmaster, 23andMe, and several other companies. It was also noted in the report that related to a report by the International Monetary Fund (IMF) and a study published by Lancet Journal, the number of malicious cyberattacks has doubled globally since 2020, with the financial industry (20,000 cyberattacks since 2020) and health sectors being hit hardest. 

The size of the leak, however, has provided some relief for worried netizens - some analysts have suggested that, as a result of its sheer size, the file may not be able to be accessed. Even though more accounts have been leaked, the report notes that the likelihood of cyberattacks is not heightened just by more passwords being leaked - but of course, it highlights the "glaring holes" in the security systems in place.
Read more »
School Record Hacking
Cyberattacks Cyberbreach CyberCrime Cybersecurity Privacy School Record Hacking

The Growing Concern About School Record Hacking

 


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts. 

Cybercriminals are not only seeking ransom payouts but are also targeting students’ personal information, including credit details, assessments, grades, health records, and more. The potential socio-emotional impact on students, coupled with financial implications, adds urgency to addressing cybersecurity challenges in schools. 

The sheer volume of devices and users in educational settings creates a complex environment prone to human failure. Challenges include phishing attacks, exploitation of vulnerabilities, and the rising ransomware threat, leading to downtime, recovery efforts, and paid ransoms. 

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep. Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. 

Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees. In the U.S., 1,981 schools across 45 districts fell victim to cybersecurity attacks in 2022, almost doubling the previous year’s incidents, according to an Emsisoft report based on aggregated publicly available data. 

Schools are “definitely not funded enough to support cyber warfare,” said Josh Heller, supervisor of information security engineering at Digi International. Penn Manor School District has 5,500 students who collectively generate more than two million individual data points in the core student management system alone. 

An attack that targets a business, through an employee or an employee's child, may seem like a step too much work when phishing and business email compromise are so much simpler. But, to state the obvious: Children are easy marks, and nearly all of them play video games. Combined with the proliferation of remote work and bring-your-own-device (BYOD) policies, this vector is long-tailed but fruitful for attackers. 

Cybercriminals seeking ransom payouts or identity thieves going after a student’s spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more.  

The increase in ransomware attacks in schools poses severe emotional and physical risks to students. Besides extorting money from students, cybercriminals also target sensitive personal data, making the potential harm even greater. Educators are suffering from major downtime, and resurgent action must be a result of these attacks. 

To protect students, and to prevent further damage, it is imperative that urgent action be taken, increased funding be provided, and cybersecurity be enhanced. To strengthen educational institutions against cyber threats escalating in number and intensity, it is imperative that awareness is elevated and collaborative efforts are put into place.
Read more »
Subscribe to: Posts (Atom)