Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cybersecurity Incident. Show all posts

Recent IT Meltdown: CrowdStrike Update Causes Global Chaos, Predicted Hours Earlier on Reddit

 

Only a few times in history has a single piece of code instantly wreaked havoc on computer systems globally. Examples include the Slammer worm of 2003, Russia’s NotPetya cyberattack targeting Ukraine, and North Korea’s WannaCry ransomware. However, the recent digital catastrophe over the past 12 hours wasn't caused by hackers, but by the software meant to protect against them.

Two major internet infrastructure issues converged on Friday, causing widespread disruptions across airports, train systems, banks, healthcare organizations, hotels, and television stations. The trouble began on Thursday night with a widespread outage on Microsoft's cloud platform, Azure. By Friday morning, things worsened when CrowdStrike released a flawed software update, causing Windows computers to reboot repeatedly. Microsoft stated that the two failures are unrelated.

The cause of one disaster was identified: a faulty update to CrowdStrike’s Falcon monitoring product. This antivirus platform, which requires deep system access, aims to detect malware and suspicious activity. However, the update inadvertently caused the system to crash. Mikko Hyppönen of WithSecure noted that this is unprecedented in its global impact, although similar issues were more common in the past due to worms or trojans.

CrowdStrike CEO George Kurtz explained that the problem was due to a defect in the code released for Windows, leaving Mac and Linux systems unaffected. A fix has been deployed, and Kurtz apologized for the disruption. CrowdStrike’s blog revealed that the crash was caused by a configuration file update aimed at improving Falcon’s malware detection capabilities, which triggered a logic error leading to system crashes.

Security analysts initially believed the issue was due to a kernel driver update, as the file causing the crash ended in .sys, the extension for kernel drivers. Despite CrowdStrike clarifying that it wasn’t a kernel driver, the file altered the driver’s functionality, causing the crash. Matthieu Suiche of Magnet Forensics compared the risk of running security software at the kernel level to “open-heart surgery.”

Microsoft requires approval for kernel driver updates but not for configuration files. CrowdStrike is not the first to cause such crashes; similar issues have occurred with updates from Kaspersky and Windows Defender. CrowdStrike’s global market share likely contributed to the widespread impact, potentially causing a chain reaction across web infrastructure.

The outages had severe consequences worldwide. In the UK, Israel, and Germany, healthcare services and hospitals faced disruptions, while emergency services in the US experienced issues with 911 lines. TV stations, including Sky News in the UK, had to stop live broadcasts. Air travel was significantly affected, with airports using handwritten boarding passes and airlines grounding flights temporarily.

The incident highlights the fragility and interconnectedness of global digital infrastructure. Security practitioners have long anticipated such vulnerabilities. Ciaran Martin of the University of Oxford noted the event’s powerful illustration of global digital vulnerabilities.

The update’s extensive impact puzzled experts. CrowdStrike’s significant market share suggests the update triggered crashes in various parts of the web infrastructure. Hyppönen speculated that human error might have played a role in the update process.

As system administrators work to fix the issue, the larger question of preventing similar crises looms. Jake Williams of Hunter Strategy suggested that CrowdStrike’s incident might prompt demands for changes in how updates are managed, emphasizing the unsustainability of pushing updates without IT intervention.

Redditor Predicted CrowdStrike Outage Hours Before Global IT Chaos

A Reddit user, u/King_Kunta_, predicted vulnerabilities in CrowdStrike's systems just hours before the company caused a massive global IT outage. The user called CrowdStrike a "threat vector," suggesting it was susceptible to exploits that could lead to widespread damage. Initially, users dismissed the claims, but their tune changed dramatically after the outage occurred.

One commenter noted, "He tells us that CrowdStrike is a threat vector. A few hours later, every computer in the world with the CrowdStrike client installed goes blue screen. The single biggest global PC system collapse in history. Just uncanny."

Amidst the chaos, CrowdStrike's CEO George Kurtz reassured the public via X (formerly Twitter), stating, "Today was not a security or cyber incident. Our customers remain fully protected," and confirming that the issue was due to an update error, not a cyberattack.

Despite reassurances, many were left suspicious and impressed by the timing and accuracy of the Reddit post. One user aptly summed up the sentiment: "There’s no way the timing of this crazy post aligns so perfectly."

Emphasizing Post-Breach Strategies in Cybersecurity

 

Cybersecurity discourse heavily emphasizes prevention, yet often neglects post-breach strategies. While we invest significant effort in establishing protocols to avert attacks, breaches remain an unavoidable reality. The "IBM Cyber Security Intelligence Index" report highlights human error as a leading factor in 95% of breaches worldwide, underscoring the significance of swift identification and mitigation.

In the event of a breach, promptly gathering pertinent information is paramount. Understanding the extent of the breach, often facilitated by access to organizational identity data, enables quick containment by disabling compromised accounts. This proactive measure mitigates further damage, as attackers commonly exploit initial access to seek additional vulnerabilities.

Addressing breaches goes beyond initial help desk notifications. Temporary account provisions and the temporary suspension of Single Sign-On (SSO) services safeguard against unauthorized access to sensitive data while the situation is managed. However, ultimate accountability lies with executive leadership, necessitating transparent communication with stakeholders and proactive security training initiatives.

Post-breach recovery, termed the "right of boom," demands meticulous incident response planning, data backup, and cybersecurity strategy redevelopment. Achieving visibility across organizational user access, particularly in modern, cloud-based environments, requires a platform-based approach for comprehensive oversight and timely issue resolution.

Acknowledging the inevitability of breaches, businesses can fortify their resilience by implementing these four steps, facilitating effective recovery and future readiness. Only by integrating robust post-breach measures can organizations confidently navigate the evolving cybersecurity landscape alongside preventative strategies.

Dealers of Jet Engines to Major Airlines Reveals 'Unauthorized Activity'

 

The Willis Lease Finance Corporation has disclosed to US regulators that it was targeted in a "cybersecurity incident," with data allegedly taken from the company being shared on the Black Basta ransomware group's leak blog.

In a filing submitted to the Securities and Exchange Commission (SEC) on February 9, the publicly listed company on NASDAQ stated that it became aware of a potential breach on January 31, prompting immediate action to address the situation.

According to the filing, the company initiated an investigation into the incident with the help of leading cybersecurity experts, taking measures to contain and address the activity, including temporarily shutting down certain systems. The company reported no unauthorized activity after February 2, 2024, and believes it has successfully contained the breach.

During the period when systems were offline, the company acknowledged resorting to alternative methods to maintain operations and serve customers, although specific details were not provided.

Willis Lease Finance also stated it is still evaluating the extent of the breach and whether any data was compromised. Law enforcement has been notified about the breach.

Although the company refrained from explicitly mentioning "ransomware" or "attack" in its disclosure, the presence of passport scans on Black Basta's website suggests that the investigation into potential data theft may yield results soon.

The ransomware group claims to have obtained 910 GB of company data, including information about customers, employees, HR records, non-disclosure agreements (NDAs), among others. Black Basta published a selection of documents online, including screenshots of accessed files, HR documents containing social security numbers, and identity documents such as passports.

Attempts to match names on these documents with online profiles revealed matches predominantly in the US and UK, along with some from other countries.

Efforts to reach Willis Lease Finance for comment were unsuccessful at the time of reporting.

Established for over 45 years, Willis Lease Finance describes itself as a leading independent provider of jet engines to major airlines worldwide.

Black Basta, known for its high-profile ransomware attacks, is linked to the now-defunct Conti group and is believed to have amassed over $100 million from its victims, including major organizations like Capita and Southern Water in the UK.

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.

Taj Hotels Faces Data Breach, Revealing Data of 1.5 Million Customers

 

The cybersecurity landscape witnessed a recent data breach that sent shockwaves through the esteemed Taj Hotels chain. Perpetrated by the group "Dnacookies," the hack has potentially impacted more than 1.5 million consumers, prompting heightened concerns about data security, customer privacy, and the overall state of digital defenses within the hotel industry.

According to reports from CNBC-TV18, the compromised data spans a six-year period, ranging from 2014 to 2020. The exposed information includes addresses, membership IDs, mobile numbers, and other personally identifiable details. Despite the hacker's claim that the dataset is "non-sensitive," the reality is that any compromise of personal information can expose individuals to various risks, from identity theft to financial fraud.

The Indian Hotels Company Ltd. (IHCL), the entity overseeing Taj Hotels, promptly responded to the breach. A spokesperson for IHCL acknowledged the situation, emphasizing that the compromised customer data is deemed non-sensitive. However, the company is taking the incident seriously, initiating an investigation and notifying relevant authorities. A commitment to continuous system monitoring is deemed crucial to prevent further unauthorized access.

The severity of the situation is highlighted by the participation of the Indian Computer Emergency Response Team (CERT-In), a government agency responsible for addressing and mitigating cybersecurity incidents in India. CERT-In's involvement suggests that the breach extends beyond a concern for Taj Hotels, carrying broader implications for national cybersecurity.

"Dnacookies" has articulated specific demands, introducing complexity to an already intricate situation. The insistence on a middleman for negotiations, an all-or-nothing approach to data release, and a refusal to provide additional samples hint at a calculated and methodical strategy, raising questions about the motives behind the breach—whether purely financial or with more insidious intentions.
 
Beyond immediate concerns about breached data, the incident poses potential ramifications for both individuals and Taj Hotels. Affected customers face an increased risk of identity theft and financial fraud. Moreover, the reputation of Taj Hotels, synonymous with luxury and trust, is at stake. Customer trust in the overall security measures of the hospitality industry may be compromised.

Taj Hotels and similar establishments find themselves at a critical juncture in reassessing and strengthening their cybersecurity procedures as the investigation unfolds. This involves implementing sophisticated encryption techniques, regularly updating security systems to address new threats, and providing comprehensive training to staff members to raise awareness and prevent security lapses. Staying ahead of cyber threats necessitates collaboration with cybersecurity specialists and government organizations, exemplified by CERT-In's active engagement.
:
The Taj Hotels data breach underscores the intrusive and dynamic nature of cyber threats. Data security should be a primary concern for all businesses, particularly those in the hospitality industry where digital interactions are integral to modern life. The industry at large is urged to learn from the Taj Group's experience, bolster cybersecurity protocols, and collaborate to ensure digital infrastructure resilience against evolving cyber threats.

World's Largest Bank, China's ICBC, Faces Cyberattack Causing Disruption in Treasury Markets

 

The U.S. Treasury Department, addressing a cybersecurity concern, informed CNBC that it is actively engaged with key players in the financial sector and federal regulators, maintaining continuous vigilance on the situation. Meanwhile, ICBC, a major Chinese bank, asserted that the cyber incident impacting its U.S. financial services arm did not extend to its operations in China or other affiliated institutions globally.

In response to the attack, Wang Wenbin, the spokesperson for China’s Ministry of Foreign Affairs, stated that ICBC is working to mitigate the impact and losses incurred. He emphasized the bank's effective emergency response and supervision during a regular news conference.

As for the ransomware attack, the perpetrator remains unidentified, and ICBC has not disclosed the responsible party.. Cybersecurity experts, including Marcus Murray from Truesec, identified the ransomware as LockBit 3.0. However, tracing the origin of such attacks is challenging due to hackers' sophisticated techniques to conceal their identities.

LockBit 3.0, known for its modularity and evasiveness, poses difficulties for security researchers. The malware's unique password requirement for each instance makes analysis challenging, according to the VMware cybersecurity team. The Cybersecurity and Infrastructure Security Agency describes LockBit 3.0 as a highly adaptable and elusive threat, complicating detection.

LockBit, the group behind the ransomware, operates on a "ransomware-as-a-service" model, selling its malicious software to other hackers, known as affiliates. The group, led by "LockBitSup" in online forums, claims to be based in the Netherlands and asserts a non-political motivation. LockBit has a history of targeting small and medium-sized businesses, and data from cybersecurity firm Flashpoint indicates that it accounts for approximately 28% of known ransomware attacks.

The group has previously claimed responsibility for ransomware attacks on prominent entities such as Boeing and the U.K’s Royal Mail. In June, the U.S. Department of Justice charged a Russian national for involvement in deploying LockBit ransomware and other cyberattacks globally, revealing the extent of the group's activities and financial gains.

Marna Bay Sands: Data of 665,000 Customers Hacked by Unknown Third Party

 

Singapore is renowned for maintaining stringent cybersecurity and data protection standards in the region. Companies in the country are keenly aware of their responsibility to safeguard cybersecurity, particularly concerning data privacy. In the event of cybersecurity incidents, organizations promptly notify both customers and regulators, implementing swift plans to rectify the situation. 

Recently, Marina Bay Sands (MBS) encountered a data leak involving the personal information of approximately 665,000 members in its shoppers' rewards program, prompting a rapid response from the company.

MBS took immediate action, informing members of its Sands LifeStyle program via email on November 7th about the data leak that occurred between October 19th and 20th. The resort disclosed its awareness of the incident on October 20th and initiated investigations. 

The inquiry revealed that an unidentified third party had accessed the personal data of the affected members. Paul Town, MBS's Chief Operating Officer, reassured members that, as of the investigation's findings, there is no evidence indicating misuse of the data by the unauthorized third party.

The compromised personal data included members' names, email addresses, contact details, country of residence, membership numbers, and tiers. MBS advised affected users to closely monitor their accounts for suspicious activity, change login pins regularly, and stay vigilant against phishing attempts. The company reported the data leak to relevant authorities in Singapore and other applicable countries, collaborating with them in their investigations.

Despite a decline in cybersecurity incidents in Singapore earlier in the year, recent weeks have witnessed an increase in such occurrences. Between the first quarter of 2020 and the first quarter of 2023, data breach statistics in Singapore showed significant fluctuations in the number of exposed records. Besides the MBS data leak, a recent incident involved web service outages in public hospitals and polyclinics due to a distributed denial-of-service (DDoS) attack.

While some might draw parallels between the MBS data leak and recent ransomware attacks on Las Vegas casinos, the situations differ. Unlike the ransomware incidents at Caesars Palace and MGM, MBS did not report any ransom demands. The company asserts that only the personal data of its members was compromised, without any disruption to services. However, the stolen data holds significant value on the dark web. The exact cause of the MBS data leak and whether other data was compromised remains to be determined.

Progress Software Confirms SEC Investigation into MOVEit Mass-Hack

 

U.S. securities regulators are delving into the widespread MOVEit hack, which has left the personal information of over 64 million individuals exposed, according to the creators of the affected software.

Progress Software revealed in a recent regulatory filing that it has received a subpoena from the U.S. Securities and Exchange Commission (SEC), requesting "various documents and information" regarding the MOVEit vulnerability. 

“The SEC investigation is a fact-finding inquiry, the investigation does not mean that Progress or anyone else has violated federal securities laws and the investigation does not mean that the SEC has a negative opinion of any person, entity, or security,” the filing added. “Progress intends to cooperate fully with the SEC in its investigation

In the same filing, Progress assured that it anticipates only a marginal financial impact from the MOVEit mass-hacks, despite the extensive scope of the breach.

The company outlined expenses of $1 million related to the MOVEit vulnerability, accounting for both received and anticipated insurance reimbursements of around $1.9 million.

Nevertheless, Progress cautioned that potential losses may still occur, as 23 affected clients have initiated legal proceedings against the company and are seeking indemnification. Additionally, 58 class action lawsuits have been filed by individuals claiming to be affected.

Although almost half a year has passed since the discovery of the MOVEit zero-day vulnerability, the precise number of affected MOVEit Transfer customers remains uncertain. Cybersecurity firm Emsisoft reports that 2,546 organizations have confirmed being impacted, affecting more than 64 million individuals.

Fresh cases continue to surface. Just last week, Sony acknowledged that over 6,000 employees had their data accessed in an incident related to MOVEit. Flagstar Bank also disclosed that more than 800,000 customer records were pilfered.

November Security Breach

In its filing, Progress Software disclosed incurring additional expenses of $4.2 million linked to a distinct cybersecurity incident in November of 2022.

The filing did not divulge specifics about the event. However, John Eddy, a spokesperson for Progress, representing the company through a third-party agency, verified that during that period, Progress Software had identified signs of unauthorized entry into its corporate network, including evidence of certain company data being exfiltrated. The incident was made public in December 2022.

Progress Software has not disclosed the types of data that were accessed or the number of individuals affected. Eddy informed TechCrunch that the company maintained full functionality throughout the 2022 incident, which was unrelated to any "recently reported software vulnerabilities."

The company affirmed that expenses associated with this incident primarily encompassed the engagement of external cybersecurity experts and other incident response professionals. It also noted that it received approximately $3 million in insurance settlements.

SEC Amends Cyber Incident Disclosure, Raises Concerns


SEC taking a tough stand on cyber threats 

Due to rise in breaches among its members and on its systems, the Security and Exchange Commission (SEC) is thinking how it can tackle the problem of cyber threats. 

The SEC suggested new amendments in March to supervise how investment firms and public companies under its purview should strengthen their IT security management and incident reporting. 

Throughout the years, SEC's disclosure regime has advanced to highlight evolving risks and investor needs. 

Current Cyber Security Landscape 

Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner, said SEC Chair Gary Gensler.

SEC being rough on incident reporting and identity theft programs

In July, the SEC thrashed JP Morgan & Co, UBS and online stock-trader TradeStation with having deficient customer identity programs, all these programs have violated the Identity Red Flag rules, or regular S-ID between between January 2017 and October 2019. 

Regulation S-ID aims to protect investors from identity threat risks. All the three financial organizations have agreed to: 1.Cease and desist from violations in future, 2. Getting censored, 3. Pay fines of $1.2 Million, $925,000, and $425,000, respectively. 

Besides these commitments, the SEC's proposed amendments will need the financial institutions to provide current report regarding material cybersecurity cases and periodic reporting to give updates about earlier reported cybersecurity incidents. 

The SEC in March issued that:  

“proposed rule defines a cybersecurity incident as an unauthorized occurrence on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”  Under the new rule, it considered "information systems" in a broad sense, especially when the financial firm made use of a cloud- or host based systems. 

SEC in the amendment says:

"The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks. The registrant’s board of directors' oversight of cybersecurity risk, and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures." 



SLTT Organizations Targeted by Jupyter Malware

 

The Multi-State Information Sharing and Analysis Center (MS-ISAC) Cyber Threat Intelligence Team (CTI) have uncovered Jupyter, a highly evasive and adaptive .NET infostealer, targeting state, local, tribal, and territorial (SLTT) organizations. 

To exploit SLTT entities, malicious actors have installed Jupyter widely, leveraging SEO-poisoning to design watering hole sites. Jupyter, also known as SolarMarker installs a multi-stage process, leveraging PowerShell and legitimate tools, such as Slim PDF Reader, to drop secondary payloads to fingerprint victim information, including computer name, OS version, architecture, permissions, and the user identifier. 

According to MS-ISAC, Jupyter targeting SLTTs is a part of a broader opportunistic effort, since the malware is impacting a wide range of sectors, including finance, healthcare, and education. Following a surge in activity during the fall, SLTT-Jupyter infections subsided with no incidents in December and a small resurgence through this past month.

The targeted organizations became aware of infections when their endpoint detection and response services (EDR) warned of unauthorized PowerShell commands attempting to establish links with command and control (C2) traffic. 

The researchers at MS-ISAC continue to investigate why malware authors are exfiltrating victims' private details. Additionally, researchers have noticed that Jupyter operators are altering their techniques, tactics, and procedures (TTPs), causing variation in intrusion details across infections. 

Despite the irregularity in Jupyter TTPs, multiple features are common among public-sourced and MS-ISAC-observed breaches. Prior to infection, the Jupyter operators inject over 2,000 keywords to push malicious Google and WordPress sites up search engine rankings, using a technique known as SEO-poisoning, thereby increasing the likelihood that an unsuspecting user will visit the page. 

Upon examining an SLTT Jupyter incident, researchers noticed that the initial infection occurred after an end-user attempted to install a malicious file embedded with an executable of a compromised website form.

Iran Accuses USA and Israel for Carrying Out Fuel Cyberattacks

 

An Iranian General alleged that Israel and US might have planned a cyberattack that caused disruption of fuel in service stations in Iran. The attack which happened on Tuesday is similar to two recent incidents where, as per the general, the attackers might be Iran's rivals: USA and Israel. Two incidents were analyzed, the Shahid Rajaei port incident and the railway accident, and found that these two incidents were similar. Earlier this year, as per Iran's transportation ministry, a cyberattack disrupted its website and computer systems, reports Fars news agency. 

"In a country where petrol flows freely at what are some of the lowest prices in the world, motorists need digital cards issued by the authorities. The cards entitle holders to a monthly amount of petrol at a subsidized rate and, once the quota has been used up, to buy more expensive at the market rate," reports The Security Week. In 2020, Washington Post reported an incident where Israel orchestrated an attack on Iranian port Shahid Rajaei (in Hormuz Strait), a strategic path to global oil shipments. 

The recent cyber disruption resulted in traffic jams in major pockets in Tehran, having long lines at petrol pumps disrupting traffic flow. Following the incident, the oil ministry shut down the service stations in order for easy manual distribution of petrol, said the authorities. On Wednesday, President Ebrahim Raisi alleged that the actors were trying to sway the people of Iran against Islamic Republic leadership. As per the reports, an estimated 3200 out of 4300 of the country's service stations have been re-linked with the central distribution system, said the National Oil Products Distribution Company. 

Besides this, there are other stations who also give fuel to motorists, but not at subsidized rates, which makes it twice in the rates, around 5-6 US cents/litre. The Security Week reports, "Since 2010, when Iran's nuclear program was hit by the Stuxnet computer virus, Iran and its arch-foes Israel and the United States have regularly accused each other of cyberattacks. The conservative Fars news agency on Tuesday linked the breakdown to opponents ahead of the second anniversary of deadly protests sparked by a hike in petrol prices."

Beverge Manufacturer Molson Coors Targeted in Cyber Attack

 

Brewing giant Molson Coors revealed on Thursday that it has experienced a ‘cybersecurity incident’ that has disrupted its operations and beer production. The cyberattack forced the beverage manufacturer to take its system offline, including affected portions of its production and distribution operations. 

The company did not share details of which type of attack has caused widespread troubles across its entire business, however, given the recent history of major attacks on several companies, security experts are speculating that it could have been a ransomware attack. “Molson Coors experienced a system outage that was caused by a cybersecurity incident,” the company said in a statement. 

To investigate the incident, Molson Coors has engaged leading forensic information technology firms and legal counsel to assist the company’s internal investigation and is working to get systems back up as quickly as possible. 

Niamh Muldoon, global data protection officer at identity and access management specializes OneLogin, said high-profile manufacturers were particularly at risk from cyber attacks of this nature. “Ransomware remains a global cybersecurity threat and is the one cybercrime that has a high direct return of investment associated with it, by holding the victim’s ransom for financial payment,” she stated. 

“On a global scale, cybercriminals will continue to focus their efforts on this revenue-generating stream. This reinforces what we’ve said before that no industry is exempt from the ransomware threat and it requires constant focus, assessment, and review to ensure that critical information assets remain safeguarded and protected against it,” she further added. 

Edgard Capdevielle, CEO at Nozomi Networks, a specialist in operational technology security added: “High profile attacks are becoming all too common, as attackers have realized they are immensely profitable when they target large organizations and disrupt their critical business operations – in this case, the brewing operations of the world’s biggest, well-known beer brands.” 

This is not the first high-profile cybersecurity incident as of late. Last week, threat actors targeted hundreds of thousands of Microsoft Exchange users around the globe and leaked private information on the dark web.