US most breached country last quarter
The USA has the dubious honor of being the most breached country in Q3 2023 despite a decrease in breach count. This is according to a new global study from VPN maker Surfshark, which showed the US had 8.1M leaked accounts, or one leaked account per second in this period. This, however, is still 84% less compared to the previous quarter. The report also shows that globally, a total of 31.5M accounts were breached in that same period, translating into 4 accounts being leaked every second. Russia was next, followed by France, China, and Mexico. A link to the report is available in the show notes to this episode.
OpenAI blames DDoS attacks for ongoing ChatGPT outages
OpenAI confirmed yesterday, Thursday, that the “periodic outages” affecting its API and ChatGPT services were DDoS related. Users saw error messages in their ChatGPT windows as well as on generative art engine DALL-E on Monday. Anonymous Sudan is claiming responsibility for the outage, stating on its Telegram channel that it used the SkyNet botnet to carry out the attack. Bleeping Computer is quick to point out this claim may be a false flag, with many cybersecurity researchers looking at Russia instead.
Clop exploits SysAid vulnerability
A zero-day vulnerability within the service management software SysAid is being exploited by threat actors to access corporate servers in order to steal data and to deploy Clop ransomware. On November 2, the Threat Intelligence team at Microsoft discovered the issue now tagged as CVE-2023-47246, being exploited in the wild, and alerted SysAid, who has now released a patch, which is available in a software update. All SysAid users are strongly recommended to switch to version 23.3.36 or later. Microsoft has named the threat actor involved as Lace Tempest.
Japan Aviation Electronics targeted in ransomware attack
The ALPHV/BlackCat ransomware group has claimed responsibility for an attack on the Tokyo-based manufacturer of electrical connectors, aerospace electronics, and user interface related devices. This also happened on November 2, and chiefly impacted the company’s email systems. The company states that “no information leakage has been confirmed to date,” however, ALPHV/BlackCat ransomware gang claims to have stolen “roughly 150,000 documents from the company, including blueprints, contracts, confidential messages, and reports,” with screenshots already appearing on its Tor website.
Thanks to today’s episode sponsor, OffSec
Python developers warned against becoming targets
A cautionary tale from cybersecurity firm Checkmarx, as reported in The Record, “sometimes when malicious hackers meddle with open-source software development, the target isn’t the software — it’s the developers themselves.” The researchers have been tracking malware intended to infect the computers of developers who work in Python and who are looking for tools that will help disguise their code in development. The article looks specifically at a package called BlazeStealer which enables a bot on the Discord messaging service “that gives attackers complete control over the victim’s computer.”
Optus outage causes Aussie outrage
A widespread 12-hour outage of internet and phone service at Australia telcom Optus on Wednesday has been blamed on a “network event that triggered a cascading failure.” In addition to large-scale operations like payment systems, transport systems, and hospitals being affected, many small business owners voiced their displeasure over the “robustness of Australia’s telecommunications network and in particular about Optus, which is owned by Singapore Telecommunications.” CEO Kelly Bayer Rosmarin said in a statement, “customers will be given free data to acknowledge their patience and loyalty.” Australia’s media regulator will conduct a separate review into the outage since emergency triple zero (“000”) calls, the Australian version of 911, went down on Optus landlines.
(Reuters)
Sumo Logic announces breach
The cloud security company disclosed the breach after confirming that its AWS account had been compromised. The company stated that its systems and networks were not impacted, and that customer data were encrypted. They recommend customers “rotate credentials that are either used to access Sumo Logic or that they have provided to the company to access other systems.”
Shimano hit by ransomware attack
And now a story from a news source we seldom cover on Cyber Security Headlines – the Cycling News, who describes a ransomware attack on the cycling component manufacturer Shimano. Quoting a post on Twitter/X from technology security company Falcon Feeds, it was a LockBit attack also on November 2, resulting in “4.5 terabytes of sensitive data breached including employee passport data, financial documents and confidential diagrams…non-disclosure agreements and more. No ransom has been mentioned, but the Cycling News points out this is another bad blow for the company that last month issued a recall on one of its cranksets, is the subject of a class-action lawsuit, and is seeing a substantial downturn in sales.