1st February | Become Cybersafe – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats Update, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

Russian hackers breached Hewlett Packard security team’s email accounts

Hewlett Packard Enterprise (HPE) has publicly disclosed a security breach where suspected Russian hackers, identified as Midnight Blizzard (also known as Cozy Bear, APT29, and Nobelium), gained unauthorised access to the company’s Microsoft Office 365 email environment. The breach, detected on December 12, 2023, reportedly occurred in May of the same year, with the threat actors targeting specific HPE mailboxes belonging to individuals in cybersecurity, go-to-market, business segments, and other functions.

The disclosure, made through a Form 8-K SEC filing, outlines HPE’s understanding of the incident based on their ongoing investigation. According to the filing, the threat actor accessed and exfiltrated data from a limited percentage of HPE mailboxes. The breach is suspected to be related to a previous incident in May 2023 when attackers gained access to the company’s SharePoint server, resulting in the theft of files.

HPE is working with external cyber security experts and law enforcement agencies to investigate and respond further to the breach. In a statement to BleepingComputer, the company emphasised its commitment to providing appropriate notifications and ensuring transparency in compliance with regulatory disclosure guidelines. Despite the breach, HPE asserts that there has been no operational impact on its business, and as of the current assessment, there is no indication of a material financial impact.

Interestingly, Microsoft recently reported a security breach involving Midnight Blizzard, indicating a broader campaign by this Russian state-sponsored hacking group. In Microsoft’s case, the breach was attributed to a misconfigured test tenant account, allowing threat actors to brute force the account’s password and gain access to corporate email accounts, including those of the senior leadership team and employees in cybersecurity and legal departments.

It’s worth noting that HPE was previously targeted in 2018 when Chinese hackers breached its network and that of IBM, subsequently exploiting the access to compromise customer devices. In 2021, HPE disclosed another cyber security incident where data repositories for its Aruba Central network monitoring platform were compromised, leading to unauthorised access to information about monitored devices and their locations.

As the investigation into the recent breach continues, HPE remains vigilant, underscoring the evolving and persistent nature of cyber threats faced by large enterprises and the importance of robust cyber security measures in safeguarding sensitive information.

26 Billion Records Leaked in a Historic Data Breach

In a monumental data breach known as the ‘Mother of All Breaches’ (MOAB), security researchers have uncovered an open instance containing over 26 billion data records. The breach, labelled MOAB, is unique for its extensive scale and the sensitivity of the exposed data, most of which is sourced from previous breaches.

The compromised information includes records from diverse organisations, and the dataset involves 3,876 domain names. Despite the likelihood of duplicate records, the sheer volume of potentially unique records raises concerns about the impact on individuals.

The breach has raised awareness about the persistent use of old credentials, as even outdated information remains valuable for cybercriminals. Specific organisations, primarily third-party entities like IT service providers and software companies, appear to be frequent targets, likely due to their attractiveness to cyber criminals.

The compromised data, reported to include sensitive information, poses significant risks such as identity theft, financial fraud, and reputational damage. The breach emphasises the need for organisations to adopt a proactive security mindset, implementing measures such as encrypting databases and Multifactor Authentication (MFA).

Security experts recommend that organisations enforce MFA, discourage password reuse, promote solid passwords or passphrases, and provide staff with awareness training. Additional measures include considering cyber security standards like Cyber Essentials or ISO 27001 and conducting penetration testing to identify and address specific risks.

Microsoft have stated that Russian hackers are targeting other companies

Microsoft has alerted that Russian hackers, identified as the Midnight Blizzard group (aka Nobelium), responsible for the recent cyber attack on Microsoft’s systems, are also targeting other organisations. The tech giant has initiated notifications to the affected entities.

The hackers employed a password spraying attack, exploiting a legacy system without multi-factor authentication, emphasising concerns over sensitive data. Microsoft revealed that the hackers focused on a limited number of accounts to evade detection and used a distributed residential proxy infrastructure to obfuscate their activities.

The attackers gained access to a small percentage of Microsoft corporate email accounts, showing more interest in the information Microsoft possessed about them. Hewlett Packard Enterprise (HPE) also reported a breach by Midnight Blizzard in its Microsoft-hosted email system, with similarities in attackers and dates with the Microsoft incident. However, a direct link has not been confirmed.

HPE disclosed that data was accessed and exfiltrated from a small percentage of mailboxes starting from May 2023 and is investigating the incident linked to a prior intrusion involving SharePoint files.

—————————————————————————————————————————–

Contact Neuways for Cyber Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the country and can travel for your needs.