Latest news with #ALPHV
Techday NZ
08-07-2025
- Business
- Techday NZ
Ingram Micro responds to ransomware incident impacting internal systems
Ingram Micro has confirmed a ransomware attack targeting its internal systems, leading to operational disruption and an ongoing effort to restore affected services. The global technology distributor issued a statement acknowledging the incident and outlining steps taken to secure its environment and mitigate potential damage. "Ingram Micro recently identified ransomware on certain of its internal systems," the company said in a statement issued on 5 July. "Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement." The company is currently focused on restoring affected systems and minimising disruption to business operations. "Ingram Micro is working diligently to restore the affected systems so that it can process and ship orders, and the Company apologises for any disruption this issue is causing its customers, vendor partners, and others," the statement read. Expert voices warn on supply chain risks Industry experts have highlighted the growing risks associated with third-party access in the wake of the attack. Gareth Roberts, Head of Delivery at tmc3, a Qodea company, said: "It is crucial to remember that organisations are only as secure as their weakest link. Therefore, assessing the security practices of third-party suppliers and ensuring that data protection standards are being upheld is vital to a company's security posture." Roberts underscored the importance of communication and transparency throughout the supply chain, noting that technical safeguards also play a key role in preventing such incidents. "To further protect information, businesses can implement specific technical measures such as strong encryption for data both in transit and at rest, which makes it unreadable to unauthorised users. Additionally, enforcing access controls and multi-factor authentication (MFA) helps ensure that sensitive data is only accessible to those who require it," he advised. Alleged threat actor and industry context The ransomware incident at Ingram Micro has reportedly been linked to a group known as SafePay, which allegedly accessed the company's systems via a compromised virtual private network (VPN). Jim Routh, Chief Trust Officer at Saviynt, commented: "The attack on Ingram Micro allegedly by SafePay is another example of the preference for threat actors to use compromised credentials to penetrate proprietary systems, in this case, gaining access to the virtual private network of Ingram Micro. Enterprises have an opportunity to improve their identity security capabilities to resist these types of attacks in the future." Chris Hauk, Consumer Privacy Champion at Pixel Privacy, provided further context regarding the threat landscape. "With the toppling of LockBit and ALPHV, this has opened up 'opportunities' for upstart ransomware groups like SafePay. The group first gained fame with an early high-profile SafePay ransomware attack on UK telematics business Microlise, with SafePay claiming to have stolen 1.2 terabytes of data and demanding payment in less than 24 hours. However, little remains known about the group," Hauk noted. Hauk added: "The reports I've seen indicate the group moves quickly, with fast encryption times, seeing attacks typically move from system breach to deployment in less than 24 hours." He emphasised that organisations can protect against similar threats by implementing a series of robust security measures. "Organisations can protect against SafePay and similar types of ransomware attacks by placing strict access controls on their systems, strong authentication like multi-factor authentication, monitoring for newly discovered vulnerabilities, and implementing secure VPN connections to provide remote access," Hauk said. Ongoing investigation and mitigation efforts Ingram Micro's statement did not specify the extent of the disruption or when full system restoration is expected. The company has engaged leading cybersecurity experts to support its investigation and has notified relevant law enforcement authorities. The company also apologised for any inconvenience experienced by its customers and partners as a result of the incident. As the investigation continues, Ingram Micro's experience underscores the persistent threat posed by ransomware and highlights the critical importance of vigilance, secure access management, and strong supply chain security practices within the IT sector.
ITV News
03-07-2025
- Business
- ITV News
Could airlines be the new target for hacking group Scattered Spider?
It was the hacking group linked to both the M&S and Co-op cyber attacks, but it appears Scattered Spider has a new sector in its sights. Initially targeting retail companies, the group now appears to be setting its sights on the aviation industry. In the US, the Federal Bureau of Investigation recently posted on the social media platform X, raising the alarm. Both Google and the US cybersecurity company Palo Alto Networks have also warned of the potential threat. In a statement posted on LinkedIn, Sam Rubin of Palo Alto said that the company has "observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry". Google experts reported similar findings. Charles Carmakal, an executive for Google's cybersecurity unit, said the company was "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider". No references were made to any specific airlines, but recently Canadian airline WestJet, Hawaiian Airlines and Qantas have all suffered from cyber attacks. The airlines have not released any details on potential links between the incidents and Scattered Spider, but the hacking group has been blamed for some of the most disruptive hacks across the UK and US in recent memory. Who are Scattered Spider? According to America's Cyber Defence Agency, Scattered Spider is a cybercriminal group that targets large companies and their IT help desks. Scattered Spider members have typically engaged in data theft for extortion and have been known to use BlackCat/ALPHV ransomware. The group initially dabbled in financial fraud and social media hacking but has become more advanced, conducting data breaches and stealing cryptocurrency. Some of its members are as young as 16 years old and meet on hacking forums, discord servers and Telegram channels. Why the aviation sector? ITV News spoke to cyber security expert Graham Cluley about the reasons why the aviation sector is likely on the target list. "Airlines and firms in the aviation industry consist of an attractive cocktail of critical infrastructure, sometimes outdated tech, and massive customer databases that can prove irresistible to hackers," he said. "Many aviation industry businesses still rely on legacy systems bolted onto newer platforms, which determined hackers like Scattered Spider love to exploit. "Plus, of course, with the summer holidays about to begin and many travellers planning to jet overseas, hackers will view that as a greater incentive than ever for airlines to pay up, rather than cause chaos for their customers." A spokesperson for the UK Civil Aviation Authority (CAA) told ITV News: 'We are aware of rumoured activity. We are in contact with the National Cyber Security Centre and have warned our industry contacts about this group and the techniques they use.' How can airlines be better equipped to deal with potential threats? Mr Cluley said airlines need to harden their defences to prevent attacks like this from happening. "Many hackers break into systems via stolen or phished credentials," he explained. "Scattered Spider, for instance, has often used the ploy of posing as employees who have been locked out of their accounts, and tricking service desks into giving them access. "Additionally, the air industry needs to keep a close eye on its third-party suppliers - especially those which have privileged access to its network or data. Supply chain attacks are a favourite amongst hackers." "Hopefully businesses in the air industry are also 'hacking themselves' - in other words, simulating the methods used by hackers to find weaknesses in their systems before they are exploited by cybercriminals," he continued. "Finally, there's a lot to be said for staff training - educating them about how hackers trick staff into making mistakes that can result in a cyber attack succeeding." As a customer, it's important to ensure you have the best measures in place to protect yourself if an airline is targeted. "It's the airline that gets hacked, not you," Mr Cluley said. "But it might be your data that ends up in the hands of cybercriminals". He recommends using unique, strong passwords and advises customers not to use the same password for different places on the internet. "Where possible, enable multi-factor authentication (also known sometimes as two-factor authentication)," he said. He also said that paying with a credit card makes it easier to get your money back if fraud occurs. He added: "You may also be wise to use a 'virtual card' which has a lower spending limit on it or can be locked to a specific merchant. "Some banks offer this facility - making it possible to create a unique card number that is linked to your real account but cannot be reused elsewhere. If a travel site or airline is breached, your actual credit card number isn't exposed."
Yahoo
20-06-2025
- Business
- Yahoo
Insurer Aflac investigating possible data breach after attack on US network
(Reuters) -Aflac on Friday disclosed a cybersecurity incident in which personal information of its customers may have been compromised, making it the latest insurance provider to be targeted. The health and life insurance firm said the attack on its U.S. network, which was identified on June 12, was caused by a "sophisticated cybercrime group", but did not specify a name. It said it was unable to determine the total number of affected individuals until a review, which is in its early stages, is completed. The company said it was able to stop the intrusion within hours and has reached out to third-party cybersecurity experts to investigate into the incident. The company said the potentially impacted files contain personal information of its customers, such as social security numbers and health-related details. Aflac offers accident and pet insurance plans in the U.S. and Japan. It manages personal, medical and financial data of more than 50 million policyholders. Health insurers have been facing increased cybersecurity risks recently with UnitedHealth's breach being the most notable example impacting 100 million people last year. UnitedHealth's Change unit was breached by a hacking group called ALPHV, also known as "BlackCat" who are estimated to have stolen a third of Americans' data in one of the worst hacks to hit the U.S. healthcare sector. Shares of Aflac fell 1.3% in premarket trading.
CNA
20-06-2025
- Health
- CNA
Insurer Aflac investigating possible data breach after attack on US network
Aflac on Friday disclosed a cybersecurity incident in which personal information of its customers may have been compromised, making it the latest insurance provider to be targeted. The health and life insurance firm said the attack on its U.S. network, which was identified on June 12, was caused by a "sophisticated cybercrime group", but did not specify a name. It said it was unable to determine the total number of affected individuals until a review, which is in its early stages, is completed. The company said it was able to stop the intrusion within hours and has reached out to third-party cybersecurity experts to investigate into the incident. The company said the potentially impacted files contain personal information of its customers, such as social security numbers and health-related details. Aflac offers accident and pet insurance plans in the U.S. and Japan. It manages personal, medical and financial data of more than 50 million policyholders. Health insurers have been facing increased cybersecurity risks recently with UnitedHealth's breach being the most notable example impacting 100 million people last year. UnitedHealth's Change unit was breached by a hacking group called ALPHV, also known as "BlackCat" who are estimated to have stolen a third of Americans' data in one of the worst hacks to hit the U.S. healthcare sector.
ITV News
29-04-2025
- Business
- ITV News
Who is Scattered Spider, the group being linked to the M&S cyber attack?
Marks and Spencer is still reeling after a cyber attack left it with empty shelves instore and has forced the company to pause its online shopping services. Now reports are emerging claiming that a hacking group known as Scattered Spider was behind the attack. The group is notorious in the online criminal world for targeting large companies and breaching their data. As a result of this attack, M&S has seen more than £700 million wiped off its stock market valuation since first facing problems. So who is Scattered Spider and how does it operate? What is Scattered Spider? According to America's Cyber Defense Agency, Scattered Spider is a cybercriminal group that targets large companies and their IT help desks. Scattered Spider members have typically engaged in data theft for extortion and have been known to use BlackCat/ALPHV ransomware. Experts agree that ransomware was used in M&S's case. The group includes young members, some as young as 16, with a range of skills who frequent the same hacker forums, Telegram channels and Discord servers. The group initially only dabbled in financial fraud and social media hacks but later advanced to stealing cryptocurrency and breaching corporations data in extortion attacks. Some members are believed to be part of a community called The Comm, a group involved in high-profile cyber incidents. Experts say the group's fluid tactics and use of different individuals for each attack make them difficult to track. One of Scattered Spider's biggest alleged hacks involved the gaming giant MGM Resorts International, which operates over 30 hotel and gaming venues around the world. In September 2023, when guests reported difficulty accessing rooms and using casino games, MGM was alerted to a potential hack. Scattered Spider is thought to have brought MGM systems to a halt after they gained access to the company's management system and were able deploy ransomware. The company revealed some customers personal data was stolen, including names, dates of birth and driving license numbers. In some cases, social security numbers and passport numbers were also involved. In the wake of the incident, MGM reported total losses of around $100 million (around £75 million). In August that same year, Ceasars Entertainment also fell victim to a hack linked to Scattered Spider. The data breach affected members of the Ceasars Reward's programme, impacting data related to 65 million people. Scattered Spider reportedly breached Caesars Entertainment's IT vendor by impersonating a Caesars employee and convincing the IT desk to provide login credentials to Caesars' access management provider. From there, it gained access to the loyalty program database. Scattered Spider began making demands for ransom, which the company complied with, paying out $15 million (around £11 million) to the hackers. How do they operate? Scattered Spider is credited with expertise in social engineering attacks (manipulating people into sharing information they would not have otherwise shared). The group is known to have used other techniques such as phishing, multi-factor authentication bypass techniques, and SIM swapping, to gain access to the data of large organisations. America's Cyber Defence Agency cites Scattered Spider as having previously: Posed as company staff using phone calls or text messages to obtain credentials from employees. Posed as IT staff to convince employees to share their credentials. Sent repeated notifications, prompting employees to press the 'Accept' button. Convinced mobile network operators to transfer control of a user's phone number to a SIM card they controlled, gaining control over the phone. Extorted victims for money using ransomware and data theft. What tactics were used in the Marks and Spencer case? Hackers are thought to have gained access to M&S systems through something called Active Directory. Cyber security expert, Professor Alan Woodward told ITV News: "Active Directory is a Microsoft product, which allows you to log in once and access all the systems. "There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. "They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network."
