Latest news with #Clop
TECHx
04-08-2025
- Business
- TECHx
Hidden Dangers: Supply Chain Cyberattacks in 2025
Home » Editor's pick » Hidden Dangers: Supply Chain Cyberattacks in 2025 Supply chain cyberattacks are rising fast in 2025, exposing enterprises to hidden threats through trusted vendors, weak links, and third-party vulnerabilities. In 2025, it's not the hackers breaching your firewalls that should keep you up at night. It's the vendors you trust the most, the small software firm managing your data sync, the overseas hardware supplier, or even your outsourced payroll provider. Cybercriminals are no longer attacking the front doors of the world's most secure enterprises. They're slipping through the side gates, quietly piggybacking on the digital supply chains that keep global business ticking. Verizon's 2025 Data Breach Investigations Report (DBIR) highlights this troubling trend with hard numbers: one in three breaches now involves a third party. The percentage of incidents tied to partners or suppliers has doubled from the previous year, underscoring how deeply embedded these risks have become. What's more, ransomware, often delivered via these indirect attack paths has seen a 37% increase, now factoring into nearly half of all reported breaches. The Hertz-Cleo Fallout Take the Hertz incident earlier this year. The car rental giant itself wasn't hacked. Instead, the Russian-linked ransomware gang Clop infiltrated Cleo Communications, a trusted third-party file transfer provider used by Hertz and gained indirect access to sensitive customer information. By exploiting an unknown vulnerability in Cleo's software, the attackers avoided Hertz's own hardened defenses altogether. This tactic, often called a supply chain attack, isn't new. But what's changed is how quickly it's become the go-to method for sophisticated cybercriminals, including state-backed groups. Why try to breach a billion-dollar enterprise with enterprise-grade security, when you can compromise a smaller supplier with minimal resistance and get the same prize? The damage from these attacks goes far beyond lost data or a ransom paid. They undermine trust in entire ecosystems. If an organization can't vouch for its vendors' security posture, how can it vouch for its own? A Threat Hiding in Plain Sight Supply chains have always been complex. But now it has also become invisible. Many large enterprises now rely on thousands of vendors, software-as-a-service providers, open-source libraries, cloud partners, APIs, and more, creating sprawling digital ecosystems where a single weak link can compromise an entire network. Recent data shows that software supply chain incidents are sharply on the rise. According to Cyble, the average number of such attacks per month increased by 25% from late 2024 to mid-2025. In the last two months alone, this number nearly doubled. Attackers are getting more strategic, more patient, and more effective at exploiting interdependencies between systems that most companies barely map, let alone monitor. Credential abuse remains a leading cause of breaches, with nearly a quarter of attacks stemming from stolen or weak credentials. Vulnerability exploitation is close behind, accounting for 20%. These numbers reflect a sobering reality: as businesses grow more interconnected, the attack surface is no longer within their walls. Sectoral Impact: Healthcare, Manufacturing, and More Certain sectors are feeling the burn more than others. Healthcare, with its sensitive patient data and critical uptime requirements, remains a prime target. The DBIR found 1,710 incidents in the sector this year, with over 1,500 involving confirmed data disclosure. The most compromised data types? Medical and personal. Manufacturing is facing a different but equally insidious threat: espionage. Breaches in the industry nearly doubled this year, and for the first time, 20% were tied to espionage, up from just 3% the year before. Analysts believe this rise is likely linked to state-sponsored actors targeting supply chains to access emerging technologies and industrial secrets. Meanwhile, the financial and education sectors continue to grapple with familiar foes: phishing campaigns, credential stuffing, and basic web application attacks. But the thread tying all of these sectors together is supply chain vulnerability. Regardless of industry, the weakest point isn't the organization, it's often the people and partners just outside of it. Why We're Still Behind Despite years of warnings and a growing pile of headlines, many organizations still don't conduct comprehensive security reviews of their suppliers. Some don't even know how many third-party services are connected to their systems. A recent survey found that fewer than 30% of enterprises require a Software Bill of Materials (SBOM), a basic inventory of components used in applications, from their vendors. The regulatory landscape is beginning to catch up. New compliance mandates in the U.S., EU, and GCC region are placing greater onus on companies to verify vendor security. In the UAE, cybersecurity requirements tied to national digital transformation efforts are already pushing public and private organizations to step up. But policy alone won't solve the problem. Security teams must rethink their architecture from the ground up. The old model, perimeter defense, no longer applies in an age where the perimeter includes thousands of third parties. Strategies like Zero Trust architecture, real-time threat intelligence sharing, and continuous monitoring of third-party behavior are no longer 'nice to haves.' They are essential. A Chain Only as Strong as… The phrase 'a chain is only as strong as its weakest link' is now a cybersecurity cliché. But in 2025, it's painfully accurate. As enterprises double down on digital transformation, AI tools, and cloud-first strategies, their reliance on supply chains will only deepen. That means vigilance can't stop at the firewall, it must extend across every digital handshake. Because in today's cyber era, the breach you didn't notice might just be the one that shuts everything down.
Yahoo
31-05-2025
- Politics
- Yahoo
Russian hackers target Greek company
Nespresso customers in Greece received a notification on 21 May about a possible personal data leak following a cyberattack on its logistics partner, Orphee Beinoglou International Transportation. Source: Ekathimerini, as reported by European Pravda Details: In February 2025, a Russian-speaking ransomware group called Clop claimed responsibility for the attack. The compromised data may include the names, phone numbers, addresses, email addresses, and tax numbers of customers who submit invoices. Nespresso advised customers to be cautious about emails or phone calls asking for personal or financial information. They should also avoid opening links or attachments from unknown sources and use security software on their devices. A representative of Orphee Beinoglou confirmed the breach, stating that the company had notified its partners, ensured that no financial data had been leaked, and strengthened its security measures. The Clop group, which has been active since 2019, was brought to the FBI's attention in 2023 due to attacks on US federal agencies. Experts recorded 384 violations by Clop in 2023. The Greek Data Protection Authority and the National Cybersecurity Authority were informed. Separately, Adidas customers in Greece received similar messages. Background: On 29 May, Polish Prime Minister Donald Tusk announced the extension of the BRAVO and BRAVO–CRP alert levels due to increased hybrid threats from Russia and Belarus ahead of the second round of presidential elections. Krzysztof Gawkowski, Polish Deputy Prime Minister and Minister of Digital Affairs, said Russia was making an unprecedented attempt to interfere in the presidential election. Support Ukrainska Pravda on Patreon!
Fox News
25-04-2025
- Business
- Fox News
Hertz data breach exposes customer information
Most companies use different vendors to run different parts of their business, such as customer management, finances, payroll and social media. To do this, they share access to customer data with these platforms. The issue is that not all vendors take cybersecurity seriously, and hackers are well aware of that. More and more, attackers are going after these weaker links in the digital supply chain. These kinds of breaches often happen quietly, exposing large amounts of customer information without touching a company's main systems. It's becoming a serious concern for both businesses and their customers. One of the latest cases involves Hertz, the car rental giant, which recently confirmed that customer data was exposed because of a cyberattack on one of its software vendors. Join the FREE "CyberGuy Report": Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free "Ultimate Scam Survival Guide" when you sign up! Hertz, the global car rental company that also operates Dollar and Thrifty, has disclosed a data breach affecting thousands of its customers. The incident stems from a cyberattack on one of its third-party vendors, software provider Cleo, between October and December 2024. The breach did not compromise Hertz's internal systems directly but involved data that had been shared with the vendor as part of its operational workflow. The compromised data varies by region but includes sensitive personal information such as names, dates of birth, contact details, driver's license numbers and, in some cases, Social Security numbers and other government-issued IDs. Certain financial information, including payment card details and workers' compensation claims, was also among the stolen records. In the U.S., disclosures were filed with regulatory bodies in California, Texas and Maine. Specifically, 3,457 individuals were affected in Maine and 96,665 in Texas. The total global impact, however, is believed to be far greater. Customers in Australia, Canada, the EU, New Zealand and the U.K. were also notified via breach notices on Hertz's regional websites. The breach is believed to be the work of the Clop ransomware gang, a well-known Russia-linked hacking group. Clop exploited a zero-day vulnerability in Cleo's enterprise file transfer software, technology used by many large organizations to securely transmit sensitive business data. In 2024, the gang launched a mass-hacking campaign targeting Cleo users, ultimately stealing data from more than 60 companies, including Hertz. Interestingly, while Hertz was named on Clop's dark web leak site in 2024, the company initially stated it had "no evidence" its systems or data had been compromised. When contacted by CyberGuy, a Hertz spokesperson said, "At Hertz, we take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz's own network was affected by this event. However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024." While Hertz's internal systems were not breached, the exposure of personal data, including driver's license numbers, contact details and government-issued IDs, poses serious risks. Affected individuals may be vulnerable to identity theft, fraudulent account openings and targeted phishing attempts. If Social Security numbers were involved, the potential for harm increases significantly. Anyone who rented from Hertz, Dollar or Thrifty between October and December 2024 should be on high alert. If you think you were affected or just want to be cautious, here are some steps you can take right now to stay safe from the Hertz data breach. 1. Watch out for phishing scams and use strong antivirus software: With access to your email, phone number or identification documents, attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the Hertz breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here. 3. Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the Hertz breach, including Social Security numbers, driver's license and bank information. This makes you a prime target for identity theft. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft. 4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they'll notify the others. This adds another layer of protection without completely freezing access to credit. 5. Monitor your credit reports: Check your credit reports regularly through where you can access free reports from each bureau once per year or more frequently if you're concerned about fraud. Spotting unauthorized accounts early can prevent larger financial damage. 6. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here. 7. Be wary of social engineering attacks: Hackers may use stolen details like names or birth dates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key. Cyber risk doesn't always come from a company's own network. It often originates in unseen corners of the digital supply chain. Even as companies double down on internal cybersecurity, they must be equally rigorous in how they vet and monitor third-party vendors. For consumers, it's no longer enough to trust the big brand on the label. The data trail is wider, the attack surface larger and the consequences far more opaque. If companies can't protect our data, should they be allowed to collect so much of it? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Yahoo
15-04-2025
- Automotive
- Yahoo
Aussies' data, including passports compromised
Hertz corporation customer data has been impacted from file-sharing platform Cleo being compromised by a cyber extortion operation in October last year. Although the third-party incident occurred last year, it was just confirmed this month that Australian customers may be impacted by the attack conducted by cybercriminal organisation Clop. Passports, driver's licenses, card information and other private details such as name, date of birth, phone numbers, and email addresses could now be exposed. Clop previously published the compromised data on its site, along with other Australian companies on the hit list, such as Steelblue, Linfox and Ampol. 129 Zip archives of Hertz data are currently sitting on Clop's dark web leak site. 'The company doesn't care about its customers, it ignored their security!!!' Clop said on the post containing the Hertz leak. In a Notice of Data Incident statement, Hertz Australia reassured customers. 'Hertz takes the privacy and security of personal information seriously,' the statement read. It goes on to outline that Cleo has now investigated the event and addressed identified vulnerabilities. The incident has also been reported to law enforcement by Hertz, who are also in the process of reporting the event to regular regulators. 'Out of an abundance of caution' Hertz said it has also secured the services of cybersecurity company Kroll to provide two years of identity monitoring services to potentially impacted individuals at no cost. However, the car rental company told potential victims to stay vigilant. 'While Hertz is not aware of any misuse of personal information for fraudulent purposes in connection with the event, we encourage potentially impacted individuals, as a best practice, to remain vigilant to the possibility of fraud or errors by reviewing account statements and monitoring credit reports for any unauthorized activity and reporting any such activity.' A Hertz spokesperson said: 'At Hertz, we take the privacy and security of personal information seriously. This vendor event involves Cleo, a file transfer platform used by Hertz for limited purposes. Importantly, to date, our forensic investigation has found no evidence that Hertz's own network was affected by this event. However, among many other companies affected by this event, we have confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024. '
Yahoo
08-04-2025
- Business
- Yahoo
WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. WK Kellogg Co. confirmed that at least one employee was affected in a December hack related to a vulnerability in Cleo file-transfer software, according to a regulatory filing with the Maine Attorney General's office. The Michigan-based breakfast cereal company said Cleo servers, which were used to transfer employee files, were hacked on Dec. 7. WK Kellogg said it first learned of the hacking incident on Feb. 27. The breached data included the name and Social Security number of one employee based in Maine. However, it is not immediately known if the personal data of other employees was also breached. As previously reported, critical flaws in Cleo file-transfer software came under mass exploitation in December. Cleo originally released a patch in October 2024 to address an unrestricted file upload and download vulnerability, tracked as CVE-2024-50623, in Cleo Harmony, VLTrrader and LexiCom file-transfer products. However, security researchers found the patch did not offer adequate protection from hacking. A second vulnerability, tracked as CVE-2024-55956, was discovered in December; it allows unauthenticated users to import or execute arbitrary bash or PowerShell commands. Researchers from Arctic Wolf said in December that Cleo MFT products were being exploited as part of an effort to deploy Java-based backdoors. 'At the time of publication, the motivations of the threat actors had not been fully elucidated,' a spokesperson for Arctic Wolf said via email. 'Since then, [Clop] has published a message on their leak site claiming responsibility for some of the ransomware threat activity targeting organizations running Cleo products.' Researchers at Mandiant traced a cluster of malicious activity to a threat actor tracked as FIN11, which overlaps with the Clop ransomware gang. Clop is most widely known as the group linked to the widespread attacks on MOVEit file-transfer software in 2023. Just last week, Sam's Club said it was investigating a potential attack after Clop referenced the company on its leak site. A spokesperson for WK Kellogg was not immediately available for comment.
