January 2024, security round-up

January 31, 2024 | Cybersecurity
Chloe Schofield

Written by
Chloe Schofield

New Year, new threats!

It may only be January, but some things don’t change, and cyberattacks continue targeting large and small organisations worldwide. Let’s jump straight into some incidents that have taken place in the first few weeks of 2024, including one being named the ‘Mother of all Breaches’.

Mother of all Breaches

A data leak spanning over 26 billion records has been dubbed the Mother of all Breaches (MOAB).

Exposed records have been found on an open instance, compromising data from various prior breaches, including LinkedIn, Twitter, Weibo, Tencent and more.

The leak mainly contains information from past breaches, but the staggering 12 terabytes of information is believed to include new unpublished data.

The leaked data includes far more than just credentials; it's believed to contain sensitive information considered extremely valuable for malicious actors.

Chinese instant messaging app Tencent tops the list with 1.4 billion record breaches. However, the leak also contains records from various government organisations worldwide.

MOAB's impact on consumers is considered unprecedented, and researchers have emphasised the need for robust cybersecurity measures and practices to be in place. The MOAB is regarded as one of the most extensive compilations of multiple breaches, and it poses significant risks of identity theft, phishing attacks, and unauthorised access to personal accounts.

Online services disrupted for Kent councils

Three councils in Kent, Canterbury City Council, Dover District Council, and Thanet District Council have experienced disruptions in online services and were said to be investigating ‘incidents’ earlier this month. Thanet Council shared that they’d received reports of a ‘potential security incident.’

Some of the council’s websites have been impacted, and though email systems and websites remain available, some functionalities may need to be revised. As a precautionary measure, access to specific online systems is currently limited, and the councils are working closely with the National Cyber Security Centre (NCSC) to address the situation.

The councils have apologised for any inconvenience and will provide updates as the investigations progress. This incident adds to a growing trend of cyber-attacks on local councils, with several others facing similar threats and challenges in recent years.

Southern Water held to ransom

Southern Water has confirmed it has been affected by a cybersecurity breach. Criminals managed to gain unauthorised access to the water company’s IT systems and compromised HR-related documents.

Serving 2.5 million water customers and 4.7 million wastewater customers in southern England, data is said to include customer and corporate car-leasing documents displaying personal information.

The Black Basta ransomware group is said to have claimed responsibility for the attack after sharing a sample of allegedly stolen data. Southern Water has stated that a limited amount of data has been published, and there currently needs to be evidence of an impact on customer relationships or financial systems. The UK government, regulators, and the Information Commissioner's Office (ICO) have been notified of the incident.

Black Basta threatens to expose further data if a ransom is not paid. This attack is an increasing number targeting the wastewater industry, with the UK National Cyber Security Centre (NCSC) recently issuing advisories on threats to critical infrastructure.

US Regulator Cybersecurity lapse

The US Securities and Exchange Commission (SEC) has revealed that its X account had an essential security procedure - multi-factor authentication (MFA) - suspended for six months after hackers posted a fake Bitcoin announcement in January. X, formerly known as Twitter, saw a surge in Bitcoin's value before the post was deleted.

The SEC confirmed that a SIM-swapping attack compromised the account, with the hacker convincing a mobile operator to transfer a SEC employee's phone number to a new SIM. The suspended MFA allowed the hacker to reset the password, log in, and publish the misleading post. MFA has since been reinstated on all its social media accounts.

Cybersecurity experts have emphasised the need for government agencies to review their social media account security and the potential consequences of a similar incident occurring in the future.

The UK’s growing concern over cybersecurity

It's no news to us that cyber threats continue to grow, and the NCSC has repeatedly warned of the dangers of ransomware attacks on UK businesses. On the 23rd of January, the UK government issued a press release detailing new guidelines to help directors and business leaders boost their cyber resilience. It urged firms to consider cyber threats a critical business risk just as they would with financial or legal challenges.

We will stay current and keep you informed of the latest cyberattacks in 2024. To discuss your cybersecurity offering, get in touch with the Brigantia team

Recommended reading

September 2024, Cybersecurity Round-up

The summer holidays have passed, and schools are back open for a new term, and so are the hackers. September ...

Why choose Keeper through Brigantia

At Brigantia, we’re committed to helping our partners succeed. To combat the evolving threat landscape, MSPs ...

Senior roles and security training

I recently came across a report highlighting a trend where cybercriminals were more frequently targeting ...