Tag: confirms | Page 5

Yamaha confirms cyberattack after multiple ransomware gangs claim attacks

July 24, 2023/in Internet Security

Yamaha’s Canadian music division confirmed that it recently dealt with a cyberattack after two different ransomware groups claimed to have attacked the company.

The Yamaha Corporation — different from the spun-off motorcycle division — is a Japanese manufacturing giant producing musical instruments and audio equipment. It is considered the world’s largest producer of musical equipment.

In a statement last Thursday, Yamaha Canada Music said it “recently encountered a cyberattack that led to unauthorized access and data theft.”

“In response, we swiftly implemented measures to contain the attack and collaborated with external specialists and our IT team to prevent significant damage or malware infiltration into our network,” the company said.

“Yamaha Canada has been notifying affected individuals, and we are offering credit monitoring services to those at risk of potential harm. Additionally, we have taken decisive actions to reinforce our network defenses and ensure enhanced security measures moving forward.”

The company added that its primary focus right now is to “mitigate any adverse consequences stemming from this criminal act.”

Representatives did not respond to requests for comment about whether the incident involved ransomware but the company is the latest example of a growing cybersecurity trend drawing alarm among experts.

On June 14, the company was posted on the Black Byte ransomware gang’s list of victims, according to cybersecurity expert Dominic Alvieri. But on Friday, Yamaha appeared on the leak site of the Akira ransomware group.

Alvieri said it is becoming increasingly common for victim organizations to be posted by two different ransomware groups. He noted that at least one organization this year was posted by three different groups.

“It is a major trend this year,” he said. “There is way more double posting going on.”

There have been several high-profile double postings this year, including the city of Oakland, which appeared on the leak sites of the Play and LockBit ransomware gangs.

Seasoned ransomware experts did not have a clear answer on why victims are showing up on multiple leak sites, floating several theories that may be…

Source…

Microsoft confirms recent service disruptions were caused by Russian hacking group

June 20, 2023/in Internet Security

In a recent blog post, Microsoft officially acknowledged that the disruptions to its services earlier this month were the result of deliberate hacks. The tech giant attributed the temporary unavailability of some of its services to ongoing Distributed Denial-of-Service (DDoS) attacks conducted by a threat actor identified as Storm-1359.

On June 5, Microsoft’s 365 software suite, including popular applications like Teams and Outlook, experienced an outage lasting over two hours, affecting thousands of users. A brief recurrence was witnessed the following morning. This incident marked the fourth major outage for Microsoft within the span of a year.

Although Microsoft has assigned a temporary designation to the attackers, indicating their affiliation has not yet been determined, a hacktivist group called Anonymous Sudan has claimed responsibility for the hack on the messaging platform Telegram.

Over the past decade, messaging platform Telegram, code management site GitHub, and network provider Dyn have all faced similar attacks. In Microsoft’s case, the hackers focused on causing disruption and seeking publicity. They utilized rented cloud infrastructure and virtual private networks to overwhelm Microsoft servers using botnets comprised of compromised computers worldwide.

Reassuringly, Microsoft has stated that there is no evidence suggesting that customer data has been accessed or compromised during these incidents. DDoS attacks typically aim to temporarily render targeted servers inaccessible through the influx of substantial internet traffic, employing relatively unsophisticated methods.

The recurrence of service disruptions raises concerns about the vulnerability of technology platforms to malicious attacks. Companies like Microsoft are continuously enhancing their security measures to thwart such incidents. Nevertheless, the sophistication and persistence of threat actors continue to present challenges for ensuring uninterrupted and secure digital services.

Microsoft has not disclosed the motive behind the recent DDoS attacks or whether it has identified the individuals or groups responsible for them. As investigations continue, users and organizations are advised to…

Source…

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

May 27, 2023/in Internet Security

Swiss industrial giant ABB confirmed this week that it was recently targeted in a ransomware attack and that the cybercriminals exfiltrated some data.

The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation.

“ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data,” ABB said. “The company is working to identify and analyze the nature and scope of affected data and is further assessing its notification obligations.”

The malware was allegedly only deployed on a ‘limited number’ of servers and endpoints. The malware was distributed via manual intervention and it could not automatically spread through emails or on the local network, ABB said.

“All of ABB’s key services and systems are up and running, all factories are operating, and the company continues to serve its customers. The company also continues to restore any remain- ing impacted services and systems and is further enhancing the security of its systems,” the company noted.

In private notifications sent to customers, ABB said its forensic investigation found no evidence of customer systems being directly impacted. In addition, there is no indication that it’s unsafe to connect to ABB systems.

Bleeping Computer was the first to report that ABB was targeted by the Black Basta ransomware group. Kevin Beaumont, a reputable cybersecurity researcher, has independently confirmed it.

Advertisement. Scroll to continue reading.

Beaumont said on Friday that the company has paid the ransom, which would explain why it has not been named on Black Basta’s leak website.

SecurityWeek reached out to ABB for comment on these claims, but the company said it’s not commenting beyond the information in its press release.

ABB provides electrification and automation solutions in many countries around the world. The company has more than 100,000 employees.

Related:

Source…

Constellation Software confirms ALPHV ransomware-claimed attack

May 9, 2023/in Internet Security

Constellation Software confirms ALPHV ransomware-claimed attack Some of Canadian diversified software firm Constellation Software’s systems were confirmed to have been compromised in an attack, which …

Source…

Tag Archive for: confirms