Hive Ransomware Meets its End: Top Cybersecurity News From January 2023
It’s been a busy first month of the year in the cybersecurity industry. A rising number of ransomware, phishing attacks, and data breaches have made January a rather memorable month for the industry. Here are the top security news from the last week of January 2023:
Several federal agencies breached through unauthorised remote access tool
In a joint warning released earlier this week, CISA, the NSA, and MS-ISAC expressed concerns that threat actors are increasingly utilising remote monitoring and management (RMM) software for malicious purposes.
More concerningly, following the publication of a Silent Push report in mid-October 2022, CISA used the EINSTEIN intrusion detection system to find hostile activity inside the networks of many federal civilian executive branch (FCEB) agencies.
After being discovered on one FCEB network in mid-September 2022, this activity was connected to the “widespread, financially driven phishing campaign” mentioned by Silent Push and was found on many other FCEB networks.
Over 800,000 personal data were affected in Zacks Investment Research breach
Zacks Investment Research, a leader in stock market data, is notifying 820,000 individuals of a breach after uncovering an infiltration that lasted almost a year.
The business disclosed that it had a breach that lasted from November 2021 to August 2022 in documents filed with the Maine Attorney General’s office. Requests for comment about why the breach persisted for so long and why it took so long to alert victims were unanswered by the firm.
The breach involved names, addresses, phone numbers, email addresses, and passwords used for Zacks.com.
Zacks Investments, a company that was founded in 1978, offers consumers a variety of investing information, including earnings forecasts and ratings that aid in stock market transactions.
“On December 28, 2022, Zacks learned that an unknown third-party had gained unauthorized access to certain customer records described below,” the company said in a public statement.
Biggest car dealer network in the UK affected by ransomware
Glasgow-based Following a cyberattack on its systems, Arnold Clark, one of the biggest auto dealer networks in the UK that made its founder a fortune, is dealing with a multimillion-pound ransom demand from the Play double extortion ransomware ring.
Staff had to use pen and paper to record consumer transactions after the assault on the organisation, which occurred in the run-up to Christmas. Additionally, it was unable to finish handing out new automobiles.
Following the incident, Arnold Clark voluntarily removed its computers after receiving a warning about suspicious network activity from an external security expert. It then worked with its online partners to perform a thorough evaluation of its IT infrastructure. It said that protecting client data, its own systems, and its third-party partners had been a top priority and that this had been accomplished.
Hive ransomware seized by joint law enforcement operation
As part of a concerted law enforcement investigation spanning 13 nations, the Hive ransomware-as-a-service (RaaS) infrastructure has been seized.
“Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals,” Europol said in a statement.
The FBI penetrated the Hive networks in July 2022 and captured over 300 decryption keys that were then handed over to companies compromised by the gang, effectively saving $130 million in ransom payments. The FBI also distributed more than 1,000 additional decryption keys to previous Hive victims.
Since 2021, Hive has been a prolific cybercrime crew, launching attacks against 1,500 organizations in no less than 80 countries and netting $100 million in illicit profits.
For more insights and analysis, follow Code Red on Twitter and LinkedIn.