T-Mobile is breached again, cyberattacks increase 7% globally and ransomware attacks are hit by inflation. Here are the latest threats and advisories for the week of May 5, 2023.
Threat Advisories and Alerts
NCSC Releases Interactive Media to Help Kids Stay Safe Online
The U.K.’s National Cyber Security Centre (NCSC) has released interactive media to help educate children and teens about the risks of the internet. For 7-11-year-olds, the video game CyberSprinters teaches kids about passwords, the cloud and other cybersecurity topics. For 11-14-year-olds, the interactive video CyberFlix highlights common scams that pre-teen and teenagers face on the internet, which often involve ‘scam’ links and social media advertising.
500,000 Devices Infected by Vietnamese Threat Actor
A Vietnamese cybercriminal has carried out a social media malverposting campaign to infect more than 500,000 devices globally with information stealers. Malverposting is the practice of using sponsored posts on social media platforms, like Twitter and Facebook, to spread malware. With ads, the posts can reach a larger audience and infect more users. Most of the attacks have been reported in the U.K., U.S., Canada, Australia and India.
Emerging Threats and Research
Major German IT Provider Bitmarck Suffers Breach
German IT giant Bitmarck took all its customer and internal systems offline after discovering over the past weekend that it had been breached. In a blog post on a temporary website, the company wrote, “In compliance with our security protocol, we have taken down customer and internal systems from the grid in a controlled manner and conducted an impact analysis.” Bitmarck doesn’t believe customer data was affected by the breach and is working on restoring its services.
T-Mobile Confirms Data Breach for the Second Time in 2023
The second largest mobile phone carrier in the U.S., T-Mobile, has once again suffered a data breach, making it the second time this year the company has made such an announcement. “A bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," said a breach notification letter sent by the telecom company. While the first breach affected 37 million customers, this breach only impacted 836 people. Nevertheless, the breach could be damaging to its victims. Exposed customer information may have included social security numbers, birth dates, government IDs and other sensitive information.
Cyberattacks Increase 7% Worldwide in First Quarter of 2023
A new research report from U.S. cybersecurity company Check Point has revealed that cyberattacks increased 7% globally in the first quarter of 2023 compared to the same time period last year. The education and research sector was the hardest hit, experiencing a 15% increase in attacks. Regionally, APAC experienced the greatest rise in cyberattacks with a 16% increase, followed by North America with a 9% increase. The report also found a 1% increase in ransomware attacks worldwide, with one in 31 organizations falling victim each week of the first quarter.
Costs of Ransom Demands, Payments and Investigations Impacted by Inflation
The cost of eggs isn’t the only thing affected by inflation. A new report by U.S. law firm BakerHostetler reveals that the price of ransom demands, payments and investigations all went up last year. The largest ransom demand of 2022 was $90+ million compared to the previous year’s $60+ million. While the average ransom paid was substantially lower at $600,688, it was still an increase from $511,957 the previous year. Cost of attack investigations have also jumped. For the 20 biggest breaches, the average investigation costs rose to $550,987, a 24% increase from the previous year’s $445,926.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.