The Federal Bureau of Investigation (FBI) has warned the public about a new wave of cybercriminal activity targeting victims of cryptocurrency scams. These fraudsters are posing as lawyers and law firms, offering bogus cryptocurrency recovery services to steal funds and personal information from those already defrauded. This latest cryptocurrency investment scam alert is an update to a previous warning from the FBI's Internet Crime Complaint Center (IC3), which had highlighted a surge in scams involving fake services for recovering digital assets. The updated Public Service Announcement (PSA), titled "Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams," was originally published on August 11, 2023. Moreover, in April 2024, the FBI warned of financial risks tied to using unregistered cryptocurrency transfer services, highlighting potential law enforcement actions against these platforms. The announcement focused on crypto transfer services operating without registration as Money Services Businesses (MSBs) and non-compliance with U.S. anti-money laundering laws. These platforms are often targeted by law enforcement, especially when used by criminals to launder illegally obtained funds, such as ransomware payments.

Cryptocurrency Scam: Emerging Criminal Tactic

The FBI's announcement aims to inform the public about a new criminal tactic designed to exploit cryptocurrency scam victims further. Using social media and other messaging platforms, fraudsters posing as lawyers from fictitious law firms are contacting scam victims and offering their services. These "lawyers" claim they have the authority to investigate fund recovery cases and often assert that they are working with, or have received information from, the FBI, Consumer Financial Protection Bureau (CFPB), or other government agencies to validate their legitimacy. In some instances, victims have reached out to these scammers through fake websites that appear legitimate, hoping to recover their lost funds. The scammers use various methods to further the recovery scam, including:

• Verification Requests: They ask victims to verify their identities by providing personal identifying information or banking details.
• Judgment Amount Requests: They request that victims provide a judgment amount they are seeking from the initial fraudster.
• Upfront Fees: They demand a portion of the fees upfront, with the balance due upon recovery of the funds.
• Additional Payments: They direct victims to make payments for back taxes and other fees purportedly necessary to recover their funds.
• Credibility Building: They reference actual financial institutions and money exchanges to build credibility and further their schemes.

Between February 2023 and February 2024, cryptocurrency scam victims who were further exploited by these fictitious law firms reported losses totaling over $9.9 million, according to the FBI Internet Crime Complaint Center (IC3).

Tips to Protect Yourself

The FBI offers several tips to help individuals protect themselves from falling victim to these scams:

• Be Wary of Advertisements: Be cautious of advertisements for cryptocurrency recovery services. Research the advertised company thoroughly and be suspicious if the company uses vague language, has a minimal online presence, and makes unrealistic promises about its ability to recover funds.
• Do Not Release Information: If an unknown individual contacts you claiming to be able to recover stolen cryptocurrency, do not release any financial or personal identifying information, and do not send money.
• No Fees from Law Enforcement: Remember that law enforcement does not charge victims a fee for investigating crimes. If someone claims an affiliation with the FBI, contact your local FBI field office to confirm their legitimacy.

Victim Reporting

The FBI urges victims to file a report with the Internet Crime Complaint Center. When filing a report, try to include the following information:

• Contact Information: Details about how the individual initially contacted you and how they identified themselves, including name, phone number, address, email address, and username.
• Financial Transaction Information: Details such as the date, type of payment, amount, account numbers involved (including cryptocurrency addresses), name and address of the receiving financial institution, and receiving cryptocurrency addresses.

The FBI's announcement highlights the importance of vigilance and caution when dealing with unsolicited offers of assistance, particularly in the highly targeted and vulnerable area of cryptocurrency investments. By staying informed and following the FBI's guidelines, individuals can better protect themselves from becoming victims of these crypto scams.

Yana Li, Director of IT & Platform Security at WebBeds, embodies resilience, determination, and a passion for cybersecurity that has propelled her from a challenging childhood to a leadership role in one of the most critical sectors of IT. Recently honored for her contributions at the World CyberCon Meta Edition, Yana's path to cybersecurity wasn't straightforward. In a candid interview with The Cyber Express (TCE), Yana reflects on her journey, the challenges she faced, and her unwavering commitment to empowering women in cybersecurity.

Early Challenges and Discovering Passion

Yana's childhood was marked by financial hardship and the absence of familial support. Emerging from a modest upbringing in Russia, she navigated childhood challenges with an independent spirit and unwavering resolve. Opportunities are to be seized," Yana reflects, recalling how she secured a full scholarship for Computer Science and Engineering studies in the United States, setting the stage for her remarkable journey through the realms of IT and cybersecurity. Her career trajectory initially flourished in technical support and project management, roles that equipped her with a profound understanding of IT infrastructures. However, it was a pivotal security project that ignited Yana's passion for cybersecurity. "It's not merely a project," she realized; "it opens doors to a whole new world." This revelation spurred her to further her education, including a transformative semester at Harvard focused on cybersecurity, where she engaged with industry leaders and broadened her expertise significantly.

Yana Li Breaking Barriers in a Male-Dominated Field

Entering the IT field in 2013, particularly in Russia, Yana confronted a stark reality of gender disparity. The industry was predominantly male, and discouragement was a constant companion. "They tried to tell you that you don't have it," Yana recalls, referring to the discouragement she faced early in her career. Despite these obstacles, Yana persevered, buoyed by a growing network of supportive communities and initiatives aimed at empowering women in cybersecurity. "There's so much support now," she emphasizes, citing numerous organizations and communities dedicated to mentoring and guiding aspiring female professionals.

Championing Diversity and Mentorship

Reflecting on her journey, Yana is keenly aware of the importance of mentorship and advocacy. As an ambassador for Google's Women Techmakers initiative, she actively champions diversity and inclusivity in tech fields. "I want to be the person I needed when I was younger," she affirms, emphasizing the need for aspiring professionals to believe in their capabilities and seek out mentors who can offer guidance and support. Her message resonates deeply: "If your dreams don't scare you, they're not big enough." Yana emphasizes the importance of seeking mentorship, leveraging community resources, and believing in the limitless potential within oneself. In addressing the persistent gender gap in cybersecurity, Yana stresses the abundance of resources available today. From women-focused cybersecurity councils to mentorship programs offered by tech giants like Amazon, Google, and Microsoft, opportunities for growth and support abound. "Don't be shy," she encourages, urging women to leverage these resources and reach out for assistance when needed. "We've all been there," she reassures, highlighting the collective experience and solidarity within the community. "Just ask for help and believe that anything is possible."

Advice for Aspiring Women in Cybersecurity

Looking ahead, Yana remains optimistic about the future of cybersecurity and the role women will play in shaping its landscape. With increasing awareness and concerted efforts to foster diversity, she believes the field is ripe for innovation and transformation. "Anything in this world is possible," she asserts, a testament to her own journey and the limitless potential she sees in aspiring cybersecurity professionals. In conclusion, Yana Li's story is not just one of personal triumph but a testament to the transformative power of passion and perseverance in cybersecurity. As women continue to carve out their place in this critical field, Yana stands as a role model, advocating for inclusivity, empowerment, and excellence. Her journey reminds us that with dedication and support, barriers can be overcome, and dreams can be realized. For those embarking on similar paths, Yana's story offers guidance, encouragement, and a steadfast belief in the limitless possibilities within cybersecurity.

UnitedHealth has, for the first time, detailed the types of medical and patient data stolen in the extensive cyberattack on Change Healthcare (CHC). The company announced that CHC cyberattack notifications will be mailed in July to affected individuals. "CHC plans to mail written letters at the conclusion of data review to affected individuals for whom CHC has a sufficient address. Please note, we may not have sufficient addresses for all affected individuals. The mailing process is expected to begin in late July as CHC completes quality assurance procedures," reads the official statement by Change Healthcare. UnitedHealth issued a data breach notification, revealing that the ransomware attack exposed a "substantial quantity of data" for a "substantial proportion of people in America." During a congressional hearing, UnitedHealth CEO Andrew Witty estimated that "maybe a third" of all Americans' health data was compromised in the attack.

Stolen Data Information in CHC Cyberattack

The Change Healthcare data breach notification provided a comprehensive overview of the types of information that may have been affected. Although CHC cannot confirm exactly what data was compromised for each individual, the exposed information may include:

1. Contact Information: Names, addresses, dates of birth, phone numbers, and email addresses.
2. Health Insurance Information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers.
3. Health Information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment.
4. Billing, Claims, and Payment Information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due.
5. Other Personal Information: Social Security numbers, driver’s license or state ID numbers, and passport numbers.

This information may vary for each impacted individual. To date, CHC has not seen full medical histories appear in their data review. "The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review. Also, some of this information may have related to guarantors who paid bills for health care services. A guarantor is the person who paid the bill for health care services," the official statement reads further.

Cyberattack on Change Healthcare: What Exactly Happen?

The Change Healthcare cyberattack occurred when a cybercriminal gained unauthorized access to the CHC computer system on February 21, 2024. Upon discovering the ransomware deployment, CHC immediately took steps to halt the activity, disconnected and shut down systems to prevent further impact and initiated an investigation. Law enforcement was contacted, and CHC's security team, along with several top cybersecurity experts, worked tirelessly to address the breach and understand its scope. The investigation revealed that a significant amount of data was exfiltrated from CHC’s environment between February 17, 2024, and February 20, 2024. By March 7, 2024, CHC confirmed the data exfiltration and began analyzing the compromised files. On April 22, 2024, CHC publicly confirmed that the impacted data could affect a substantial proportion of the American population. As of June 20, 2024, CHC began notifying customers whose data was identified as compromised. When CHC learned about the activity, CHC immediately began an investigation with support from leading cybersecurity experts and law enforcement. In response to this incident, CHC immediately took action to shut down systems and sever connectivity to prevent further impact," informed Change Healthcare official release "CHC has also reinforced its policies and practices and implemented additional safeguards in an effort to prevent similar incidents from occurring in the future. CHC, along with leading external industry experts, continues to monitor the internet and dark web.

What Steps Affected Individuals Can Take

While the investigation continues, individuals who suspect their information may have been compromised can take several steps to protect themselves:

1. Enroll in Credit Monitoring and Identity Protection: CHC is offering two years of complimentary credit monitoring and identity protection services.
2. Monitor Statements and Reports: Regularly check explanations of benefits from health plans, statements from healthcare providers, bank and credit card statements, credit reports, and tax returns for any unfamiliar activity.
3. Report Unfamiliar Health Services: If any unauthorized healthcare services are found on an explanation of the benefits statement, contact the health plan or doctor.
4. Alert Financial Institutions: Immediately contact financial institutions or credit card companies if suspicious activity is detected on bank or credit card statements or tax returns.
5. File a Police Report: Contact local law enforcement if you believe you are a victim of a crime.

Individuals may also have additional rights depending on their state of residence and should refer to the provided Reference Guide for more information. The ransomware attack on CHC has highlighted significant vulnerabilities in the handling of sensitive health and personal information. As the investigation progresses, affected individuals are urged to stay vigilant and utilize the resources provided to mitigate potential risks.

ECU Worldwide, a global player in Less than Container Load (LCL) consolidation, has appointed Rajneesh Garg as its new Chief Information Officer (CIO). In his new role, Garg will focus on managing and supporting software applications, leading technology transformation initiatives, and ensuring their successful implementation and adoption. He will work closely with the IT group shared services organization and report to Kapil Mahajan, Global CIO of Allcargo Group, from the company's Mumbai headquarters. "I am excited to be a part of ECU Worldwide known for its vision of a digital-first approach to build unmatched customer centricity at a global scale,” said newly appointed CIO, Garg. He added further, “The role gives me an opportunity to leverage my know-how to drive the growth journey of the company led under the leadership of Founder and Chairman Mr. Shashi Kiran Shetty, which is based on sustainability, superior customer experience, and futuristic approach. I look forward to working with the Allcargo Group to contribute to ECU Worldwide's growth journey.”

Rajneesh Garg Extensive Background

Garg brings over 20 years of leadership experience across various sectors, including banking, insurance, travel, hospitality, manufacturing, energy resources, and retail. Before joining ECU Worldwide, he was Vice President of Information Technology at Capgemini, overseeing regional delivery and growth for consumer products and retail accounts in the Nordic region. Garg holds a postgraduate degree in computer science from Moscow State University in Russia and has also worked in senior leadership roles at Tata Consultancy Services for over two decades. "With his extensive and diversified leadership experience in various sectors, Rajneesh will be instrumental in driving our technology transformation forward. His strategic vision aligns with our efforts to fortify ECU Worldwide's IT division as we pursue our ambitious growth and expansion strategies. We are confident that under Garg's leadership, our IT division will continue to break new ground in offering superior customer experience. We look forward to working with him as we embark on the next phase of growth,’’ said Kapil Mahajan, Global Chief Information Officer, Allcargo Group.

Way Forward

Founded in 1987, ECU Worldwide is a wholly-owned global subsidiary of Allcargo Logistics. The company is a major player in multi-modal transport and a leader in LCL consolidation. ECU Worldwide operates with a digital-first approach and is supported by leaders with expertise in logistics, data science, and technology. The appointment of Garg as CIO is a significant step for ECU Worldwide. His extensive experience and strategic approach are expected to drive the company’s technology initiatives and support its growth in the global LCL market. Garg's collaboration with the Allcargo Group leadership aims to bring technological advancements and improvements to ECU Worldwide's services and operations.

The Department of Commerce's Bureau of Industry and Security (BIS) has announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of the Russian cybersecurity firm, from providing any products or services in the United States. This historic decision of the US banning Kaspersky marks the first Final Determination by the Office of Information and Communications Technology and Services (OICTS). The BIS has set a deadline of September 29, 2024, giving U.S. consumers and businesses time to switch to alternative cybersecurity solutions. Kaspersky will no longer be able to sell its software within the United States or provide updates to software already in use. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries, and parent companies (together with Kaspersky Lab, Inc., “Kaspersky” The US banning Kaspersky incident highlights rising concerns over national security risks linked to foreign technology companies, especially those from adversarial states. Further, it reflects years of scrutiny and represents a significant escalation in U.S. efforts to safeguard its cyber infrastructure. “This action is the first of its kind and is the first Final Determination issued by BIS’s Office of Information and Communications Technology and Services (OICTS), whose mission is to investigate whether certain information and communications technology or services transactions in the United States pose an undue or unacceptable national security risk,” reads the official BIS announcement. Additionally, BIS has added three entities—AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom)—to the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives. This article delves into the timeline and context of U.S. actions against Kaspersky, highlighting the shift from the Trump administration to the Biden administration.

US vs Kaspersky: A Timeline of Cybersecurity Actions

2017

September- The Trump Administration’s heightened scrutiny of Kaspersky began. The Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD 17-01) that mandated removing and discontinuing Kaspersky products from all federal information systems. This directive followed mounting evidence suggesting that the Russian government could use Kaspersky’s products to infiltrate U.S. networks. December- The National Defense Authorization Act (NDAA) for Fiscal Year 2018 cemented these concerns into law by prohibiting the use of Kaspersky software across all federal agencies. This legislative action reflected a bipartisan consensus on the potential risks posed by the Russian firm.

2022

March- The Federal Communications Commission (FCC) added Kaspersky to its “List of Communications Equipment and Services that Pose a Threat to National Security.” This action was part of a broader effort to secure the nation’s communications networks from foreign influence and control.

2024

June - Today’s Final Determination by the BIS represents the culmination of a thorough investigation by the Office of Information and Communications Technology and Services (OICTS). This office, established to assess whether certain information and communications technology (ICT) transactions pose unacceptable national security risks, has found Kaspersky’s operations in the U.S. untenable.

US Banning Kaspersky: The Context and Implications of BIS’s Final Determination

The BIS’s decision comes after a comprehensive investigation revealed that Kaspersky’s operations in the United States posed an undue or unacceptable national security risk. The key concerns highlighted include:

1. Jurisdiction and Control by the Russian Government: Kaspersky is subject to Russian laws requiring cooperation with intelligence agencies. This legal framework gives the Russian government potential access to data managed by Kaspersky’s software. Therefore, Kaspersky is subject to Russian laws, requiring it to comply with requests for information that could compromise U.S. national security.
2. Access to Sensitive Information: Kaspersky’s software has extensive administrative privileges over customer systems, creating opportunities for data exploitation.
3. Potential for Malicious Activities: Kaspersky could theoretically introduce malware or withhold crucial security updates, compromising U.S. cybersecurity.
4. Third-Party Integrations: Integrating Kaspersky products into third-party services further complicates the risk, as the source code might be obscured, increasing vulnerability in critical U.S. systems.

Transition Period and Recommendations

While users won’t face legal penalties for continued use of Kaspersky products during this period, they assume all associated cybersecurity risks. This grace period is crucial for minimizing disruptions and ensuring a smooth transition to secure alternatives. The Department of Commerce, along with DHS and DOJ, is actively working to inform and assist users in transitioning to alternative cybersecurity solutions. “The actions taken today are vital to our national security and will better protect the personal information and privacy of many Americans. We will continue to work with the Department of Commerce, state and local officials, and critical infrastructure operators to protect our nation’s most vital systems and assets,” said Secretary of Homeland Security Alejandro N. Mayorkas. runZero, meanwhile, released tools to detect Kaspersky products on in most Windows installations, which also work with the company's free community edition.

Historical Background: From Trump to Biden

The determination against Kaspersky is part of a broader U.S. strategy to safeguard its information and communications technology infrastructure. The roots of this policy can be traced back to Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain,” which empowers the Commerce Department to evaluate and act against risks posed by foreign ICTS transactions. The scrutiny of Kaspersky began during the Trump administration, amid growing concerns about Russia's cyber capabilities and potential espionage activities. The Trump-era directives and legislative actions laid the groundwork for stricter controls, reflecting a bipartisan consensus on the threat posed by foreign cyber interference. Under the Biden administration, the approach has evolved into a more comprehensive and coordinated effort. The establishment of the OICTS within BIS and the issuance of the Final Determination represents a significant escalation in the U.S. government's efforts to protect its digital infrastructure. The Biden administration's emphasis on a “whole-of-government” strategy underscores the critical importance of cybersecurity in national defense. The U.S. government has taken a coordinated approach to implementing this determination. Commerce Secretary Gina Raimondo emphasized the commitment to national security and innovation, stating that this action is a clear message to adversaries. “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people. Today’s action, our first use of the Commerce Department’s ICTS authorities, demonstrates Commerce’s role in support of our national defense and shows our adversaries we will not hesitate to act when they use their technology poses a risk to the United States and its citizens,” said Raimondo.

The Future of U.S. Cybersecurity Policy

The inclusion of Kaspersky and related entities on the Entity List highlights the U.S. government’s proactive stance. This list, maintained under the Export Control Reform Act of 2018, identifies entities engaged in activities contrary to U.S. national security interests. Additions to this list involve rigorous interagency review, ensuring that actions are based on concrete, specific evidence of risk. “With today’s action, the American cyber ecosystem is safer and more secure than it was yesterday,” said Under Secretary for Industry and Security Alan Estevez. “We will not hesitate to protect U.S. individuals and businesses from Russia or other malign actors who seek to weaponize technology that is supposed to protect its users.” As the September deadline approaches, businesses and individuals alike must stay informed and take necessary steps to secure their digital environments. The U.S. government's decisive action against Kaspersky highlights the critical importance of vigilance and proactive measures in the ever-evolving landscape of cybersecurity.

The Advanced Research Projects Agency for Health (ARPA-H) has appointed Chris Pashley as its Chief Information Security Officer (CISO). Pashley, formerly the Deputy Chief Information Security Officer at the Cybersecurity and Infrastructure Security Agency (CISA), announced his new role through a LinkedIn post. ARPA-H, part of the U.S. Department of Health and Human Services, is dedicated to tackling the most challenging problems in health through innovative research programs grounded in urgency, excellence, and honesty. The agency aims to accelerate breakthroughs that enable every American to realize their full health potential, transforming the seemingly impossible into the possible and the actual. [caption id="attachment_78081" align="aligncenter" width="838"] Source: Chris Pashley's LinkedIn Post[/caption] Pashley’s appointment comes at a crucial time for ARPA-H as it seeks to develop and launch an agency-wide initiative to implement strong cybersecurity measures. His extensive experience and proven track record in cybersecurity make him an ideal fit for this pivotal role.

Chris Pashley's Background and Experience

Before joining ARPA-H, Pashley played a key role at CISA, where he supported efforts to strengthen the agency’s internal cybersecurity program. He worked closely with CISA’s CISO and Chief Information Officer to enhance the agency’s cybersecurity posture, ensuring that its systems and data were well-protected against the ever-evolving landscape of cyber threats. Prior to his tenure at CISA, Pashley led the Cyber Threat Intelligence (CTI) team within the Security Operations Division at U.S. Customs and Border Protection (CBP). In this capacity, he focused on establishing the foundational elements of the CTI team, including its vision, mission, structure, and performance management. He also improved the team’s integration with and support to CBP’s Security Operations Center (SOC), providing senior leadership with critical updates on cyber threat activity. Pashley’s move to the government sector in 2017 was preceded by a nearly seven-year stint at Booz Allen Hamilton, where he served as an associate. His work there laid the groundwork for his subsequent roles in government cybersecurity, equipping him with the skills and experience needed to navigate the complex and high-stakes environment of federal cybersecurity operations. Pashley’s expertise will be instrumental in developing and implementing comprehensive cybersecurity measures across ARPA-H. His approach will likely involve a combination of proactive threat intelligence, rigorous security protocols, and continuous monitoring to protect the agency’s digital assets. .With his extensive background in cybersecurity and proven leadership, Pashley is well-equipped to guide ARPA-H in protecting its vital research and operations. As the agency continues to push the boundaries of health innovation, robust strong cybersecurity measures will be crucial in ensuring the success and integrity of its groundbreaking work.

CDK Global, a provider of software solutions to auto dealerships across the United States, has fallen victim to a significant cyberattack. This CDK Global cyberattack has forced the company to temporarily shut down most of its systems, effectively bringing sales operations at approximately 15,000 car dealerships to a standstill. The cyberattack on CDK Global has had a profound impact on major clients of CDK Global, including General Motors dealerships, Group 1 Automotive, and Holman, which operates dealerships across eight U.S. states. These dealerships rely heavily on CDK's software to manage their daily operations, from sales transactions to inventory management. "We are actively investigating a cyber incident. Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible", a CDK spokesperson told CBS News. According to the news reports, CDK reported that they had restored some of their systems after conducting extensive tests and consulting with third-party experts. "With the work done so far, our core dealer management system and Digital Retailing solutions have been restored. We are continuing to conduct extensive tests on all other applications and will provide updates as we bring those applications back online," CDK stated in a communication to CBS MoneyWatch. CDK Global’s dealer management system (DMS) serves as a central hub that allows dealerships to monitor their operations from a single interface. Their retail tools enable dealerships to conduct transactions both online and in showrooms. These tools are essential for managing payroll, inventory, and various office operations. CDK also prides itself on offering robust cybersecurity solutions, as stated on its website: "CDK Cybersecurity Solutions provide a three-tiered cybersecurity strategy to prevent, protect, and respond to cyberattacks so you can defend your dealership.

Dealerships' Response to the CDK Global Cyberattack

The sudden outage has caused widespread disruption among car dealerships. Many have been forced to find creative solutions to continue their operations. Dealership employees took to Reddit to discuss the challenges they were facing. They reported relying on spreadsheets and sticky notes to handle small parts sales and repairs, while larger transactions were effectively halted. One employee questioned others on Reddit, asking, "How many of you are standing around because your whole shop runs on CDK?" Responses from users in Wisconsin and Colorado confirmed that their dealership systems were offline, causing significant operational delays. The CDK Global Cyberattack has left many employees with little to do, with some dealerships sending staff home due to the inability to conduct normal business operations. "We are almost to that point… no parts, no ROs, no times… just dead vehicles with nothing to show for them or parts to fix them," lamented one dealership employee on Reddit. Another employee shared, "Excel spreadsheets and post-it notes for any parts we're handing out. Any big jobs are not happening," highlighting the extent to which the disruption has impacted their workflow.

Potential Ransomware Attack

While CDK Global has not released an official statement on the nature of the cyberattack, rumors and reports suggest that the company may have suffered a ransomware attack that also impacted its backups.  If it indeed was a ransomware attack, the outages could persist for several days, potentially stretching into the next week or longer. The Cyber Express Team tried to reach out to CDK Global to get an official statement and know more details about the cyberattack, however, as of writing this news report no response has been received.

Titania, specialists in continuous network security and compliance assurance solutions, announced the release of compelling new research that highlights a significant shift in cybersecurity spending towards proactive security measures. The report, "Emerging Best Practice in the Use of Proactive Security Solutions," indicates a marked increase in investments aimed at preemptively mitigating cyber threats. According to the study, over 70% of businesses reported increased spending on proactive security solutions, such as attack surface management and risk-based vulnerability management, over the past year. This growth notably outpaces investments in both preventative and reactive measures.

Strategic Implementation and Cybersecurity Industry Trends

Conducted in partnership with Omdia, a global analyst and advisory leader, the study surveyed over 400 security decision-makers across North America, the UK, France, and Germany. The findings highlight a rapid adoption of proactive security measures driven by three key objectives:

• Reducing the opportunity for cyber threats
• Reducing the mean time to remediate known vulnerabilities
• Minimizing the attack surface.

These proactive solutions are becoming an essential layer of protection, providing a comprehensive understanding of the threat landscape and attack surface to enhance organizational resilience and readiness.

Geographic and Sectoral Insights

The trend towards proactive security is particularly pronounced in the EMEA region, where 74% of respondents increased their budgets compared to 67% in North America. The financial services sector (54%) and critical infrastructure organizations, including energy and utilities companies (53%), show a strong inclination towards these investments. Nearly half (47%) of the respondents reported that their top cybersecurity goals for the next 12-24 months include reducing the opportunity for threats through proactive security. In contrast, only 27% of organizations plan to focus on improving tactical outcomes such as better threat prevention, detection, and response.

Enhancing Security Posture

Organizations are increasingly recognizing the need to improve their security posture through proactive security tools, which significantly enhance attack surface management and security control optimization. Many organizations reported limited visibility into the security posture of their network assets, such as firewalls, switches, and routers. Approximately half of the surveyed organizations check their network devices at most monthly, and some only monitor devices in critical segments or a sample of devices across their networks. Critical infrastructure organizations reported lower confidence than other industries in their ability to maintain adequate network segmentation and prevent unauthorized network access.

Anticipated Organizational Impact

Almost half (48%) of all respondents anticipate a high level of organizational disruption due to the broader adoption of proactive security solutions, highlighting the transformative impact these measures are expected to have. “This research vividly illustrates a widespread and rapid shift towards proactive security to improve operational readiness and resilience,” said Tom Beese, Executive Chairman of Titania. “Organizations recognize the critical need to stay ahead of known threats and shut down attacks by investing in solutions that offer real-time visibility of their security posture and remediation actions that continuously minimize their exposure.” Businesses emphasized the importance of consolidating proactive security tools, with 65% highlighting better visibility and management of the attack surface, 60% focusing on improved security control optimization, and 54% noting manpower productivity improvements.

Critical Proactive Security Capabilities

The survey identified several critical proactive security capabilities:

• The ability to view risks through different attack frameworks (61%).
• Full asset context (60%).
• Integration with existing security fabric to implement temporary mitigations (57%).

Andrew Braunberg, Principal Analyst at Omdia, explained, “While the cybersecurity industry has clung to the 'assume breach' mantra with its preventative and reactive solutions, organizations are awakening to a smarter strategy: proactively understanding attack surfaces, mapping attack paths, and plugging vulnerabilities to prevent breaches. Network device configurations are crucial to security posture management, and the adoption of proactive security solutions that automate configuration assessments could have a transformative impact.” The report highlights a gap in industry guidance on best practices for building a proactive security strategy. It notes that the US Defense Department’s Command Cyber Readiness Inspection program (CORA) and the EU’s Digital Operational Resilience Act (DORA) requirements align well with the need for proactive security solutions.

The FBI's Baltimore Field Office is actively seeking to identify potential victims of Richard Michael Roe, who has recently been indicted on charges of cyberstalking under federal law. The charges allege that Roe engaged in a campaign of harassment through phone calls, text messages, and emails, targeting multiple victims over the course of a year. The FBI's investigation uncovered that Roe used spoofed phone numbers and email accounts to conduct this harassment. The indictment against Richard Michael Roe is a significant step in addressing the cyberstalking activities that allegedly took place from December 2019 until January 2021. It is important to note that an indictment is merely an allegation, and Roe is presumed innocent until proven guilty beyond a reasonable doubt. According to the charges, Roe's cyberstalking involved making numerous phone calls and sending multiple text messages daily to his victims. The FBI believes that approximately six individuals and two businesses were targeted during this period.

FBI's Call for Public Assistance

The FBI is reaching out to the public for assistance in identifying additional victims who may have been harassed by Roe. “If you and/or anyone you know were victimized by Roe, or if you have information relevant to this investigation, please fill out this short form,” reads the FBI release. The agency has set up a dedicated email, RoeVictims@fbi.gov, and a short form for individuals to provide information. Your responses are voluntary but could be crucial in furthering the federal investigation and identifying additional victims. The FBI is legally required to identify victims of federal crimes it investigates. Victims of such crimes may be eligible for various services, restitution, and rights under federal and/or state law. Identifying victims is not only a legal mandate but also an essential part of ensuring that those affected by Roe's alleged cyberstalking receive the support and justice they deserve. The FBI assures that all identities of victims will be kept confidential. “Based on the responses provided, you may be contacted by the FBI and asked to provide additional information. All identities of victims will be kept confidential.”

The Impact of Cyberstalking

Cyberstalking is a serious offense that can have profound effects on the lives of victims. It involves the use of digital means to harass, intimidate, and threaten individuals, leading to emotional distress, fear, and disruption of daily life. The use of spoofed phone numbers and email accounts, as alleged in Roe's case, can make it challenging for victims to trace the source of harassment, adding to their anxiety and sense of vulnerability.

How to Recognize Cyberstalking

Victims of cyberstalking often experience repeated, unwanted contact through digital communication methods. This can include:

• Frequent and persistent phone calls, often from unknown or spoofed numbers.
• Harassing text messages that may contain threats or abusive language.
• Unwanted emails that may be difficult to trace back to the sender.

If you have experienced such behaviors, it is crucial to report them to authorities. The FBI's current efforts to identify victims of Roe underline the importance of addressing and combating cyberstalking.

The Federal Trade Commission (FTC) has launched legal action against software giant Adobe and two of its top executives, Maninder Sawhney, and David Wadhwani, for allegedly deceiving consumers about early termination fees and making it difficult to cancel subscriptions. The Department of Justice (DOJ), following a referral from the FTC, has filed a complaint in a federal court, charging Adobe with pushing consumers toward its “annual paid monthly” subscription plan without adequately disclosing the costly cancellation fees associated with it. “Adobe trapped customers into year-long subscriptions through hidden early termination fees and numerous cancellation hurdles,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Americans are tired of companies hiding the ball during subscription signup and then putting up roadblocks when they try to cancel. The FTC will continue working to protect Americans from these illegal business practices.”

Details of the FTC Complaint Against Adobe

According to the complaint, Adobe has been steering consumers towards its "annual paid monthly" subscription plan by pre-selecting it as the default option on its website. While the monthly cost is prominently displayed, the early termination fee (ETF) is not. The ETF, which amounts to 50 percent of the remaining monthly payments if the subscription is canceled within the first year, is buried in small print or hidden behind small icons on the website. Consumers have complained to the FTC and the Better Business Bureau, stating they were unaware of the ETF or that the plan required a year-long commitment.

Adobe's Practices

Adobe shifted primarily to a subscription model in 2012, which now accounts for most of its revenue. The complaint alleges that despite knowing about consumer confusion regarding the ETF, Adobe continues to obscure the fee and make it difficult to cancel subscriptions. When consumers try to cancel their subscriptions through Adobe’s website, they must navigate through numerous pages. Those who seek help from customer service face resistance, delays, and additional obstacles, such as dropped calls, chats, and multiple transfers. Some consumers who believed they had canceled their subscriptions later found that Adobe continued to charge them. The FTC charges that Adobe's practices violate the Restore Online Shoppers’ Confidence Act. The Commission voted unanimously (3-0) to refer the civil penalty complaint to the DOJ, which then filed it in the U.S. District Court for the Northern District of California.

Adobe's Response to FTC Complaint

In response to the FTC's complaint, Adobe released a statement through Dana Rao, General Counsel and Chief Trust Officer: “Subscription services are convenient, flexible, and cost-effective to allow users to choose the plan that best fits their needs, timeline, and budget. Our priority is to always ensure our customers have a positive experience. We are transparent with the terms and conditions of our subscription agreements and have a simple cancellation process. We will refute the FTC’s claims in court.”

Adobe Shift to the Subscription Model

Adobe's transition to a subscription model over a decade ago was driven by the digital and cloud-based evolution of the industry. This model was designed to deliver continuous innovation, including cloud-based features and services, more affordably to customers. Subscription-based software and services have become integral to the digital economy, offering numerous benefits such as:

• Continuous Innovation: Subscriptions allow Adobe to deliver ongoing improvements and new features, including those that require cloud computation, without additional cost to customers. For example, Photoshop's Generative Fill feature.
• Multi-Device Usage: Products can be used on multiple devices and across groups of collaborators, providing automatic updates and enhanced security.
• Access to Cloud-Only Services: Subscribers gain access to services like artificial intelligence (AI) tools and other cloud-based functionalities.
• Consumer Choice: Adobe offers various plans, giving consumers the flexibility to choose between lower upfront costs and maximum flexibility.

The FTC's complaint against Adobe brings to light the critical issue of transparency in subscription services. As digital subscriptions become more prevalent, it is essential for companies to be upfront about fees and provide straightforward cancellation processes. This case serves as a reminder that consumer protection agencies will continue to hold companies accountable for deceptive practices, ensuring that consumers are treated fairly in the marketplace. The ongoing legal battle will be closely watched, with significant implications for both Adobe and the wider industry.

AJE Group, a prominent company in the manufacture, distribution, and sale of alcoholic and nonalcoholic beverages, has allegedly fallen victim to a MEDUSA ransomware attack. Founded in 1988 and headquartered in Lima, Peru, AJE Group employs 2,896 people. The unconfirmed ransomware attack on AJE Group has allegedly resulted in a significant data breach, putting allegedly 646.4 GB of data at risk.

Ransomware Attack on AJE Group: Ransom Demand and Countdown

The ransomware group has set an ominous countdown of eight days, 21 hours, 20 minutes, and 30 seconds for the company to comply with their demands. The attackers have placed a hefty price tag of US$1,500,000 to prevent unauthorized distribution of the compromised data. Additionally, for every day that passes without payment, the ransom amount increases by US$100,000. However, these claims remain unconfirmed as AJE Group has yet to release an official statement regarding the incident. [caption id="attachment_77719" align="aligncenter" width="1024"] Source: X[/caption] A preliminary investigation into AJE Group’s official website revealed no apparent disruptions; the site was fully operational, casting doubt on the authenticity of the ransomware group’s claims. Nevertheless, without an official statement from AJE Group, it is premature to conclude whether the ransomware attack on AJE Group has genuinely occurred. If the ransomware attack on AJE Group is confirmed, the implications for the Group could be extensive and severe. Data breaches can lead to significant financial losses, reputational damage, and operational disruptions. The compromised data may include sensitive information that, if leaked, could affect the company's competitive standing and expose its employees and customers to further risks.

MEDUSA Ransomware: A Rising Threat

Earlier, The Cyber Express (TCE) reported that Threat Actors (TAs) associated with the notorious MEDUSA ransomware have escalated their activities, allegedly targeting two institutions in the USA. The first target is Tri-Cities Preparatory High School, a public charter middle and high school located in Prescott, Arizona. The threat actors claim to have access to 1.2 GB of the school’s data and have threatened to publish it within seven to eight days. The second target is Fitzgerald, DePietro & Wojnas CPAs, P.C., an accounting firm based in Utica, New York. The attackers claim to have access to 92.5 GB of the firm’s data and have threatened to release it within eight to nine days.

History and Modus Operandi of MEDUSA

MEDUSA first emerged in June 2021 and has since launched attacks on organizations across various countries and industries, including healthcare, education, manufacturing, and retail. Despite its global reach, most victims have been based in the United States. MEDUSA operates as a Ransomware-as-a-Service (RaaS) platform, offering malicious software and infrastructure to would-be attackers. This model enables less technically skilled criminals to launch sophisticated ransomware attacks. MEDUSA's TAs often utilize a public Telegram channel to post stolen data, leveraging public exposure as an extortion tactic to pressure organizations into paying the ransom.

The Broader Impact of Ransomware Attacks

The reported MEDUSA ransomware attack on AJE Group highlights the growing threat posed by ransomware groups. Ransomware attacks have become increasingly prevalent, targeting critical sectors and causing widespread disruption. The healthcare industry, for instance, has seen hospitals forced to shut down operations, delaying critical medical procedures and compromising patient care. Educational institutions have faced similar disruptions, with students' data at risk and academic schedules thrown into disarray. The manufacturing and retail sectors, too, have not been spared. Companies in these industries have experienced production halts, supply chain disruptions, and significant financial losses due to ransomware attacks. These incidents highlight the importance of enhanced cybersecurity measures and prompt incident response protocols to mitigate the impact of such attacks. Additionally, organizations must prioritize cybersecurity awareness and preparedness to defend against ransomware attacks. Regular employee training, stringent access controls, and up-to-date security software are essential components of a robust cybersecurity strategy. Further, organizations should have a well-defined incident response plan to quickly address and contain any breaches.

Conclusion

While the authenticity of the ransomware attack on AJE Group remains unconfirmed, the potential consequences are significant. TCE will continue to monitor this ongoing situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Guidehouse Inc., based in McLean, Virginia, and Nan McKay and Associates, headquartered in El Cajon, California, have agreed to pay settlements totaling $11.3 million to resolve allegations under the False Claims Act. The settlements came from their failure to meet cybersecurity requirements in contracts aimed at providing secure online access for low-income New Yorkers applying for federal rental assistance during the COVID-19 pandemic.

What Exactly Happened?

In response to the economic hardships brought on by the pandemic, Congress enacted the Emergency Rental Assistance Program (ERAP) in early 2021. This initiative was designed to offer financial support to eligible low-income households in covering rent, rental arrears, utilities, and other housing-related expenses. Participating state agencies, such as New York's Office of Temporary and Disability Assistance (OTDA), were tasked with distributing federal funding to qualified tenants and landlords. Guidehouse assumed a pivotal role as the prime contractor for New York's ERAP, responsible for overseeing the ERAP technology and services. Nan McKay acted as Guidehouse's subcontractor, entrusted with delivering and maintaining the ERAP technology used by New Yorkers to submit online applications for rental assistance.

Admission of Violations and Settlement

Critical to the allegations were breaches in cybersecurity protocols. Both Guidehouse and Nan McKay admitted to failing their obligation to conduct required pre-production cybersecurity testing on the ERAP Application. Consequently, the ERAP system went live on June 1, 2021, only to be shut down twelve hours later by OTDA due to a cybersecurity breach. This data breach exposed the personally identifiable information (PII) of applicants, which was found accessible on the Internet. Guidehouse and Nan McKay acknowledged that proper cybersecurity testing could have detected and potentially prevented such breaches. Additionally, Guidehouse admitted to using a third-party data cloud software program to store PII without obtaining OTDA’s permission, violating their contractual obligations.

Government Response and Accountability

Principal Deputy Assistant Attorney General Brian M. Boynton of the Justice Department’s Civil Division emphasized the importance of adhering to cybersecurity commitments associated with federal funding. "Federal funding frequently comes with cybersecurity obligations, and contractors and grantees must honor these commitments,” said Boynton. “The Justice Department will continue to pursue knowing violations of material cybersecurity requirements aimed at protecting sensitive personal information.” U.S. Attorney Carla B. Freedman for the Northern District of New York echoed these sentiments, highlighting the necessity for federal contractors to prioritize cybersecurity obligations. “Contractors who receive federal funding must take their cybersecurity obligations seriously,” said Freedman. “We will continue to hold entities and individuals accountable when they knowingly fail to implement and follow cybersecurity requirements essential to protect sensitive information.” Acting Inspector General Richard K. Delmar of the Department of the Treasury emphasized the severe impact of these breaches on a program crucial to the government’s pandemic recovery efforts. He expressed gratitude for the partnership with the DOJ in addressing this breach and ensuring accountability. “These vendors failed to meet their data integrity obligations in a program on which so many eligible citizens depend for rental security, which jeopardized the effectiveness of a vital part of the government’s pandemic recovery effort,” said Delmar. “Treasury OIG is grateful for DOJ’s support of its oversight work to accomplish this recovery.” New York State Comptroller Thomas P. DiNapoli emphasized the critical role of protecting the integrity of programs like ERAP, vital to economic recovery. He thanked federal partners for their collaborative efforts in holding these contractors accountable. “This settlement sends a strong message to New York State contractors that there will be consequences if they fail to safeguard the personal information entrusted to them or meet the terms of their contracts,” said DiNapoli. “Rental assistance has been vital to our economic recovery, and the integrity of the program needs to be protected. I thank the United States Department of Justice, United States Attorney for the Northern District of New York Freedman and the United States Department of Treasury Office of the Inspector General for their partnership in exposing this breach and holding these vendors accountable.”

Initiative to Address Cybersecurity Risks

In response to such breaches, the Deputy Attorney General announced the Civil Cyber-Fraud Initiative on October 6, 2021. This initiative aims to hold accountable entities or individuals who knowingly endanger sensitive information through inadequate cybersecurity practices or misrepresentations. The investigation into these breaches was initiated following a whistleblower lawsuit under the False Claims Act. As part of the settlement, whistleblower Elevation 33 LLC, owned by a former Guidehouse employee, will receive approximately $1.95 million. Trial Attorney J. Jennifer Koh from the Civil Division's Commercial Litigation Branch, Fraud Section, and Assistant U.S. Attorney Adam J. Katz from the Northern District of New York led the case, with support from the Department of the Treasury OIG and the Office of the New York State Comptroller. These settlements highlight the imperative for rigorous cybersecurity measures in federal contracts, particularly in safeguarding sensitive personal information critical to public assistance programs. As the government continues to navigate evolving cybersecurity threats, it remains steadfast in enforcing accountability among contractors entrusted with protecting essential public resources.

In a joint effort to enhance election security and public confidence, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Election Assistance Commission (EAC) have released a comprehensive guide titled “Enhancing Election Security Through Public Communications.” This guide on election security is designed for state, local, tribal, and territorial election officials who play a critical role as the primary sources of official election information.

Why Communication is Important in Election Security

Open and transparent communication with the American public is essential to maintaining trust in the electoral process. State and local election officials are on the front lines, engaging with the public and the media on numerous election-related topics. These range from election dates and deadlines to voter registration, candidate filings, voting locations, election worker recruitment, security measures, and the publication of results. The new guide aims to provide these officials with a strong framework and practical tools to develop and implement an effective, year-round communications plan. “The ability for election officials to be transparent about the elections process and communicate quickly and effectively with the American people is crucial for building and maintaining their trust in the security and integrity of our elections process,” stated CISA Senior Advisor Cait Conley. The election security guide offers practical advice on how to tailor communication plans to the specific needs and resources of different jurisdictions. It includes worksheets to help officials develop core components of their communication strategies. This approach recognizes the diverse nature of election administration across the United States, where varying local contexts require customized solutions. EAC Chairman Ben Hovland, Vice Chair Donald Palmer, Commissioner Thomas Hicks, and Commissioner Christy McCormick collectively emphasized the critical role of election officials as trusted sources of information. “This resource supports election officials to successfully deliver accurate communication to voters with the critical information they need before and after Election Day,” they said. Effective and transparent communication not only aids voters in casting their ballots but also helps instill confidence in the security and accuracy of the election results.

How Tailored Communication Enhances Election Security

The release of this guide on election security comes at a crucial time when trust in the electoral process is increasingly under scrutiny. In recent years, the rise of misinformation and cyber threats has posed significant challenges to the integrity of elections worldwide. By equipping election officials with the tools to communicate effectively and transparently, CISA and the EAC are taking proactive steps to safeguard the democratic process. One of the strengths of this guide is its emphasis on tailoring communication strategies to the unique needs of different jurisdictions. This is a pragmatic approach that acknowledges the diverse landscape of election administration in the U.S. It recognizes that a one-size-fits-all solution is not feasible and that local context matters significantly in how information is disseminated and received. Furthermore, the guide’s focus on year-round communication is a noteworthy aspect. Election security is not just a concern during election cycles but is a continuous process that requires ongoing vigilance and engagement with the public. By encouraging a year-round communication plan, the guide promotes sustained efforts to build and maintain public trust. However, while the guide is a step in the right direction, its effectiveness will largely depend on the implementation by election officials at all levels. Adequate training and resources must be provided to ensure that officials can effectively utilize the tools and strategies outlined in the guide. Additionally, there needs to be a concerted effort to address potential barriers to effective communication, such as limited funding or technological challenges in certain jurisdictions.

To Wrap UP

The “Enhancing Election Security Through Public Communications” guide by CISA and the EAC is a timely and necessary resource for election officials across the United States. As election officials begin to implement the strategies outlined in the guide, it is imperative that they receive the support and resources needed to overcome any challenges. Ultimately, the success of this initiative will hinge on the ability of election officials to engage with the public in a clear, accurate, and transparent manner, thereby reinforcing the security and integrity of the election process.

The Los Angeles County Department of Public Health (DPH) has disclosed a significant data breach impacting more than 200,000 individuals. The data breach at Los Angeles County DPH, occurring between February 19 and 20, 2024, involved the theft of sensitive personal, medical, and financial information. The data breach was initiated through a phishing attack, where an external threat actor obtained the login credentials of 53 DPH employees. “Between February 19, 2024, and February 20, 2024, DPH experienced a phishing attack,” reads the official notice.

Data Breach at Los Angeles County DPH: What Happened

The phishing email, designed to appear legitimate, tricked employees into divulging their credentials by clicking on a malicious link. This unauthorized access led to a wide-ranging compromise of data, affecting various individuals associated with DPH, including clients, employees, and others. The compromised email accounts contained a wealth of sensitive data. The potentially exposed information includes:

• First and last names
• Dates of birth
• Diagnosis and prescription details
• Medical record numbers/patient IDs
• Medicare/Med-Cal numbers
• Health insurance information
• Social Security numbers
• Other financial information

It is important to note that not all of the above data elements were present for every affected individual. Each individual may have been impacted differently based on the specific information contained in the compromised accounts. “Affected individuals may have been impacted differently and not all of the elements listed were present for each individual,” Los Angeles County DPH informed.

 Data Breach at Los Angeles County DPH Notification 

DPH is taking extensive steps to notify all potentially affected individuals. Notifications are being sent via post to those whose mailing addresses are available. For individuals without a mailing address, DPH also posts a notice on its website to provide necessary information and resources. The department has advised impacted individuals to review the content and accuracy of their medical records with their healthcare providers. However, on delay in notification, Los Angeles County DPH said, “Due to an investigation by law enforcement, we were advised to delay notification of this incident, as public notice may have hindered their investigation.” To assist in protecting against potential misuse of their information, DPH is offering one year of free identity monitoring services through Kroll, a global leader in risk mitigation and response. “To help relieve concerns and restore confidence following this incident, we have secured the services of Kroll, a global leader in risk mitigation and response, to provide identity monitoring for one year at no cost to affected clients,” reads the notice.

Response and Preventive Measures

Upon discovering the Los Angeles County DPH data breach, DPH took immediate action to mitigate further risks. The department disabled the affected email accounts, reset and re-imaged the users’ devices, blocked the websites involved in the phishing campaign, and quarantined all suspicious incoming emails. Additionally, DPH has implemented numerous security enhancements to prevent similar incidents in the future. Awareness notifications have been distributed to all workforce members, reminding them to be vigilant when reviewing emails, especially those containing links or attachments. These measures aim to bolster the department’s defense against phishing attacks and other cyber threats. The incident was promptly reported to law enforcement authorities, who investigated the breach. The US Department of Health and Human Services’ Office for Civil Rights and other relevant agencies are also notified, as required by law and contractual obligations.

Steps for Individuals to Protect Themselves

While DPH cannot confirm whether any information has been accessed or misused, affected individuals are encouraged to take proactive steps to protect their personal information. These steps include:

• Reviewing Medical Records: Individuals should review their medical records and Explanation of Benefits statements for any discrepancies or unauthorized services. Any irregularities should be reported to their healthcare provider or health plan.
• Requesting Credit Reports: Individuals should remain vigilant against identity theft and fraud by regularly reviewing their financial statements and credit reports. Under US law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. Free credit reports can be requested at www.annualcreditreport.com or by calling 1-877-322-8228.
• Placing Fraud Alerts: Individuals can place a fraud alert on their credit files, which notifies creditors to take additional steps to verify identity before granting credit. Fraud alerts can be set up by contacting any of the major credit bureaus.
• Security Freezes: A security freeze can also be placed on credit reports, which prevents credit bureaus from releasing any information without written authorization. This measure can help prevent unauthorized credit activity but may delay the approval of new credit requests.

The Los Angeles County Department of Public Health continues to cooperate with law enforcement and other agencies to protect the privacy and security of its clients, employees, and other stakeholders.

In today's cybersecurity world, the call for innovation and resilience has never been more urgent. Yet, amidst the pursuit of cutting-edge technologies and strategies, a critical aspect often overlooked is the power of neurodiversity. As organizations strive to cultivate inclusive environments and provide equal opportunities for neurodivergent individuals, questions abound on how this diverse talent pool can contribute to cybersecurity. This article aims to explore these questions comprehensively, shedding light on why embracing neurodiversity isn't just a moral imperative but a strategic advantage in safeguarding digital assets. By delving into the significance of neurodivergent individuals in the cybersecurity field readers will gain valuable insights into the importance of fostering inclusivity and understanding neurodiversity's role in shaping the future of cybersecurity.

What is Neurodiversity in Cybersecurity?

Neurodiversity in cybersecurity refers to the recognition and inclusion of individuals with diverse cognitive profiles, including conditions such as autism, ADHD, dyslexia, and others, within cybersecurity teams. These individuals bring unique perspectives, skills, and talents to the table, enhancing the overall effectiveness of cybersecurity operations. “Seeking out neurodiverse teammates in hiring and recognizing and building around their strengths can be a vital asset to anticipating an adversary’s moves and uncovering potential solutions to problems before they arise,” said Gunnar Peterson, CISO at Forter. Neurodiverse individuals often exhibit exceptional logical and methodical thinking, attention to detail, and cognitive pattern recognition skills. For example, they can hyperfocus on tasks, giving complete attention to specific issues for prolonged periods, which is invaluable in identifying and mitigating security threats. Their ability to engage deeply in their work ensures that even the smallest anomalies are detected and addressed swiftly. Moreover, many neurodiverse individuals thrive on repetitive tasks and routines, finding comfort and even excitement in long, monotonous processes. This makes them well-suited for roles that involve continuous monitoring and analysis of security data. Their high levels of concentration and persistence allow them to stay on task until solutions are found, ensuring thorough and effective problem-solving. Creativity is another significant benefit that neurodiverse individuals bring to cybersecurity. Their unique, nonlinear thinking enables them to approach problems from different angles and develop innovative solutions. This creativity is crucial for devising new methods to counteract evolving cyber threats. For instance, a neurodivergent team member might come up with an unconventional but highly effective way to secure a network that others might overlook. Furthermore, neurodiverse individuals often possess strong reasoning skills and keen awareness, contributing valuable insights into cybersecurity strategies. Their ability to think outside the box allows them to anticipate potential issues that others might miss, enhancing the overall security posture of an organization. In terms of teamwork, neurodiverse individuals respond well to inclusive environments. A diverse team, comprising various cognitive profiles, tends to react better to challenges and fosters a more innovative and productive atmosphere. When neurodivergent individuals are included and valued, team morale improves, leading to higher overall performance and productivity.

Challenges Faced by Neurodiverse Individuals in Cybersecurity

Neurodiverse individuals face several challenges in the workplace that can impact their ability to thrive, despite their unique strengths. For example, sensory sensitivities common in conditions like autism can make traditional office environments overwhelming due to bright lights, loud noises, or crowded spaces. This can lead to increased stress and decreased productivity. Communication barriers are another significant challenge, as some neurodivergent individuals may struggle with social cues and norms, making it difficult for them to participate effectively in team meetings or collaborative projects. For instance, someone with ADHD might find it challenging to maintain focus during long meetings, potentially missing critical information. Additionally, rigid workplace structures and a lack of flexibility can hinder neurodiverse employees, who may require different accommodations, such as varied working hours or remote work options, to perform optimally. These challenges highlight the need for inclusive workplace practices that recognize and support the diverse needs of neurodiverse individuals, enabling them to contribute their valuable skills more effectively.

How to Create Neurodiverse-Friendly Work Environments

Creating a neurodiverse-friendly work environment involves considering several key factors to support and accommodate the unique needs of neurodivergent individuals. Here are the steps to create such an environment: Sensory: Addressing the sensory environment is crucial. This means ensuring that the workplace is comfortable regarding lighting, noise, and overall ambiance. For example, providing noise-canceling headphones, adjustable lighting, or quiet workspaces can help neurodivergent employees focus better and reduce sensory overload. Timely: A timely environment means allowing sufficient time for tasks and avoiding unrealistic deadlines. Clearly communicating timeframes and allowing flexibility can reduce stress. For instance, giving employees enough time to complete tasks without last-minute rushes can improve their productivity and job satisfaction. Explicit: Communication should be clear and explicit. This involves providing detailed instructions and avoiding ambiguous language. For example, instead of saying, "Get this done soon," specify, "Please complete this task by 3 PM tomorrow." This clarity helps neurodivergent individuals understand expectations and reduces anxiety. Predictable: Creating a predictable environment can help reduce anxiety and improve focus. This includes having regular schedules and clear procedures. For instance, if meetings are scheduled at consistent times and agendas are shared in advance, neurodivergent employees can prepare better and feel more secure. Social: Fostering a supportive social environment means recognizing that not everyone may be comfortable with the same level of social interaction. Offering structured social activities and respecting individual preferences can create a more inclusive workplace. For example, providing clear invitations to social events with detailed information about what to expect can help neurodivergent employees feel more comfortable. Additionally, implementing a "traffic-light" system with colored cards or post-it notes (green for willing to interact, yellow for maybe, and red for needing to focus) can help manage social interactions effectively and respect individual boundaries. By incorporating these STEPS, organizations can create an inclusive and supportive work environment that leverages the unique strengths of neurodivergent employees, ultimately enhancing overall productivity and innovation. Training Programs: Providing specialized training and development programs can help neurodivergent individuals thrive in cybersecurity roles. This includes offering tailored training sessions that address their unique learning styles and strengths. For example, using visual aids and hands-on activities can enhance understanding and retention. Mentorship programs where experienced employees guide neurodivergent staff can also be beneficial, offering personalized support and career development advice. Moreover, continuous learning opportunities, such as workshops on the latest cybersecurity trends and technologies, can keep neurodivergent employees engaged and up-to-date with industry advancements.

Read Ahead

“Once we start to remove what those barriers are, the way that we do things, our culture of understanding and our bias of conditions, then we can start to be more inclusive and welcome a more diverse workforce,” said Foxcroft. By harnessing the unique strengths of neurodivergent individuals, organizations can unlock a wellspring of creativity, focus, and unconventional problem-solving. It's a future where cybersecurity teams aren't just well-equipped, but exceptionally prepared – a future where "thinking differently" becomes the key to defending against the unthinkable. So, what steps will you take to create a more inclusive cybersecurity workforce? The answers may well determine the future security of our digital world.

The U.S. food chain giant Panera Bread has begun notifying its employees of a significant data breach that occurred as a result of a ransomware attack in March 2024. The company, along with its franchises, operates 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada. The Panera Bread data breach was disclosed in notification letters filed with the Office of California's Attorney General, where Panera detailed its response to what it termed a "security incident." Upon detecting the Panera Bread data breach, the company acted swiftly to contain it, enlisting external cybersecurity experts to investigate and inform law enforcement of the situation. The files involved were reviewed, and on May 16, 2024, we determined that a file contained your name and Social Security number. Other information you provided in connection with your employment could have been in the files involved. As of the date of mailing of this letter, there is no indication that the information accessed has been made publicly available," reads Panera's official notification.

Panera Bread Data Breach: Impact on Employees and Operations

The ransomware attack has had substantial repercussions on Panera's operations and its employees. Many of Panera's virtual machine systems were reportedly encrypted during the attack, leading to a significant outage that crippled internal IT systems, phones, point of sale systems, the company’s website, and mobile apps. During this outage, employees were unable to access their shift details and had to contact their managers to obtain work schedules. The stores faced further disruption as they could only process cash transactions, with electronic payment systems down. Additionally, the rewards program system was inoperable, preventing members from redeeming their points. The most concerning aspect of the breach for employees is the compromise of sensitive personal information. Panera has confirmed that files containing employee names and Social Security numbers were accessed. There is also the potential that other employment-related information was compromised. However, the company has assured employees that, as of the notification date, there is no evidence that the accessed information has been publicly disseminated. To mitigate the potential impact on affected individuals, Panera is offering a one-year membership to CyEx's Identity Defense Total, which includes credit monitoring, identity detection, and identity theft resolution services. This proactive measure aims to help employees safeguard their identities and respond swiftly to any signs of fraudulent activity.

The Bigger Picture: Unanswered Questions

Despite the detailed notifications to employees, Panera has yet to publicly disclose the total number of individuals impacted by the breach. The identity of the threat actors behind the ransomware attack also remains unknown. No ransomware group has claimed responsibility, which raises speculation that the attackers might be awaiting a ransom payment or have already received it. Moreover, Panera has not responded to requests for comment from The Cyber Express regarding the outage and the ransomware attack. This lack of communication leaves several critical questions unanswered, particularly about the measures being taken to prevent future incidents and the ongoing efforts to recover from the current breach.

Implications for Panera Bread Data Breach

The implications of this ransomware attack extend beyond the immediate disruption and data breach. Panera Bread's reputation is at stake, as customers and employees alike may question the company's ability to protect sensitive information. The operational disruptions also highlight vulnerabilities in the company’s IT infrastructure that need to be addressed to prevent similar incidents in the future. In response to the data breach, Panera has committed to enhancing its existing security measures. The company is likely to conduct a thorough review of its cybersecurity policies and practices to identify and address any gaps. Additionally, ongoing communication with employees and stakeholders will be crucial in rebuilding trust and ensuring that all affected parties are adequately supported. As the investigation continues, further details may emerge about the nature of the breach and the steps Panera is taking to strengthen its defenses.

Borrer Executive Search, an AESC-accredited boutique search and selection firm headquartered in Lausanne, Switzerland, has allegedly fallen victim to the Eraleig ransomware. The attackers have issued a deadline of June 24, 2024, threatening to release 2.5MB of internal documents and agreements if their demands are not met. As of now, the specifics regarding the data compromised, the motives behind the Borrer Executive Search ransomware attack, and the extent of the breach remain undisclosed by the attackers. Upon inspecting the official website of Borrer Executive Search, no signs of foul play were detected, and the website remains fully functional. To further investigate the validity of these claims, The Cyber Express Team reached out to Borrer Executive Search officials for a statement. However, at the time of writing this report, no response was received, leaving the allegations unverified. [caption id="attachment_77181" align="aligncenter" width="1024"] Source: X[/caption]

Potential Implications of Borrer Executive Search Ransomware Attack

Borrer Executive Search is a specialized firm that operates on a retained and exclusive mandate basis. The company partners with corporate clients to identify, attract, and integrate top leadership talent. Their operations are not confined to Switzerland alone; they have a significant international presence, focusing on director, VP, and C-level positions in Global Operations (Supply Chain & Procurement), Commercial Leadership (General Management, Sales & Marketing), Finance, and HR. Given the high-profile nature of their clientele, which spans across Europe and potentially beyond, the implications of a verified ransomware attack could be far-reaching and severe. Should the ransomware attack be confirmed, Borrer Executive Search could face several significant consequences:

1. Data Breach and Confidentiality: The release of internal documents and agreements could lead to a breach of confidentiality agreements with clients. This could result in legal ramifications and a loss of trust among their client base.
2. Operational Disruption: Ransomware attacks can severely disrupt business operations, leading to downtime and a loss of productivity. For a firm that specializes in executive search, any delay in operations could mean missing out on critical placement opportunities and damaging its reputation for reliability and efficiency.
3. Financial Impact: Beyond the immediate ransom demand, the financial impact of a ransomware attack can be substantial. Costs associated with recovery, potential legal fees, and lost business opportunities can accumulate rapidly.
4. Reputational Damage: The mere association with a ransomware attack can tarnish the reputation of a firm, especially one that deals with high-profile clients and sensitive information. Clients may question the firm’s ability to safeguard their data, leading to potential loss of business.
5. Regulatory Scrutiny: Depending on the nature of the data compromised, Borrer Executive Search could find itself under the scrutiny of data protection authorities, especially given the stringent data privacy laws in Europe, such as the General Data Protection Regulation (GDPR).

Understanding Eraleig Ransomware

Eraleig ransomware is known for its sophisticated encryption techniques and its ability to inflict significant damage on targeted organizations. Typically, ransomware attacks aim to lock users out of their systems or encrypt valuable data, demanding a ransom for its release. The Eraleig strain is no different, often leaving victims with a stark choice: pay the ransom or risk having sensitive data leaked publicly. The threat to release 2.5MB of internal documents and agreements indicates a targeted approach, aimed at exerting maximum pressure on Borrer Executive Search by leveraging the potential exposure of confidential client information. The alleged ransomware attack on Borrer Executive Search, if verified, highlights a growing trend of cyberattacks targeting firms that handle significant amounts of sensitive data. The executive search industry, by its nature, deals with highly confidential information related to top-level corporate executives. The alleged ransomware attack on Borrer Executive Search is a developing story with potentially serious implications for the firm and its extensive client base. As we await further confirmation and details, the incident brings to light the critical importance of cybersecurity in protecting sensitive information and maintaining trust in the executive search industry. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Life360 Inc., the parent company of Tile, has recently disclosed that it was the victim of a criminal extortion attempt involving stolen customer data. The incident, the Life360 data breach, which was communicated by CEO Chris Hulls, highlights the growing threat of cyberattacks targeting companies that handle large amounts of user information. Chris Hulls, CEO of Life360 Inc., provided details about the extortion attempt in an official release: "Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information." Upon receiving these emails, Life360 swiftly initiated an investigation. The company detected unauthorized access to a Tile customer support platform, though notably, the breach did not affect the Tile service platform itself. The compromised data includes customer names, addresses, email addresses, phone numbers, and Tile device identification numbers. Crucially, it does not include sensitive information such as credit card numbers, passwords, log-in credentials, location data, or government-issued identification numbers, as these were not stored on the affected support platform. "We believe this incident was limited to the specific Tile customer support data described above and is not more widespread," Hulls assured. We take this event and the security of customer information seriously. We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement. We remain committed to keeping families safe online and in the real world."

About Tile and Life360

Tile, much like Apple's AirTag, produces small Bluetooth-enabled devices that help users locate and track items such as keys, wallets, and bags. These devices work in conjunction with a mobile app, allowing users to find lost items using sound alerts or by viewing the last known location of the Tile tracker on a map. Tile is a subsidiary of Life360, the leading connection and safety app used by one in nine U.S. families. With over 66 million members, Life360 offers driving, location, and digital safety features that keep loved ones connected. The app's extensive user base makes the implications of any data breach potentially far-reaching.

Implications of the Life360 Data Breach

While the Life360 data breach did not include highly sensitive data, the exposure of personal information such as names, addresses, and phone numbers can still have significant implications. Such data can be used for targeted phishing attacks, identity theft, and other malicious activities. The breach highlights the importance of cybersecurity measures, particularly for companies managing large databases of personal information. Life360's swift response to the incident and its cooperation with law enforcement demonstrates the company's commitment to transparency and user security.

Moving Forward

In response to the breach, Life360 has reiterated its commitment to enhancing its security infrastructure and safeguarding user information. The company is taking proactive steps to prevent future cybersecurity incidents, including strengthening its cybersecurity protocols and continuing to monitor its systems for potential vulnerabilities. "We remain committed to keeping families safe online and in the real world," Hulls emphasized. The company’s prompt action and transparent communication are crucial in maintaining user trust and addressing concerns related to the breach.

The city of Dubai, known for its affluence and wealthy residents, has allegedly been hit by a ransomware attack claimed by the cybercriminal group Daixin Team. The group announced the city of Dubai ransomware attack on its dark web leak site on Wednesday, claiming to have stolen between 60-80GB of data from the Government of Dubai’s network systems. According to the Daixin Team's post, the stolen data includes ID cards, passports, and other personally identifiable information (PII). Although the group noted that the 33,712 files have not been fully analyzed or dumped on the leak site, the potential exposure of such sensitive information is concerning. Dubai, a city with over three million residents and the highest concentration of millionaires globally, presents a rich target for cybercriminals. [caption id="attachment_77008" align="aligncenter" width="504"] Source: Dark Web[/caption]

Potential Impact City of Dubai Ransomware Attack

The stolen data reportedly contains extensive personal information, such as full names, dates of birth, nationalities, marital statuses, job descriptions, supervisor names, housing statuses, phone numbers, addresses, vehicle information, primary contacts, and language preferences. Additionally, the databases appear to include business records, hotel records, land ownership details, HR records, and corporate contacts. [caption id="attachment_77010" align="aligncenter" width="1024"] Source: Dark Web[/caption] Given that over 75% of Dubai's residents are expatriates, the stolen data provides a treasure of information that could be used for targeted spear phishing attacks, vishing attacks, identity theft, and other malicious activities. The city's status as a playground for the wealthy, including 212 centi-millionaires and 15 billionaires, further heightens the risk of targeted attacks.

Daixin Team: A Persistent Threat

The Daixin Team, a Russian-speaking ransomware and data extortion group, has been active since at least June 2022. Known primarily for its cyberattacks on the healthcare sector, Daixin has recently expanded its operations to other industries, employing sophisticated hacking techniques. A 2022 report by the US Cybersecurity and Infrastructure Security Agency (CISA) highlights Daixin Team's focus on the healthcare sector in the United States. However, the group has also targeted other sectors, including the hospitality industry. Recently, Daixin claimed responsibility for a cyberattack on Omni Hotels & Resorts, exfiltrating sensitive data, including records of all visitors dating back to 2017. In another notable case, Bluewater Health, a prominent hospital network in Ontario, Canada, fell victim to a cyberattack attributed to Daixin Team. The attack affected several hospitals, including Windsor Regional Hospital, Erie Shores Healthcare, Chatham-Kent Health, and Hôtel-Dieu Grace Healthcare. The Government of Dubai has yet to release an official statement regarding the ransomware attack. However, on accessing the official website of the Dubai government, no foul play was sensed as the websites were fully functional. This leaves the alleged ransomware attack unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Ascension, a leading healthcare provider, has made significant progress in its investigation and recovery efforts following a recent cyberattack. With the help of third-party cybersecurity experts, Ascension has identified the extent of the Ascension cyberattack and the steps needed to protect affected individuals. Ascension reports that attackers managed to steal files from a few servers within its network. Specifically, seven out of approximately 25,000 servers, primarily used by associates for daily tasks, were compromised. These servers might contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. "We now have evidence that attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks. Though we are still investigating, we believe some of those files may contain PHI and PII for certain individuals, although the specific data may differ from individual to individual," said an Ascension spokesperson.

What Caused Ascension Cyberattack?

The cyberattack on Ascension was traced back to an innocent mistake by an employee who accidentally downloaded a malicious file, mistaking it for a legitimate one. "We have also identified how the attacker gained access to our systems. An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake," informed the spokesperson. This incident highlights the importance of continuous cybersecurity training and vigilance among all employees to prevent such occurrences in the future. Ascension has assured its patients and associates that there is no evidence suggesting any data was taken from the Electronic Health Records (EHR) system or other clinical systems where comprehensive patient records are securely stored. This means the most sensitive health information remains uncompromised, providing some relief amidst the ongoing investigation.

Ongoing Review and Protective Measures

Ascension is currently conducting a detailed review and analysis of the potentially impacted files to determine precisely what data was affected and identify the individuals involved. This meticulous process is expected to take considerable time due to the volume and complexity of the data. In the meantime, Ascension is taking proactive steps to protect its patients and associates. The healthcare provider is offering free credit monitoring and identity theft protection services to all patients and associates, regardless of whether their data is eventually found to be compromised. This service is intended to provide immediate peace of mind and mitigate potential risks from the Ascension data breach. Individuals who wish to enroll in these protective services are encouraged to contact Ascension's dedicated call center at 1-888-498-8066.

Commitment to Transparency and Legal Compliance

Ascension remains committed to transparency throughout this investigation. While specific details regarding whether an individual's data was affected cannot be provided, Ascension pledges to follow all applicable laws and regulations related to data breach notifications. "We encourage all Ascension patients and staff who are concerned to take advantage of these services. We want to be clear that this offer does not mean we have determined that any specific individual patient’s data has been compromised. Rather, it illustrates our desire to do everything possible to reassure our patients and associates, regardless of any impact to specific individuals’ data," the spokesperson explained. "Once our data analysis is complete, we are committed to following all applicable laws and regulations to notify affected individuals and the appropriate regulatory bodies. To our patients, associates, and the communities we serve, we regret any disruption or concern you may have experienced as a result of this incident," the spokesperson added.

Background and Impact of Cyberattack on Ascension

On May 10, The Cyber Express reported that Ascension faced disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. Operating in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts a significant workforce of 8,500 providers, 35,000 affiliated providers, and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion. Given its substantial revenue and widespread operations, the impact of this cyberattack was significant. The organization detected unusual activity on select technology network systems, prompting an immediate response, investigation initiation, and activation of remediation efforts. Due to the cyberattack, Ascension advised its business partners to temporarily sever connections to its systems as a precautionary measure and stated it would notify partners when it is safe to reconnect. The cyberattack on Ascension disrupted clinical operations, prompting an investigation into the extent and duration of the disruption.

Pure Storage, a provider of cloud storage systems and services, has confirmed and addressed a security incident involving unauthorized access to one of its Snowflake data analytics workspaces. This workspace contained telemetry information used by Pure Storage to provide proactive customer support services. The Pure Storage data breach involved a third party temporarily gaining access to the workspace, which housed data such as company names, LDAP usernames, email addresses, and the Purity software release version number. Importantly, no sensitive information like credentials for array access or any other data stored on customer systems was compromised. "Such information is never and can never be communicated outside of the array itself, and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems," stated Pure Storage in an official statement.

Pure Storage Data Breach: Investigation Ongoing

Upon knowing about the cybersecurity incident, Pure Storage took immediate action to block any further unauthorized access to the workspace. The company emphasized that no unusual activity has been detected on other elements of its infrastructure. “We see no evidence of unusual activity on other elements of the Pure infrastructure. Pure is monitoring our customers’ systems and has not found any unusual activity. We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems,” reads the official statement. Preliminary findings from a cybersecurity firm engaged by Pure Storage support the company's conclusions about the nature of the exposed information. Pure Storage simplifies data storage with a cloud experience that empowers organizations to maximize their data while reducing the complexity and cost of managing the infrastructure behind it. Thousands of customers, including high-profile companies like Meta, Ford, JP Morgan, NASA, NTT, AutoNation, Equinix, and Comcast, use Pure Storage's data storage platform.

Context of Recent Snowflake Cybersecurity Incidents

Before the Pure Storage data breach, Advance Auto Parts, Inc., a significant provider of automobile aftermarket components, allegedly suffered a massive data breach. A threat actor known as “Sp1d3r” claimed responsibility, alleging the theft of three terabytes of data from the company’s Snowflake cloud storage, which is reportedly being sold for $1.5 million. Live Nation, the parent company of Ticketmaster, also confirmed "unauthorized activity" on its database hosted by Snowflake, a Boston-based cloud storage and analytics company. In a joint advisory with Mandiant and CrowdStrike, Snowflake revealed that attackers used stolen customer credentials to target accounts lacking multi-factor authentication protection. Mandiant linked these attacks to a financially motivated threat actor tracked as UNC5537 since May 2024. This malicious actor gains access to Snowflake customer accounts using credentials stolen in historical infostealer malware infections dating back to 2020. These cyberattacks have targeted hundreds of organizations worldwide, extorting victims for financial gain. So far, the cybersecurity firm has identified hundreds of customer Snowflake credentials exposed in Vidar, RisePro, Redline, Racoon Stealer, Lumm, and Metastealer malware attacks. Snowflake and Mandiant have notified around 165 organizations potentially exposed to these ongoing cyberattacks.

The City of Wichita has made significant progress in recovering from a cyberattack that disrupted many city services early last month. More than a month later, the City of Wichita cyberattack update has come up stating that most public-facing systems are back online, although some services are still being restored. The city reports that water metering, billing, and payment processing systems are gradually coming back online.

City of Wichita Cyberattack Update

Water Services Restored Customers can expect to receive updated statements this week. Auto-payments have resumed normal operations, and customers now have full access to their utility accounts online. Bills can be paid by credit card, cash, check, and money order at City Hall, online at City's payment portal, by calling (316) 265-1300, or through the mail. Due to the cyberattack on City of Wichita, some June bills may cover more than 60 days of service. Customers needing help with these bills are encouraged to contact a representative at (316) 265-1300 to arrange a payment plan. Library Services Update The Wichita Public Library has also seen progress, though some services remain affected. Public Wi-Fi is available at all locations, and patrons can access Libby for eBooks, audiobooks, and digital magazines. Additionally, materials can be checked in and out manually. However, hold requests and renewals, customer account information, the online catalog, the automated materials handler at the Advanced Learning Library, and online databases like Kanopy and LinkedIn Learning are still unavailable. Airport and Court Systems At the Wichita Dwight D. Eisenhower National Airport, public flight and gate display information is not yet available online but is expected to be restored soon. The Municipal Court has made strides in recovery, with most systems operational. The public search of warrants is anticipated to be online by Monday, June 10. The City’s Information Technology team is working to fix the remaining system outages. The city appreciates residents' patience as there may be occasional service interruptions during ongoing recovery efforts.

What Happened During the City of Wichita Cyberattack

The Cyber Express reported that the cyberattack occurred on May 5, leading to the shutdown of several online city services, including water bill payments, some city-building Wi-Fi, and electronic payments. LockBit, a known ransomware group, claimed responsibility for the cyberattack. This followed an earlier notification from the City of Wichita regarding a ransomware incident, although the responsible group was not initially disclosed. The ransomware attack has shown the vulnerabilities in the city's IT systems and the importance of strong cybersecurity measures. Despite the challenges, the city has worked hard to restore essential services to its residents. The City of Wichita urges residents to stay informed through official updates and to reach out to the provided contact points for help. The city remains committed to being transparent and providing the necessary support to its residents during this recovery period.

Findlay Automotive Group, a prominent dealership network with operations spanning Nevada, Utah, Arizona, Washington, and Idaho, recently identified a cybersecurity issue impacting certain areas of its IT infrastructure. Upon discovery, the company swiftly launched an investigation, joining the expertise of leading cybersecurity professionals and collaborating with law enforcement agencies to address the Findlay Automotive cybersecurity issue. While the investigation is ongoing, Findlay Automotive is actively working to mitigate the issue and restore full operational capabilities. However, no details related to the data compromised and the extent of the data breach have been provided by the Officials of Findlay Automotive Group. “Promptly after becoming aware of the issue, we launched an investigation with the assistance of leading cybersecurity experts and law enforcement. Our investigation is ongoing, and we are working diligently to resolve the matter,” reads the company’s statement on Facebook. [caption id="attachment_76709" align="aligncenter" width="760"] Source: Findlay Automotive's Facebook Post[/caption]

Operational Impact of Findlay Automotive Cybersecurity Issue

Despite the restrictions imposed by the Findlay Automotive cybersecurity issue, all dealership locations remain open. Customers with vehicles currently in service are encouraged to visit or contact their respective service departments directly for assistance from Findlay’s dedicated staff. "At Findlay Automotive, we have been serving our communities with pride and integrity since 1961," reads the company’s Facebook Post. "We take our responsibility to our customers and the community very seriously. We will continue to provide updates as the investigation continues and more information becomes available.” The urgency and gravity of the situation are highlighted by recent trends in cybersecurity, particularly the rising threat of ransomware attacks in the industrial sector.

Rising Cyber Threats in the Industrial Sector

In 2019, industrial companies faced significant financial burdens due to ransomware, collectively paying out $6.9 million, which accounted for 62% of the total $11 million spent on ransomware that year. Despite representing only 18% of ransomware cases, the manufacturing sector bore the brunt of the financial impact. By 2020, the cross-industry cost of ransomware had escalated to a staggering $20 billion. Gartner, a research firm, has projected that by 2023, the financial repercussions of cyberattacks on industrial systems, including potential fatal casualties, could exceed $50 billion. The automotive sector, in particular, has become a prime target for cybercriminals. As these threats intensify, paying ransoms become increasingly weak, emphasizing the necessity of enhanced cybersecurity measures to protect assets. The recent Volkswagen incident exemplifies the magnitude of these threats. In April 2024, Volkswagen faced a cyberattack, suspected to originate from Chinese hackers. The breach exposed sensitive data, including development plans for gasoline engines and critical information on e-mobility initiatives. Investigations by ZDF Frontal and “Der Spiegel” revealed more than 40 internal documents, highlighting the severity of the cyberattack. Similarly, in February 2024, Thyssenkrupp's automotive unit in Duisburg, Germany, experienced a cyberattack that disrupted production in its car parts division. Although no data theft or manipulation was detected, the company had to take several systems offline to prevent further unauthorized access, underlining the operational risks posed by such cyber incidents. Closer to home, Eagers Automotive Limited faced a cyber incident on December 27, 2023, leading to a temporary trading halt to address its continuous disclosure obligations. The company issued an apology to its customers for the inconvenience caused by the disruption, reflecting the broad and often immediate impact of cyberattacks on automotive businesses. Findlay Automotive’s proactive response to the current cybersecurity issue demonstrates its commitment to safeguarding its operations and customer trust. The company is maintaining open lines of communication with customers, providing regular updates as the investigation progresses and more information becomes available.

Recent high-profile data leaks, including incidents involving Santander and Ticketmaster, have highlighted the ongoing issue of data breaches affecting a wide array of industries, from banking and logistics to online stores and entertainment. While companies typically take steps to protect their affected clients, individuals can also enhance their digital security. Kaspersky experts offer advice on what to do if your data has been leaked. Data leaks often involve logins, passwords, addresses, and phone numbers. In some cases, they may include passport details and bank card information. While any data leak is concerning, it’s crucial not to panic. Instead, pause and consider the necessary steps to secure your information.

Data Leak? Immediate Actions to Take

1. Change Compromised Account Details: If you suspect your account details have been compromised, immediately change your password and enable two-factor authentication. If cybercriminals have already accessed your account, contact technical support to restore access and determine what other information might have been compromised. 2. Address and Phone Number Leaks: If sensitive data such as your address or phone number is leaked, it is usually not critical but still concerning. A leaked address typically doesn’t pose a threat unless it leads to targeted attacks like stalking. In such rare cases, contact the police promptly. For a leaked phone number, ensure accounts using that number as a login have two-factor authentication, change your password, and remain vigilant for potential fraud calls. 2. Passport or ID Leaks: If your passport or ID details become leaked, stay alert for potential social engineering attacks. Scammers might use your passport details to appear more credible. However, there is usually no need to obtain a new document. Using leaked passport data for fraud, such as taking out a loan, requires additional personal information and substantial criminal expertise. To mitigate future risks, avoid giving away your passport details unnecessarily—they are primarily needed for banking and e-government apps, and occasionally logistics services. 3. Bank Card Details: Act promptly if your bank card details are leaked: monitor bank notifications, reissue the card, and change your bank app or website password. Enable two-factor authentication and other verification methods. Some banks allow setting spending limits for added protection. If account and balance details are leaked, be extra vigilant against phishing emails, SMS, and calls. Cybercriminals might target you based on this information. In unclear situations, contact your bank directly. 4. Organizational Security Measures: Various types of leaked employee data can be used for OSINT (open-source intelligence) to further access internal systems. To counter these threats, organizations are advised to use advanced security solutions, implement strong cybersecurity policies, and conduct employee training. 5. Educating and Protecting Against Social Engineering: Amin Hasbini, Director of META Research Center Global Research and Analysis Team (GReAT) at Kaspersky, emphasizes the importance of being aware of data leakage risks and avoiding oversharing. He advises educating relatives, especially children and the elderly, about the dangers of social engineering attacks. "A crucial thing also is to educate your relatives, especially kids and elderly people. For example, explain that if someone refers to personal information, such as full name and even passport details, by telephone, messengers, social networks or e-mail, it’s not necessarily the bank or social service representatives, but might be scammers. In personal issues it’s advised to have a code word or question that only relatives know, while with organizations if some actions are required it’s better to use official contact information for double checking”, says Amin Hasbini, Director of META Research Center Global Research and Analysis Team (GReAT), at Kaspersky. As data breaches continue to affect various industries, individuals need to take proactive steps to secure their personal information. By following these experts' advice, you can mitigate the risks associated with data leaks and protect yourself from potential cyber threats.

Cisco, a global leader in networking and cybersecurity solutions, has announced the appointment of Sean Duca as its new Chief Information Security Officer (CISO) & Practice Leader for the Asia Pacific, Japan, and China (APJC) region. Sean, in his LinkedIn post, expressed his excitement about joining Cisco after taking a six-month break to focus on his health and recharge. He shared his enthusiasm for the new challenge ahead, working within Cisco's Customer Experience (CX) Team for APJC and eventually relocating to Singapore. “After an amazing 6-month break to recharge and focus on my health, I'm thrilled to embark on a new and exciting challenge at Cisco, working in the CX Team for APJC, and will eventually be based in Singapore,” reads the LinkedIn Post. On his first day at Cisco, Sean expressed his eagerness to collaborate with Jacqueline Guichelaar and the broader CX team, as well as reconnecting with former colleagues, including Peter M. Sean's decision to join Cisco was influenced by the opportunity to work with remarkable individuals, such as Jeetu Patel, and to contribute to innovative solutions like Cisco’s Hypershield. “Day 1 is done, and loving it! I am excited to work with Jacqueline Guichelaar and the wider CX team and to reconnect and work alongside Peter M. again,” reads the post. [caption id="attachment_76494" align="aligncenter" width="679"] Source: Sean Duca's LinkedIn Post[/caption]

Sean Duca Vast Experience

Sean brings over 20 years of experience in cybersecurity to his new role, with a proven track record of driving visionary strategies and practical solutions to enhance digital security. Sean's extensive background includes nearly nine years at Palo Alto Networks, where he served as Vice President and Regional Chief Security Officer (CSO) for the APJ region. Before that, he spent over 15 years at Intel Security, serving as the Chief Technology Officer (CTO) for the Asia Pacific region. His leadership in technology and security has made a significant impact in the industry. Reflecting on his new role at Cisco, Sean emphasized his commitment to helping customers achieve their security and business goals while extracting value from their Cisco investments. He expressed his eagerness to reconnect with partners and contacts in his soon-to-be new country, Singapore, highlighting his dedication to driving cybersecurity excellence across the region. “What drew me to Cisco? I've met incredible people, Jeetu Patel’s visionary strategy, and the innovation behind solutions like Cisco’s Hypershield. I can't wait to reconnect with partners, new and old, and many contacts in my soon-to-be new country when I move up next month. Most importantly, I'm eager to help our customers achieve their security and business goals, proving our value and extracting value from their Cisco investment,” reads the post further. With his renewed focus and energy, Sean's appointment is poised to lead Cisco's efforts to elevate performance in the cybersecurity world across APJC.

Switzerland has seen a notable increase in cyberattacks and disinformation campaigns as it prepares to host a crucial summit aimed at creating a pathway for peace in Ukraine. On Monday, the government reported these developments in a press conference, highlighting the challenges of convening a high-stakes international dialogue amidst rising digital threats. The summit, Summit on Peace in Ukraine is scheduled at a resort near Lucerne from June 15-16, and will gather representatives from 90 states and organizations. About half of the participants come from South America, Asia, Africa, and the Middle East. Notably, absent from the attendee list is Russia which was not invited due to its lack of interest in participating. However, the Swiss government emphasized that the summit’s goal is to "jointly define a roadmap" to eventually include both Russia and Ukraine in a future peace process. Swiss President Viola Amherd addressed the media, acknowledging the uptick in cyberattacks and disinformation efforts leading up to the event. These cyberattacks have targeted various facets of the summit, including personal attacks on President Amherd herself, particularly in Russian media outlets publicized within Switzerland. "We haven't summoned the ambassador," Amherd stated in response to these attacks. "That's how I wanted it because the disinformation campaign is so extreme that one can see that little of it reflects reality."

Switzerland Disruption Efforts and Cybersecurity

Foreign Minister Ignazio Cassis also spoke at the press conference, noting a clear "interest" in disrupting the talks. However, he refrained from directly accusing any particular entity, including Russia, when questioned about the source of the cyberattacks. This restraint highlights the delicate diplomatic balancing act Switzerland is attempting as host. Switzerland agreed to host the summit at the behest of Ukrainian President Volodymyr Zelenskyy and has been actively seeking support from countries with more neutral or favorable relations with Moscow compared to leading Western powers. This strategic outreach aims to broaden the coalition backing the peace efforts and mitigate the polarized dynamics that have characterized the conflict thus far.

Agenda and Key Issues

The summit will address several critical areas of international concern, including nuclear and food security, freedom of navigation, and humanitarian issues such as prisoner of war exchanges. These topics are integral to the broader context of the Ukraine conflict and resonate with the international community's strategic and humanitarian interests. Turkey and India are confirmed participants, though their representation level remains unspecified. There is still uncertainty regarding the participation of Brazil and South Africa. Switzerland noted that roughly half of the participating countries would be represented by heads of state or government, highlighting the summit's high profile and potential impact. The summit aims to conclude with a final declaration, which ideally would receive unanimous backing. This declaration is expected to outline the next steps in the peace process. When asked about potential successors to Switzerland in leading the next phase, Foreign Minister Cassis indicated ongoing efforts to engage regions beyond the Western sphere, particularly the Global South and Arabian countries. Such inclusion could foster a more comprehensive and globally supported peace initiative.

To Wrap Up

The summit represents a significant diplomatic effort to address the Ukraine conflict. However, the surge in cyberattacks on Switzerland and disinformation campaigns, highlights the complexities of such high-stakes international dialogue. In March 2024, Switzerland’s district court in the German-speaking district of March, home to around 45,000 residents, fell victim to a cyberattack. While details are scarce, the court’s website suggests it could potentially be a ransomware attack. As Switzerland navigates these challenges, the outcomes of this summit could set important precedents for future peace efforts and international cooperation.

A month after a cyberattack on Ascension, one of the largest nonprofit healthcare systems in the United States, continues to work expeditiously with industry cybersecurity experts to safely restore systems across its network. Ascension Via Christi has announced an update regarding the Ascension cyberattack that it expects to improve efficiencies and reduce wait times for patients. "Please know our hospitals and facilities remain open and are providing patient care. Ascension continues to make progress in our efforts to safely restore systems across our network. Restoring our Electronic Health Record (EHR) system remains a top priority," stated an official Ascension announcement.

Ascension cyberattack: What All Have Restored?

According to the latest update on the Ascension cyberattack, officials have successfully restored EHR access in Florida, Alabama, Tennessee, Maryland, Central Texas (Ascension Seton and Dell Children's hospitals), and Oklahoma markets. Ascension Via Christi further informed that its hospitals, including St. Francis and St. Joseph hospitals, and Ascension Medical Group clinics in Wichita, have restored the primary technology used for electronic patient documentation in care settings. "This will allow most hospital departments, physician offices, and clinics to use electronic documentation and charting. Patients should see improved efficiencies and shorter wait times. Our team continues to work tirelessly to restore other ancillary technology systems," Ascension Via Christi explained on its website, providing cybersecurity updates for its Kansas facilities. [caption id="attachment_76455" align="aligncenter" width="1024"] Source: Ascension Via Christi Website[/caption] The update for Ascension Via Christi St. Francis followed a national update from Ascension, which reported continued progress in restoring systems across its network. The company aims to have systems fully restored across its ministry by Friday, June 14.

Ascension cyberattack: What Happened?

On May 10, The Cyber Express reported that Ascension faced disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. Operating in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts a significant workforce of 8,500 providers, 35,000 affiliated providers, and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion. Given its substantial revenue and widespread operations, the impact of this cyberattack was significant. The organization detected unusual activity on select technology network systems, prompting an immediate response, investigation initiation, and activation of remediation efforts. Consequently, access to certain systems has been interrupted during the ongoing investigation process. Due to the massive cyberattack, Ascension advised its business partners to temporarily sever connections to its systems as a precautionary measure and stated it would notify partners when it is safe to reconnect. The cyberattack on Ascension disrupted clinical operations, prompting an investigation into the extent and duration of the disruption.

The Indian Institute of Technology (IIT) Kanpur’s C3iHub has launched the ‘Cyber Security Vocational Program’ in collaboration with Chhatrapati Shahu Ji Maharaj University (CSJMU) Kanpur and the Chhatrapati Shahu Ji Maharaj Innovation Foundation (CSJMIF). This cyber security program was formalized with the signing of a Memorandum of Understanding (MoU). "This MoU signifies CSJMU's commitment to providing our students with industry-relevant education. The cyber security program will equip them with the knowledge and expertise to tackle upcoming challenges in this critical domain," said Prof. Vinay Pathak, Vice Chancellor of CSJMU.

IIT Kanpur’s C3iHub Cyber Security Program Overview

This six-month program is designed to equip students with the necessary skills and knowledge to excel in the cybersecurity field. The program covers a range of topics including system security, malware analysis, network security, cryptography, and IoT security. Conducted entirely online, the course offers both fundamental knowledge and hands-on experience. Speaking about the program, Prof. Manindra Agrawal, Director of IIT Kanpur, said, "The Cyber Security Vocational Programme will help students develop a comprehensive understanding of cybersecurity, expanding their knowledge to an advanced level, and making them future-ready. By combining C3iHub's expertise with the resources of CSJMU and CSJMIF, we hope to provide a strong platform for students to acquire practical knowledge and essential skills in today's digital age."

Customized Hands-On Training

A key feature of the training is the provision of customized labs at each student's desk through the Cyber Range, offering hands-on experience and industry-relevant knowledge. This practical approach aims to prepare students for successful careers in this domain. C3iHub, a Technology Innovation Hub (TIH) at IIT Kanpur funded by the Department of Science and Technology, Government of India, under the National Mission on Interdisciplinary Cyber-Physical Systems, will play a pivotal role in the program. It will provide a virtual lab for course practicals, technical help desk support for students, certification of participation/completion, and final assessment results for all students. “This program aims to provide general awareness to students and also empower them with the necessary skills to navigate the digital landscape safely and securely,” said Dr. Tanima Hajra, COO and Interim CEO C3iHub. C3iHub addresses the cybersecurity of cyber-physical systems comprehensively. It detects security vulnerabilities in critical systems, develops tools to address these vulnerabilities, nucleates startups, partners with industries to commercialize security tools, and provides training to the next generation of security researchers. CSJMU will facilitate the smooth execution of the cyber security course, while CSJMIF will provide the platform to run the program. The initiative aims to enroll up to 50,000 students, marking a significant step towards fostering security expertise in India. With an ambitious target of enrolling up to 50,000 students, this program is poised to make a substantial impact on fostering expertise in India, addressing the growing demand for skilled professionals in this critical field.

Sophos, a cybersecurity company that offers a wide range of security solutions, has announced the appointment of Joe Levy as the company’s Chief Executive Officer (CEO). Levy, who has been serving as acting CEO since February 15, is set to drive the execution of Sophos' strategic vision. To support this strategy, Levy has named Jim Dildine as Sophos’ new Chief Financial Officer (CFO) and a member of the senior management team. Speaking on the development, Dildine said," Having worked in technology and finance for over 30 years, joining Sophos at this pivotal moment is exciting. The company’s achievements, including its dedication to innovating cybersecurity technology and supporting its partners, are impressive.” “I look forward to helping Joe accelerate growth and further establish Sophos as an industry leader.”

Joe Levy's Extensive Experience

Levy brings nearly 30 years of experience in cybersecurity product development and leadership to his new role. Over his nine-year tenure at Sophos, he has transformed the company from a product-only vendor into a global cybersecurity giant. This transformation includes the establishment of an incident response team and a managed detection and response (MDR) service that now defends over 21,000 organizations worldwide. Additionally, Levy created SophosAI and Sophos X-Ops, an operational threat intelligence unit that integrates over 500 cross-departmental cybersecurity operators and threat intelligence experts. This unit shares real-time and historical cyberattack data across all Sophos solutions, enhancing their ability to defend against persistent cyberattacks. Levy's extensive experience includes working with the channel, including managed security providers (MSPs), which began in the mid-1990s when he started his career as a cybersecurity practitioner and innovator at a value-added reseller.

Joe Levy Next Move: Expanding the Midmarket Base

As CEO, Levy aims to expand Sophos’ strong customer base in the midmarket, which includes nearly 600,000 customers worldwide and generates more than $1.2 billion in annual revenue. “When midmarket organizations – the global critical substrate – are paralyzed due to ransomware or other cyberattacks, the ripple effect impacts supply chains and slows our economy. Operations of all sizes suffer collateral damage when supply chain dependencies are attacked. This can be devastating in unpredictable ways due to the complexity of the modern global economy,” said Levy. Adding further, Levy said, “Our goal is to help more midmarket organizations – the estimated 99% below the cybersecurity poverty line – improve their detection and disruption of inevitable cyberattacks. We plan to achieve this by working with MSPs and channel partners who can scale with us using our innovative technologies and managed services. Cyberattacks on the midmarket can severely impact global functionality, and Sophos is committed to changing that.” Sophos has a unique opportunity to scale its business by helping organizations that require basic and advanced defenses against cyberattacks. These organizations, often smaller entities within critical infrastructure sectors, are just as vulnerable to cyber threats as major corporations. Sophos' Active Adversary report and 2024 Threat Report highlight that attackers frequently exploit exposed Remote Desktop Protocol (RDP) access at midmarket organizations for data theft, espionage, ransomware payoffs, or supply chain attacks.

Strategic Appointment of Jim Dildine as CFO

To support his leadership strategy, Levy has appointed Dildine as CFO. Dildine brings exceptional operational expertise and a strong background in channel partner-based cybersecurity business. He joins Sophos from Imperva, where he served as CFO for over four years. Before Imperva, Dildine was CFO for Symantec’s $2.5 billion enterprise security business unit and held key financial leadership roles at Blue Coat Systems. At Blue Coat, he oversaw significant growth, leading to a go-private transaction by Thoma Bravo, a sale to Bain Capital, and a subsequent sale to Symantec for $4.6 billion in 2016. He also managed the acquisition and integration of six security-focused companies valued at over $750 million. Chip Virnig, a partner at Thoma Bravo and a Sophos board member, expressed confidence in the new leadership team. “Thoma Bravo has worked with Joe through successful investments in SonicWall and Blue Coat Systems. His authentic leadership and impeccable reputation in the cybersecurity industry make him the ideal CEO for Sophos. We’re also excited to have Jim join as CFO. We’ve worked with Joe and Jim for over a decade and believe their combined expertise will drive Sophos to new heights," said Virnig.

A threat actor known as Desec0x has claimed to possess a database allegedly stolen from the State Grid Corporation of China (SGCC), offering it for sale on the nuovo BreachForums. In the post, Desec0x claimed a cyberattack on SGCC and stated to have gained access through a third-party network, allowing them to exfiltrate sensitive data. The threat actor claimed that multiple databases containing user account information, user details, department information, and roles were accessed. The employee information allegedly includes headers such as eID, username, phone number, email, employee number, username, and password. The database is allegedly available in SQL and XLSX formats for US$1,000.

Potential Implications of Cyberattack on SGCC

Established on December 29, 2002, SGCC is the largest utility company in the world and consistently ranks second on the Fortune Global 500 list. SGCC operates as a group with RMB 536.3 billion in registered capital and employs 1.72 million people. It provides power to over 1.1 billion people across 26 provinces, autonomous regions, and municipalities, covering 88% of China's national territory. Additionally, SGCC owns and operates overseas assets in countries such as the Philippines, Brazil, Portugal, Australia, and Italy. If the claims of the cyberattack on SGCC made by Desec0x are proven to be true, the implications could be far-reaching. The sensitive nature of the data allegedly stolen, including personal and departmental information of SGCC employees, could have serious consequences for the company and its stakeholders. However, upon accessing the official SGCC website, no signs of foul play were detected, and the website appeared to be functioning normally.

Global Context of Cyberattacks in the Energy Sector

The energy sector has been increasingly targeted by cyberattacks, often involving third-party data breaches. According to Security Intelligence, 90% of the world’s top energy companies suffered from third-party data breaches in 2023. Additionally, nearly 60% of cyberattacks in the energy sector are attributed to state-affiliated actors. In late 2023, 22 energy firms were targeted in a large-scale coordinated attack on Danish infrastructure. In April 2024, a group called Cyber Army Russia claimed responsibility for a cyberattack on Consol Energy, a prominent American energy company headquartered in Cecil Township, Pennsylvania. This cyberattack reportedly disrupted the company's website accessibility, causing issues for users outside the United States. In March 2024, a dark web actor was reportedly selling access to an Indonesian energy company, believed to be the same threat actor who targeted an American manufacturer. In 2023, a suspected cyberattack on Petro-Canada was officially confirmed. Suncor Energy, the holding company of Petro-Canada, acknowledged that an IT outage over the weekend was indeed a cyberattack. The company stated that it took immediate action upon discovering the attack, collaborating with third-party experts to investigate and address the situation. This incident caused significant disruptions to Petro-Canada's operations, affecting gas stations and preventing customers from accessing the Petro-Canada app and website. In the case of the State Grid Corporation of China, the claims made by Desec0x remain unverified until an official statement is released by SGCC. Without confirmation from the company, the alleged cyberattack on SGCC and data breach cannot be substantiated. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The popular Japanese video-sharing website Niconico has suspended its services due to a cyberattack, its operator announced. Taking to X, formerly known as Twitter, Niconico tweeted, “As of 10:45 on June 10th, various Niconico services are unavailable. We deeply apologize for the concern and inconvenience this may cause.” In a further update, Niconico informed users, “The cyberattacks are still ongoing, and it is difficult to report on future developments until safety is ensured. We will provide updates to the extent possible this evening.” Details regarding the extent of the data breach and what specific information may have been compromised are still under investigation. [caption id="attachment_76107" align="aligncenter" width="622"] Source: Niconico's X account[/caption] On June 8, the Niconico management team tweeted, “Niconico is currently undergoing a large-scale cyberattack and has temporarily suspended its services in order to minimize the impact.” Despite rapid investigation and countermeasures, they stated, “We cannot begin recovery efforts until we are confident that we have completely eliminated the effects of the cyberattack and ensured safety. There is no hope of recovery at least this weekend.” [caption id="attachment_76108" align="aligncenter" width="637"] Source: Niconico's X account[/caption] Niconico is one of Japan's largest video-sharing platforms, offering a wide variety of content from music and sports to various hobbies. It also features live streaming of programs, including press conferences by government officials. In addition to Niconico, its parent company Kadokawa's official website and its e-commerce site, Ebten, were also affected by possible unauthorized access, the publisher said on Sunday. “We are currently investigating and responding to the issue, and have confirmed that the impact has been felt on the Niconico service in general, the Kadokawa official site, and Ebten. We are also investigating whether any information was leaked,” Kadokawa stated. "We sincerely apologize for causing concern and inconvenience due to the issue affecting several websites of the Kadokawa Group since early Saturday morning," the Tokyo-based publisher added. [caption id="attachment_76111" align="aligncenter" width="699"] Source: Kadokawa's account[/caption]  

How Cyberattack on Niconico Happened

Beginning in the early hours of Saturday, June 8th, an issue arose that prevented access to multiple servers within the group. In response, Kadokawa immediately shut down the relevant servers to protect data. Based on the internal analysis and investigation conducted that same day, it was determined that there was a high possibility of a cyberattack. Kadokawa is investigating the impact of the attack, including "whether there have been leaks of information," and is cooperating with external experts and the police. Niconico, known for its diverse content and live-streaming capabilities, plays a crucial role in the digital landscape of Japan. The suspension of its services has undoubtedly caused widespread concern among its user base, which spans millions of people who rely on the platform for entertainment, information, and community engagement.

Concern Over Niconico Cyberattack

Users have taken to social media to express their support and concern. One user tweeted, “I’ll wait until it’s back. I can’t be of much help, but I’m rooting for you. Niconico saved my life. I can’t imagine life without it.” Another user wrote, “Thank you for your hard work. We will wait patiently, so please don’t push yourself too hard and be patient.” [caption id="attachment_76115" align="aligncenter" width="622"] Source: X[/caption] Some users speculated about the cyberattack on Niconico origins and motives, with one asking, “Do you know who carried out the cyber attack?😓” and another suggesting, “If the attacks are this relentless, it’s almost like they’re testing something...?” [caption id="attachment_76116" align="aligncenter" width="621"] Source: X[/caption] As the investigation of the Niconico cyberattack continues, users and stakeholders await further updates on the situation. The company’s priority remains ensuring the complete elimination of the threat and safeguarding the integrity of its data and services.

A threat actor (TA) has posted databases belonging to two prominent companies utilizing blockchain technology, The DFINITY Foundation and Cryptonary, on the Russian-language forum Exploit. The databases, if genuine, contain sensitive information of hundreds of thousands of users, allegedly exposing them to significant security risks. The threat actor's post on Exploit detailed the alleged data breaches at DFINITY and Cryptonary.

Details of Alleged Data Breaches at DFINITY and Cryptonary

For The DFINITY Foundation, the threat actor claimed to have over 246,000 user records with information fields including:

• Email Address
• First Name
• Last Name
• Birthday
• Member Rating
• Opt-in Time and IP
• Confirm Time and IP
• Latitude and Longitude
• Timezone, GMT offset, DST offset
• Country Code, Region
• Last Changed Date
• Leid, EUID
• Notes

For Cryptonary, the post advertised 103,000 user records containing:

• Email
• First Name
• Last Name
• Organization
• Title
• Phone Number
• Address
• City, State/Region, Country, Zip Code
• Historic Number of Orders
• Average Order Value
• User Topics

The prices quoted for these datasets were $9,500 for DFINITY's data and $3,500 for Cryptonary's data. The DFINITY Foundation is a Swiss-based not-for-profit organization known for its innovative approach to blockchain technology. It operates a web-speed, internet-scale public platform that enables smart contracts to serve interactive web content directly into browsers. This platform supports the development of decentralized applications (dapps), decentralized finance (DeFi) projects, open internet services, and enterprise systems capable of operating at hyper-scale. On the other hand, Cryptonary is a leading platform in the crypto tools and research space. It provides essential insights and analysis to help users navigate the complexities of the cryptocurrency market and capitalize on emerging opportunities. When The Cyber Express Team accessed the official website of The DFINITY Foundation, they found a message warning visitors about phishing scams on third-party job boards. The message read: “Recently, we've seen a marked increase in phishing scams on third-party job boards — where an individual impersonating a DFINITY team member persuades job-seekers to send confidential information and/or payment. As good practice, please continue to be vigilant regarding fraudulent messages or fake accounts impersonating DFINITY employees. If you need to confirm the legitimacy of a position, please reach out to recruiting@dfinity.org.” [caption id="attachment_75612" align="aligncenter" width="1024"] Source: Offical Website of The DFINITY Foundation[/caption] While this message serves as a caution regarding phishing scams, it is unclear whether it hints at a broader security issue or is merely a general warning. The DFINITY website and the Cryptonary website both appeared fully functional with no evident signs of compromise. The Cyber Express Team reached out to the officials of both companies for verification of the breach claims. However, as of the time of writing, no official response had been received, leaving the authenticity of the threat actor's claims unverified. Now whether this message is a hint that they are being attacked by a criminal or it's just a caution message, we can come to the conclusion they release any official statement regarding the same.

Implication of Cyberattack on Blockchain Technology

However, if the claims of the data breaches are proven true, the implications could be far-reaching for both The DFINITY Foundation and Cryptonary. The exposure of sensitive user data could lead to: Identity Theft and Fraud: Users whose personal information has been compromised could become victims of identity theft and fraud, leading to financial and personal repercussions. Reputational Damage: Both companies could suffer significant reputational harm. Trust is a critical component in the blockchain and cryptocurrency sectors, and a data breach could erode user confidence in their platforms. Legal and Regulatory Consequences: Depending on the jurisdictions affected, both companies might face legal actions and regulatory fines for failing to protect user data adequately. Operational Disruptions: Addressing the breach and enhancing security measures could divert resources and attention from other business operations, impacting overall performance and growth. While the claims remain unverified, the potential consequences highlight the importance of vigilance and proactive security strategies. The Cyber Express Team will continue to monitor the situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

First Priority Restoration (FPR), a prominent company in the disaster restoration industry, has reportedly been targeted by a ransomware attack claimed by the Cactus Ransomware group. Headquartered in Odessa, Florida, First Priority Restoration has been a leader in disaster restoration for decades. The company provides comprehensive restoration services following natural and man-made disasters, ensuring swift recovery and mitigation of damage for affected properties. While the ransomware group has not disclosed the specific details of the compromised data, the alleged cyberattack on First Priority Restoration could have significant implications for the company and its clients if proven true. [caption id="attachment_75588" align="aligncenter" width="1024"] Source: X[/caption]

What Will be The Implication of the FPR Cyberattack

Ransomware attacks typically involve the encryption of critical data, rendering it inaccessible to the affected organization. The cybercriminals then demand a ransom, usually in a cryptocurrency, in exchange for the decryption key. Failure to pay the ransom often leads to the publication or destruction of the stolen data. In this case, the ransomware attack on FPR could lead to substantial operational disruptions, financial losses, reputational damage, and potential legal and regulatory repercussions. Critical data may become inaccessible, hindering the company's ability to provide timely disaster restoration services. Additionally, the exposure of sensitive client information could result in identity theft and fraud. However, upon accessing the official website, no signs of foul play were detected, and the website was fully functional. To verify the claim further, The Cyber Express Team (TCE) reached out to FPR officials. However, as of this writing, no response or statement has been received, leaving the Cactus Ransomware claim about the FPR cyberattack unverified.

Cactus Ransomware Previous Cyberattacks Claims

The Cactus Ransomware group is a notorious cybercriminal organization known for its complex and targeted ransomware campaigns. Previously, the group claimed responsibility for the cyberattack on Petersen Health Care, which compromised the company’s digital infrastructure and exposed sensitive information. Petersen Health Care subsequently filed for bankruptcy, burdened by a staggering $295 million in debt. Another example is the Schneider Electric data breach, where the Cactus group claimed to have stolen 1.5 TB of personal documents, confidential agreements, and non-disclosure agreements. Ransomware attacks have become increasingly predominant, with cybercriminals continuously evolving their tactics to exploit vulnerabilities in organizations. In the first quarter of 2024 alone, 1,075 ransomware victims were posted on leak sites, despite the disruption of major ransomware groups like LockBit and ALPHV/BlackCat, which accounted for 22% and 8% of the activity, respectively. As cybercriminals continue to refine their tactics, organizations must remain vigilant and proactive in safeguarding their data and operations. For First Priority Restoration, TCE is closely monitoring the situation and will provide updates as soon as a response is received regarding the alleged FPR cyberattack. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Akira ransomware group allegedly targeted E-T-A Elektrotechnische Apparate GmbH, an organization located in Germany. The ransomware group claims to have stolen 24 gigabytes of sensitive material, including customer information, non-disclosure agreements (NDAs), financial records, and employee personal information. To substantiate these claims, the threat actor has attached a screenshot with all this information. E-T-A Elektrotechnische Apparate GmbH operates six production facilities and has a presence in 60 countries worldwide. The company’s product range includes a variety of electrical protection solutions essential to numerous industries. The company is renowned for manufacturing circuit breakers, electronic circuit protectors, and various other electronic components. Despite the ransomware group's claims, the company's official website appeared to be fully functional, and there were no signs of foul play. Further to verify Akira's cyberattack on E-T-A claims, The Cyber Express Team reached out to E-T-A Elektrotechnische Apparate GmbH for an official statement. As of the time of writing, no response has been received from the company. This leaves the ransomware claims unverified, with no confirmation or denial from E-T-A's officials.

Akira Ransomware: Previous Track Record

The Akira ransomware gang has arisen as a danger to small and medium-sized organizations (SMBs), mostly in Europe, North America, and Australia. The group uses advanced tactics to infiltrate systems, frequently acquiring illegal access to a company's virtual private networks (VPNs). Sophos X-Ops research shows that Akira often uses compromised login credentials or exploits weaknesses in VPN technologies such as Cisco ASA SSL VPN or Cisco AnyConnect. Recently, in May 2024, Akira targeted Western Dovetail, a well-known woodworking shop. In April 2024, Akira was identified as the gang responsible for a series of cyberattacks against businesses and key infrastructure in North America, Europe, and Australia. According to the US Federal Bureau of Investigation (FBI), Akira has hacked over 250 firms since March 2023, collecting roughly $42 million in ransom payments. Initially, Akira's attacks targeted Windows systems. However, the gang has since broadened its tactics to include Linux computers, causing anxiety among international cybersecurity agencies. These cyberattacks show Akira's strategy of targeting a wide range of industries and businesses of all sizes, frequently resulting in major operational interruptions and financial losses. As it stands, the Akira ransomware group's claims against E-T-A Cyberattack are unsubstantiated. The lack of an official response from the company creates a vacuum in the confirmation of these claims. While the company's website is still operational, signaling no immediate disruption, a data breach might have serious consequences, compromising client confidentiality, financial integrity, and employee privacy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Advance Auto Parts, Inc., a significant provider of automobile aftermarket components, has allegedly suffered a massive data breach. A threat actor going by the handle "Sp1d3r" claimed Advance Auto Parts data breach. The threat actor further claims to have stolen three terabytes of data from the company's Snowflake cloud storage. The stolen information is allegedly being sold for US$1.5 million. According to the threat actor, Sp1d3r, post the stolen data includes:

• 380 million customer profiles, containing names, emails, mobile numbers, phone numbers, addresses, and more.
• 44 million Loyalty/Gas card numbers, along with customer details.
• Information on 358,000 employees, though the company currently employs around 68,000 people. This discrepancy suggests the data might include records of former employees.
• Auto parts and part numbers.
• 140 million customer orders.
• Sales history
• Employment candidate information, including Social Security numbers, driver's license numbers, and demographic details.
• Transaction tender details.
• Over 200 tables of various data.

The threat actor has specified that a middleman is required to facilitate the sale of the stolen data, and no dealings will be conducted via Telegram. Furthermore, what’s worth noting is that in its post, the threat actor claimed to sell the stolen information of 358,000 employees, despite the fact that the organization now employs approximately 68,000 people. The disparity could be due to old data from former employees and associates. [caption id="attachment_75319" align="aligncenter" width="815"] Source: X[/caption] [caption id="attachment_75320" align="aligncenter" width="346"] Source: X[/caption] To find answers to these doubts and verify the threat actor's claims, The Cyber Express Team reached out to the officials to verify the breach, however, as of writing this news report no response has been received. Therefore, the confirmation or denial of these claims has yet to be verified. Advance Auto Parts operates 4,777 stores and 320 Worldpac branches primarily within the United States, with additional locations in Canada, Puerto Rico, and the U.S. Virgin Islands. The company also serves 1,152 independently owned Carquest branded stores across these locations, as well as in Mexico and various Caribbean islands.

Advance Auto Parts Data Breach: Linked to Snowflake Cyberattacks

The Advance Auto Parts data breach is part of a recent series of attacks targeting customers of Snowflake, a cloud storage company. These attacks have been ongoing since at least mid-April 2024. Snowflake acknowledged the issue in a statement, informing a limited number of customers who they believe may have been impacted by the attacks. However, Snowflake did not provide specific details about the nature of the cyberattacks or confirm if data had been stolen from customer accounts. This incident follows another significant breach involving Live Nation, the parent company of Ticketmaster. Hackers claimed to have stolen personal details of 560 million customers, and the stolen data was hosted on Snowflake's cloud storage. Live Nation disclosed this breach in a filing to the U.S. Securities and Exchange Commission (SEC), revealing that a criminal actor had offered the company's user data for sale on the dark web. In response to the breach, Snowflake and third-party cybersecurity experts, CrowdStrike and Mandiant, issued a joint statement regarding their ongoing investigation into the targeted threat campaign against some Snowflake customer accounts. They are working diligently to understand the extent of the breach and mitigate its impact. Screenshots shared by the threat actor indicate that the leaked data contains numerous references to 'SNOWFLAKE,' supporting the claim that it was stolen during the recent Snowflake data theft attacks. The full extent of the data breach and its implications for Advance Auto Parts and other companies using Snowflake remains to be seen. With Snowflake's large client base and the significant volume of data they manage, the repercussions could be widespread. Only time will tell how many more companies will disclose their data breaches linked to the recent Snowflake attacks. In the meantime, affected customers and employees are advised to monitor their personal information closely and take necessary precautions to protect their data. Companies utilizing Snowflake's services should stay vigilant and follow cybersecurity best practices to safeguard their data against potential threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A Chinese research team identified a severe security flaw in the design of RISC-V processors, posing a threat to China's expanding domestic semiconductor/Chip sector. This flaw in the design of RISC-V processors enables cyber attackers to bypass modern processors' security measures without administrative rights. This leads to the possible theft of sensitive information and breaches of personal privacy. RISC-V is an open-source standard used in advanced chips and semiconductors. Unlike mainstream CPU architectures like Intel's and AMD's X86, RISC-V offers free access and can be modified without restriction. The vulnerability was discovered in RISC-V's SonicBOOM open-source code and confirmed by Professor Hu Wei's team at Northwestern Polytechnical University (NPU), a major defense research institute in Shaanxi. On April 24, the Chinese research team, which specializes in hardware design security, vulnerability detection, and cryptographic application safety, reported the issue to China's National Computer Network Emergency Response Technical Team/Coordination Centre (CNCERT). Later, in an official statement, additional details were revealed by NPU on May 24. This openness has made it a critical component of China's strategy to circumvent US-imposed chip bans and achieve semiconductor independence.

US-imposed chip bans: What It Is?

Since 2022, US officials have set broad restrictions on which computing processors can be supplied to China, reducing shipments of Nvidia (NVDA.O), Advanced Micro Devices (AMD.O), and Intel (INTC.O), among others. These restrictions mirrored previous limits on semiconductor shipment to Huawei Technologies (HWT.UL). However, U.S. officials have granted licenses to at least two US companies, Intel and Qualcomm (QCOM.O), to continue shipping chips to Huawei, which is using an Intel chip to power a new laptop model.

Why is This Vulnerability a Trouble For China?

The vulnerability's discovery is particularly troubling for China, which has been relying heavily on RISC-V to develop its CPUs. By the end of 2022, over 50 different versions of locally produced RISC-V chips were mass-produced in China, primarily for embedded applications such as industrial controls, power management, wireless connectivity, storage control, and the Internet of Things. Recent developments have seen RISC-V expanding into more demanding applications, including industrial control, autonomous driving, artificial intelligence, telecommunications, and data centers. RISC-V processors have gained popularity due to their simplicity, modularity, scalability, and the rapid evolution of the architecture since its inception.

Discovery of RISC-V

RISC-V was developed in 2010 by Professor David Patterson at the University of California, Berkeley, who also designed RISC-I in 1980. Despite its advantages, the newly discovered flaw in RISC-V could undermine its reliability and security, potentially impacting its adoption and use in critical applications. This discovery is part of China’s national key research and development program in processor hardware security, initiated in 2021. The program, carried out by CNCERT, Tsinghua University, NPU, and the Institute of Microelectronics of the Chinese Academy of Sciences, focuses on the research and detection of hardware vulnerabilities. The CNCERT report emphasized that processor-related vulnerability mining is highly challenging, with the number of RISC-V processor vulnerabilities in global libraries being significantly lower than software and firmware vulnerabilities.

NPU Role

NPU's participation in discovering this weakness demonstrates its status as a pioneer in China's information security education and research, which aligns with the country's strategic needs. NPU developed its "information confrontation" undergraduate program in 2000, which was later renamed "information security" in 2009. In 2011, it established the National Institute of Confidentiality, which added "secrecy" to the curriculum. In 2018, the university expanded its cybersecurity focus by founding the School of Cybersecurity. This vulnerability influences China, affecting global technology corporations and the semiconductor industry. As China pursues semiconductor independence, addressing and mitigating such vulnerabilities will be critical to guarantee the security and dependability of its domestic chip industry.

The American Radio Relay League (ARRL), the national body for amateur radio in the United States, has provided additional information concerning the May 2024 cyber incident. The ARRL cyberattack pulled its Logbook of the World (LoTW) down, leaving many members upset with the organization's perceived lack of information. According to the latest update from ARRL, on or around May 12, 2024, the company experienced a network attack by a malicious international cyber group. Upon discovering the ARRL cyberattack, the organization immediately involved the FBI and joined third-party experts to assist with the investigation and remediation efforts. The FBI categorized the ARRL cyberattack as "unique," due to its nature, compromising network devices, servers, cloud-based systems, and PCs. ARRL's management quickly set up an incident response team to contain the damage, restore servers, and test applications to ensure proper operation. In a statement, ARRL emphasized its commitment to resolving the issue: "Thank you for your patience and understanding as our staff continue to work through this with an outstanding team of experts to restore full functionality to our systems and services. We will continue to update members as advised and to the extent we are able."

ARRL Cyberattack: Lack of Information

Despite ARRL's efforts, many members felt that the company was not forthcoming enough with information. A Facebook user posted a lengthy note criticizing ARRL's communication strategy. The Facebook user post read, "We still don’t know what they haven’t told us and maybe it is important, maybe not. The point is very clear that the communication to the membership about the incident is very unprofessional and limited in its scope. Nobody needed critical details, they needed to be treated like they are members of an organization, not subjects to the king." [caption id="attachment_74996" align="aligncenter" width="1015"] Source: Facebook[/caption] The Facebook user pointed out several gaps in ARRL cyberattack updates, such as the absence of information about the phone systems being down and the lack of a communication path for interim assistance.

Timeline of ARRL Cyberattack Updates and Service Restoration

May 17, 2024: ARRL assured members that their personal information, such as credit card numbers and social security numbers, was not stored on their systems. The organization only holds publicly available information like names, addresses, and call signs. However, there was still no mention of the phone systems being down or alternative communication paths for assistance. May 22, 2024: ARRL provided an update stating that the LoTW data was secure and not affected by the server issue. They also mentioned the upcoming July issue of QST magazine, which would be delayed for print subscribers but on time digitally. Yet again, there was no mention of the phone systems or email service disruptions. May 29, 2024: The ARRL Volunteer Examiner Coordinator resumed processing Amateur Radio License applications with the FCC. Voice bulletins at W1AW, the Hiram Percy Maxim Memorial Station, also resumed. ARRL's store orders resumed shipping, and the e-newsletter services were back online. Finally, the organization acknowledged the phone system outage. May 31, 2024: ARRL announced that their phone system was back in service, and provided contact information for members. They also shared details about upcoming contests and magazine issues, including limited functionality of the Contest Portal. Members were reminded that they could renew their memberships online or by phone.

Ongoing Communication Issues

Despite these updates on ARRL cyberattack, members continued to express dissatisfaction with ARRL's handling of the situation. The Facebook post that critiqued ARRL's communication was particularly poignant, summarizing the frustration felt by many. While ARRL has taken significant steps to address the data breach and reassure its members, there is a clear need for more consistent and detailed communication moving forward.