June was a month on par with many others this year, with around 80 major incidents resulting in the breach of millions of individual records. June say just shy of 35,000,000 records compromised through the full range of attacks.
UK’s biggest social housing provider Clarion confirmed it was the victim of a cyber attack
Social housing provider Clarion Housing, one of the biggest operators in Europe, suffered a major breach, taking their IT systems offline. They initially contacted residents confirming the breach, and issued a statement to say that it was too early to tell if any personal data had been compromised, however after several weeks, systems remained offline and residents had received no further updates. The breach has left hundreds of residents unable to pay their rent or contact them for repairs, and many of the residents are expressing fears that personal financial information and bank details may have been compromised. As per the latest update, Clarion continues to work with its cybersecurity partners to resolve the issues.
Yodel becomes cyberattack victim
Towards the end of June, delivery service Yodel reported disruption to service due to a “cyber incident” and confirmed that the teams were “working around the clock” to get systems back up and running. It appears that the attack has not impacted the service, but has impacted the tracking, leaving many disgruntled customers. A spokesperson for Yodel stated: “As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can and have engaged with all relevant authorities. Yodel would like to sincerely apologise to their clients and their customers for any disruption this incident may have caused, and reassure them that the team are working around the clock to resolve this incident.”
NHS Scam COVID-19 texts still doing the rounds
The NHS has issued a warning about scam texts about COVID-19 that are suggesting people have been in close contact with a COVID case, and suggesting that individuals order testing kits. The purpose of the texts seem to be attempts to harvest financial and personal data, and the NHS is reminding people to be vigilant. See the texts for yourself +
Apetito/Wiltshire Farm Foods hit by cyberattack
Ready-meal producers Apetito and its consumer brand Wiltshire Farm Foods, had its IT systems taken offline by a cyberattack, affecting deliveries from both companies. The brands, which supply thousands of ready-meals, including many to hospitals, confirmed that deliveries and production were affected, but no credit card details had been stolen. The breach resulted in many delayed or missed deliveries as the company tried to switch to a manual process temporarily.
Microsoft releases workaround for Follina vulnerability, ahead of developing a security patch
At the end of May, Microsoft notified users of its system, of the Follina zero-day vulnerability which enables exploitation of a vulnerability in the Microsoft Support Diagnostic Tool (MSDT). In June, it released a workaround to switch off the application while a security patch was prepared, which was ultimately deployed early July. Microsoft is now advising users to run the update.
British banks warn of uplift in loan fee fraud
Victims of a loan fee fraud are reportedly losing an average of £231, as banks see more than a 90% surge in victims. The “advance fee” fraud sees predators pose as legitimate firms offering loans, but request victims to pay an upfront fee to access the money. The surge in victims come as the cost of living crisis begins to bite, with people seeking sources of fast cash to cover costs.
Hiscox Cyber Readiness report 2022
Business size no longer matters when it comes to cyberattacks. According to the Hiscox Cyber Readiness Report 2022, businesses with annual revenues between $100,000 (£79,468) and $500,000 (£397,340) can now expect as many cyber attacks as those earning between $1m (£794k) and $9m (£7.1m).
Lithuania becomes the latest state victim of Russian hackers
Russian hacking group Killnet added Lithuania to its list of state targets, attacking private and state websites. The Tax Authority confirmed that it had halted its activities in response to a higher than normal number of requests to its website, but confirmed that all data was safe. The attacks come response to Lithuania’s cease of the transit of some goods to Russia’s Kaliningrad exclave, under European Union sanctions.
Costa Rica has its public health agency hit by an attack
All of the computer systems of the Costa Rican Costa Rican Social Security Fund were taken offline by the Hive ransomware. There are 30 known victims of Hive ransomware (counting only those that refused to pay the ransom), and the attack prompted printers to start printing gibberish. The team is now working to restore systems as fast as possible.
Pegasus Airline compromises employee data through poor security
Pegasus airline compromised more than 23 million employee records, after leaving a misconfigured ‘bucket’ on Amazon’s cloud service AWS. This created a vulnerability in software developed by Pegasus, leaving 6.5 terabytes of data exposed online.