Every month, we witness a significant rise in data breaches, underscoring the increasing importance of robust cybersecurity measures. At Strobes, we meticulously track these security events to provide comprehensive insights and analyses. In this blog, we focus on the key breaches of July 2024, offering an in-depth examination of the types of data compromised and the number of individuals affected. We will explore the emerging trends from these incidents, identify common vulnerabilities, and provide actionable advice on how to protect your data. By understanding these breaches, you can better safeguard your information and enhance your organization’s overall security posture. Let’s dive in.
1. Data Breach at Sharp Corp
Date: 30/7/2024, Source: The Asahi Shimbun
Sharp Corp. announced that unauthorized access to two of its online services potentially compromised personal information of over 100,000 customers. While no illegal use of the information has been detected, there is a possibility that credit card details were leaked. The breach affected 203 individuals who placed orders at Sharp’s Cocoro Store or Healsio Deli food delivery service between June 23 and 30. Additionally, around 26,000 users who logged into the Cocoro Store or placed orders between July 19 and 22 may have been forced to install a computer virus, compromising their credit card information. Furthermore, 75,000 individuals may have installed the virus when visiting the store during the same period. Sharp suspended both websites on July 22 and began notifying users on July 29, advising them to scan for viruses and change their passwords.
2. XDSpy Targets Russia, Moldova in Cyberespionage Campaign
Date: 30/7/2024, Source: The Record
A cyberespionage group named XDSpy has been targeting victims in Russia and Moldova with a new malware variant. In a recent campaign, suspected to be state-sponsored, the group sent phishing emails to a Russian tech company and an organization in Transnistria, a Russian-controlled region in Moldova. The emails contained a link to an archive with a legitimate executable file, enabling the attackers to execute malicious code stealthily.
The Russian cybersecurity firm F.A.C.C.T. discovered these attacks and identified a new tool used by the hackers, called XDSpy.DSDownloader. It is unclear if the attacks resulted in data theft.
3. ServiceNow Flaws Lead to Data Breaches
Date: 30/7/2024, Source: CSO
Multiple critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) have been discovered in the ServiceNow IT service management platform. These flaws have been actively exploited by threat actors to steal sensitive data from over 105 organizations, including government agencies and critical infrastructure providers.
The vulnerabilities allow unauthenticated attackers to execute malicious code, leading to data exfiltration and potential system compromise. Stolen data, including email addresses, hashed passwords, and other sensitive information, is being sold on the dark web.
This attack highlights the urgent need for organizations to prioritize patch management and implement robust security measures to protect against similar attacks.
Date: 19/7/2024, Source: The Register
4. WazirX Suffers Major Crypto Theft
Date: 19/7/2024, Source: The Register
Indian cryptocurrency exchange WazirX experienced a significant security breach resulting in the loss of over $230 million in digital assets. The theft was executed by exploiting a vulnerability in the exchange’s multi-signature wallet system, bypassing multiple layers of security.
The attack is believed to be orchestrated by a North Korean cybercrime group, known for targeting cryptocurrency exchanges to fund its illicit activities. Blockchain analysis firms have confirmed the movement of stolen funds and identified the attacker’s attempts to launder the proceeds.
The incident highlights the ongoing challenges faced by the cryptocurrency industry in safeguarding digital assets. It also underscores the need for robust security measures, including advanced wallet protection and stringent compliance with anti-money laundering regulations.
5. S-400 Secrets Leaked in Cyberattack
Date: 31/7/2024, Source: India Sentinel
A data breach involving sensitive information about India’s S-400 missile-defense systems has raised national security concerns. The breach originated from hacked emails of Russian military officials and revealed the specific configuration of the advanced weapon system that India purchased from Russia.
The Ukrainian hacker group CyberResistance, in collaboration with the international intelligence community InformNapalm, released the data under the name “BaumankaLeaks.” Indian defense and intelligence agencies are now assessing the damage and implementing measures to mitigate risks.
Final Words
From Microsoft’s service outage due to a cyber-attack to the exposure of India’s S-400 missile defense secrets, these incidents serve as a stark reminder of the critical need for robust cybersecurity measures. At Strobes we do continuous threat exposure management, it helps to identify end-to-end vulnerabilities and secure your data from real time cyber attacks. Protect your business and clients’ trust with strobes. Contact us today!