Updated: Jul 15
In this week’s Cyber Weekly Digest we delve into some of the latest cyber security news including cyber attacks on publishing giant Macmillan and IT services provider SHI. Keep reading to stay up to date on the biggest cyber security stories from across the work.
Publishing giant Macmillan has disabled its network and office connections to recover from a security incident that is likely to be a ransomware attack. It is currently unclear what ransomware gang was behind the attack and if any sensitive data was stolen. If data was held as ransom and not paid, it is very likely that there will be a ransomware operation that publishes the stolen data in the next few weeks. Macmillan editors have been somewhat untransparent about the incident, however, they are starting to reenable core systems in their network.
Multiple booking websites’ servers have been seized by The Privacy Protection Authority in Israel after their operators failed to address critical security issues that enabled attackers to breach the data of more than 300,000 individuals. At least 10 websites managed by Gol Tours LTD in Israel were shut down. The Privacy Protection Authority confirmed the cyber-attack, and it is believed that an Iranian threat actor, called Sharp Boys, is responsible. The Sharp Boys threat group claimed the attack in June and leaked 300,000 records of customer data a few days later. The group also shared a screenshot from a remote desktop connection showing that they had access to more than two dozen domains allegedly owned by Gol Tours.
“SessionManager” is being used against NGOs, government, military and industrial organisations in Africa, South America, Asia, Europe, Russia, and the Middle East, from at least March 2021. Developed in C++, SessionManager is a malicious native-code IIS module loaded by some IIS applications, to process legitimate HTTP requests that are sent to the server. SessionManager has the capabilities to do remote code execution and connect to arbitrary network endpoints that the infected server is connected to, as well as reading and writing in such connections.
New Jersey-based IT products and services provider, SHI, has confirmed that their network was hit with a malware attack over the weekend. SHI claims to be one of North America’s largest IT solutions providers with 5000 employees and $12.3 billion in revenue in 2021. They also have operations around the world in USA, UK, and the Netherlands. The company stated that they are currently working with federal bodies including the FBI and CISA. They claim that there is no evidence to suggest that customer data was exfiltrated during the attack.