Cyber Weekly Digest - Week #48

Updated: Dec 4, 2020

This week has been filled with high-profile cyber security stories including cyber-attacks on Manchester United football club, Spotify and a Danish news agency. Also, with the start of the holiday season, we are going to see cyber criminals getting festive with their attacks. Keep reading to hear about the latest and biggest cyber security stories.

The largest independent news agency in Denmark, Ritzau, announced it had been affected by a ransomware attack.

Ritzau is the largest independent news agency in Denmark, and they announced on Tuesday that their network was hit by a ransomware attack on Tuesday morning. The attack has meant that the editorial systems have been shut now and therefore cannot broadcast it's news as it regularly would. Instead, Ritzau is using an emergency system to broadcast its news. The CEO announced that it will not pay the ransom, which is demanded by the attackers. There is a lot of confusion around whether companies should pay their ransom demand in exchange for their data. However, Ritzau is acting on guidance from their advisors.

Over 300K Spotify accounts are believed to be affected by a credential stuffing attack.

One of the biggest stories this week is regarding a credential stuffing attack associated with Spotify. For a while now some Spotify users have been complaining about suspicious activity on their account including password changes, new playlists on their profiles and even strangers added to family accounts from other countries. It has been revealed in a recent report that this activity may have occurred due to a credential stuffing attack. A database was found exposed online, which contained 300 million usernames and password combinations which would allow someone to successfully log into a Spotify account. In response Spotify initiated a "rolling reset" of passwords for all users affected, making the exposed database useless.

The football club Manchester United was hit by a cy