The biggest cyber attacks and vulnerabilities of May 2024

Insights and trends from recent cyber threats and vulnerabilities from May.

Arjun Pednekar, Technical Director, Cognisys

Arjun Pednekar

3rd June 2024

Welcome to our monthly cyber security update. In this edition, we delve into some of the most significant incidents that have unfolded in the past month, shedding light on their implications and the lessons they offer.

Here are the biggest cyber attacks and breaches from May that have made an impact on social media:

1. Ticketmaster security breach

Ticketmaster, a renowned ticket sales and distribution company, has confirmed a security breach of unprecedented scale, potentially impacting a staggering 560 million users. The malefactors behind this incident reportedly sell a massive 1.3TB of stolen customer data, a volume that is hard to comprehend. This data encompasses a wide range of personal information, including names, addresses, emails, phone numbers, and even the last four digits of card numbers, along with their expiry dates. The breach also exposed detailed ticketing order information. The sheer scale and depth of this breach should serve as a wake-up call, underscoring the need for robust cyber security measures.

2. Okta’s warning on credential stuffing attacks

In other news, Okta, a leading identity and access management provider, has warned about credential stuffing attacks targeting its cross-origin authentication feature. For those unfamiliar, credential stuffing is a type of cyber attack where stolen login credentials are used to gain unauthorised access to user accounts. This alert was directed explicitly at customers using their cross-origin authentication feature in the Customer Identity Cloud (CIC). The company noticed attackers exploiting this feature to perform credential-stuffing attacks. For the uninitiated, Cross-Origin Resource Sharing (CORS) is a feature that allows a web page to make a web request to a different domain, a process typically forbidden by web browsers’ same-origin security policy.

3. Snowflake incident involving stolen credentials

Snowflake is an American data cloud company widely used by thousands of companies for data storage, management, and analysis. A threat actor reportedly used stolen credentials to sign into a Snowflake employee’s ServiceNow account, effectively bypassing Okta. The stolen credentials are believed to have originated from an Infostealer downloaded to the same Snowflake employee’s account in October 2023. After gaining initial access, the threat actor could access refresh tokens from Okta, thereby maintaining

4. Hugging Face Spaces platform breach

Hugging Face, a leading AI platform recently announced a security breach on its Spaces platform. The breach allowed unauthorised access to authentication secrets for its members. Hugging Face Spaces is a repository of AI apps created and submitted by the community’s users, allowing other members to demo them. The company detected unauthorised access to its Spaces platform, which was related explicitly to Spaces secrets, and suspects that a subset of Spaces’ secrets could have been accessed without authorisation.

5. BBC data security incident

The BBC confirmed a data security incident that put 25,000 current and former employees at risk. The breach compromised the information of its BBC pension scheme members. Threat actors copied files containing their members’ personal information from a cloud-based storage service. The affected data includes names, national insurance numbers, dates of birth, gender, and home addresses. However, the BBC noted that the breach did not include information such as telephone numbers, email addresses, bank details, financial information, and usernames and passwords.

Two cyber security consultants reviewing information on a computer screen, discussing recent cyber attacks and vulnerabilities.

6. Verizon’s 2024 data breach investigations report (DBIR)

Verizon’s 2024 DBIR highlighted the significant role of human risk factors in data breaches. It found that 68% of all breaches in 2023 involved a non-malicious human element. Despite the widespread implementation of cyber security awareness training in organisations, human errors persist, such as clicking on malicious links in phishing emails. The report suggests that exercise more than is needed to address this issue, especially as the human involved is often not at fault. This realisation has led to the development of the concept of human risk management (HRM). HRM acknowledges that human error will occur but proactively identifies risks for individual employees, enabling targeted interventions to be made.

7. Check Point Research’s Foxit PDF exploitation

Check Point Research has identified an unusual pattern of PDF exploitation targeting Foxit Reader users. The exploit triggers security warnings that could mislead users into executing harmful commands. The low detection rate is due to the widespread use of Adobe Reader, which is not susceptible to this specific exploit. Various exploit builders have been observed, and multiple threat actors have used the exploit for e-crime and espionage.

8. MoD contractor breach

A breach involving an MoD contractor, Shared Services Connected Ltd (SSCL), was recently uncovered. The IT company failed to report a breach that accessed the data of hundreds of thousands of MoD staff for months. The UK defence secretary informed MPs that a malign actor had breached SSCL and that “state involvement” could not be ruled out. Payroll records of about 270,000 current and former military personnel, including their home addresses, had been accessed. The incident highlights the impact of cyber attacks on critical infrastructure and the need for robust cybersecurity measures.

9. Checkpoint’s 2024 Cloud Security Report

Checkpoint’s 2024 Cloud Security Report highlights the increasing prevalence of cyber attacks and security breaches. Current defensive strategies have proven insufficient, with statistics indicating that 61% of organisations have experienced a cloud security incident this year, with 21% resulting in data breaches. Only a mere 4% of organisations can swiftly and effortlessly mitigate risks.

10. Dell breach of 49 million customers

Dell has issued a data breach warning after a threat actor claimed to have acquired data for approximately 49 million customers. The breach pertains to a Dell portal housing customer information associated with purchases. An official Dell data breach notification disclosed that the company is actively investigating an incident involving the compromised portal, containing a database with limited types of customer information linked to Dell purchases. The breach was facilitated by the brute-forcing of an online partner portal by the threat actor, who subsequently registered multiple accounts, all approved within 48 hours. Subsequently, the threat actor generated random service tags by exploiting a discernible pattern.

Conclusion

As we reflect on the past month’s events, it’s evident that the cyber security landscape continues to face multifaceted challenges, from large-scale data breaches to critical vulnerabilities in widely used applications. The need for proactive risk management, robust authentication mechanisms, and enhanced data protection measures has never been more pronounced.

Organisations and individuals alike must remain vigilant and proactive in addressing the evolving cyber security threats to safeguard sensitive information and maintain a secure digital environment. Stay tuned for more updates and insights as we navigate the dynamic world of cyber security. Remember, staying informed and proactive is vital to ensuring a secure digital environment for all.

Stay safe and secure!

If you are concerned about threats to your IT estate, get in touch and one of our cyber experts can discuss how we protect your business.

Subscribe to receive the latest cyber insights

RECENT UPDATES

Understanding internal vs. external penetration testing: which is best for your business?

TIPS

Understanding internal vs. external penetration testing: which is best for your business?

In this blog, we will help you understand the differences between internal and external penetration testing and how to choose the best approach for your industry.

Overview of Pulsar Group's platform

CASE STUDY

Friendly people, unfriendly projects: Pulsar Group’s pen testing journey

Learn how Cognisys’ penetration testing services and SmartView portal helped Pulsar Group manage their security assessments more efficiently.

EarthID team celebrating with an award for their cyber security achievements

CASE STUDY

Enabling EarthID to achieve highest standard of cyber security

Learn how EarthID’s identity platform became secure with our penetration testing services.