company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Espionage

GhostSpider

loading..
loading..
loading..

Earth Estries Hackers Backdoor Telecoms with New GhostSpider Malware

Earth Estries hackers exploit GhostSpider malware to backdoor telecoms globally, compromising critical infrastructure and government networks

29-Nov-2024
7 min read

Related Articles

loading..

Data Security

Signzy

Signzy, an online ID verification company, has confirmed a cybersecurity inciden...

Signzy, a vendor providing verification services, confirmed a security incident that has impacted its global clientele, including major banks and fintech companies. The startup, which onboarded over 10 million customers monthly, faced a cyberattack, raising concerns about data safety. Signzy confirmed the incident without providing details on its nature or scope, citing an ongoing investigation and security reasons. This news comes amid rising concerns over cybersecurity for financial institutions, given that Signzy works with over 600 financial entities, including India's largest banks. ## **Details of the Security Incident** Multiple sources, including two major Signzy clients—PayU and ICICI Bank—informed [TechCrunch](https://techcrunch.com/2024/12/02/indian-online-id-verification-firm-signzy-confirms-security-incident/) that Signzy fell victim to a cyberattack last week. The incident involved sensitive customer data, including personal identification details and financial records, potentially being exposed, as seen in a cybercrime forum post. India’s Computer Emergency Response Team (CERT-In) acknowledged awareness of the incident and mentioned it was actively managing the situation by monitoring affected systems, providing guidance, and coordinating with other agencies. PayU, one of Signzy’s clients, clarified that it suffered no impact from the attack, likely due to its independent security measures and lack of direct data integration with Signzy's affected systems. _"There is no impact on PayU customers or their data due to Signzy's [information](https://www.upguard.com/security-report/signzy) stealer malware,"_ stated Dimple Mehta, a PayU spokesperson. Similarly, ICICI Bank confirmed that their customer data remained unaffected. ## **Uncertain Impact on Customers** Concerns linger as to the full impact on Signzy’s other customers, which include top financial institutions such as SBI, Mswipe, and Aditya Birla Financial Services, potentially facing data theft or service disruptions. The firm has engaged a professional cybersecurity agency to investigate the breach, but has yet to disclose whether any customer data had been compromised. Debdoot Majumder, a spokesperson for Signzy, stated that the startup had informed its clients, regulators, and stakeholders of the measures being taken and provided a timeline of the investigation. However, when asked if the company had engaged with the Reserve Bank of India (RBI), Signzy confirmed no such communication had taken place. The RBI did not respond to requests for comment. ## **Rising Concerns Over Data Security** The incident highlights the increasing threat that cyberattacks pose to financial infrastructure, with cybercrime-related financial losses reaching $4.2 billion globally in 2023, according to industry reports. With over 600 clients, Signzy is a major player in the identity verification ecosystem, providing services across multiple industries. The potential exposure raises significant concerns, especially given the critical nature of ID verification for preventing fraud and financial crimes. Experts warn that financial institutions must enhance cybersecurity as they increasingly rely on digital onboarding, such as implementing multi-factor authentication, conducting regular security audits, and training employees on phishing prevention. The involvement of information-stealer malware suggests a targeted attack, making it imperative for other stakeholders in the financial sector to assess their security postures by updating software, conducting vulnerability tests, and ensuring timely patch management. ## **Signzy's Action Plan** Signzy has stated that it is cooperating with authorities and has retained cybersecurity professionals to address the incident, including conducting forensic analysis, securing affected systems, and implementing additional safeguards to prevent future breaches. Backed by investors such as Mastercard, Vertex Ventures, Kalaari Capital, and Gaja Capital, the company is under pressure to ensure that its internal security framework is resilient enough to protect its users. As part of the ongoing investigation, Signzy's leadership is expected to provide more details regarding how the incident occurred, what data might have been affected, and steps to prevent similar breaches. Investors and clients will be watching closely for updates, particularly given the growth in reliance on digital identity solutions.

loading..   03-Dec-2024
loading..   4 min read
loading..

Salt Typhoon

T-Mobile halts a Chinese state-sponsored cyberattack by Salt Typhoon, safeguardi...

T-Mobile recently disclosed a security breach involving the Chinese state-sponsored hacking group referred to as "Salt Typhoon", also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286. While the hackers exploited vulnerabilities in the company's network routers, T-Mobile's defensive measures reportedly mitigated further damage, securing sensitive customer information. ### Key Incident Details - 1. Initial Compromise: Salt Typhoon accessed T-Mobile's network via routers, likely as part of lateral movement efforts to explore network vulnerabilities. The attack originated from a compromised wireline provider's network, underscoring the risks posed by interconnected systems. - 2. Detection and Response: The breach was identified when T-Mobile engineers observed unusual reconnaissance commands on routers, correlating with known Salt Typhoon tactics and indicators of compromise. Proactive monitoring and network segmentation enabled T-Mobile to block the threat actors before sensitive data was compromised or services disrupted. - 3. Extent of Damage: T-Mobile has confirmed that no customer data, including calls, messages, or voicemails, were accessed or stolen. Connectivity with the compromised provider's network was severed, effectively containing the attack. - 4. Collaboration and Transparency: T-Mobile shared findings with federal authorities and industry partners, emphasizing a collaborative approach to tackling cyber threats. ### Broader Implications of Salt Typhoon Activities This breach is part of a larger wave of telecom attacks attributed to Salt Typhoon, targeting critical infrastructure in Southeast Asia, the United States, and Canada: #### Targeted Entities: Telecom providers, including AT&T, Verizon, and Lumen Technologies, alongside government agencies and political institutions. Attacks extended to private communications, law enforcement data, and wiretapping platforms, reflecting a focus on espionage and intelligence collection. #### Duration and Impact: In some cases, breaches persisted for months or longer, allowing hackers to exfiltrate extensive internet traffic and sensitive data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI confirmed that attackers accessed sensitive communications involving government officials. #### Geopolitical Context: Canada's disclosure of network scans linked to Chinese threat actors highlights the global scale of such campaigns, which align with China's broader cyber-espionage strategy. ### Additional Insights: Connections with Volt Typhoon Though not directly linked to Salt Typhoon, the Chinese Volt Typhoon group recently executed attacks on ISPs and Managed Service Providers (MSPs) in the U.S. and India. These breaches leveraged stolen credentials and zero-day exploits, mirroring the persistence and sophistication seen in the Salt Typhoon campaign. ### Takeaways and Recommendations - 1. Strengthen Interconnection Security: Telecom companies must enforce stricter security protocols when interfacing with third-party networks. The breach's origin in a compromised provider highlights the need for secure collaboration. - 2. Proactive Monitoring and Threat Intelligence: Continuous network monitoring and real-time threat intelligence sharing, as demonstrated by T-Mobile, are critical in mitigating advanced persistent threats. - 3. Zero-Trust Architecture: Implementing a zero-trust framework can limit attackers' ability to navigate laterally within networks after initial compromise. - 4. Vulnerability Management: Regular audits and timely patching of known vulnerabilities, such as zero-day exploits seen in Versa Director attacks, are essential. ### Final Note T-Mobile's response demonstrates the effectiveness of early detection and strong cyber defenses in preventing catastrophic breaches. However, the broader implications of the Salt Typhoon campaign reveal persistent vulnerabilities in the telecommunications sector, warranting enhanced international cooperation and cybersecurity measures.

loading..   30-Nov-2024
loading..   3 min read
loading..

Ransomware

Starbucks

Starbucks grapples with payroll chaos and supply chain disruptions after a devas...

In an unprecedented turn of events, **Starbucks**—the world’s most recognized coffee brand—finds itself in the eye of a digital storm that has crippled its operations. A **devastating ransomware attack** on **[Blue Yonder](https://www.secureblink.com/cyber-security-news/ransomware-attack-cripples-blue-yonder-disrupting-global-supply-chains)**, the tech provider that powers Starbucks' critical supply chain, has triggered chaos not only in the company's logistical operations but in its ability to ensure its employees are paid on time. With operations severely disrupted, Starbucks has been forced to **manually track employee hours**, an unimaginable shift for a company known for its sleek, tech-driven processes. The impact? **Massive delays**, **disorganization**, and the loss of a **once-fluid payroll system**—and that’s just the beginning. --- ### **Attack on Blue Yonder** As we reported earlier, on **November 21, 2024**, a **ransomware attack** on **Blue Yonder**, a **global leader in AI-powered supply chain management**, set off a chain of disruptions across industries. **Blue Yonder**, a key partner for major brands like **Ford**, **Sainsbury’s**, and **Morrisons**, had its private cloud environment compromised, knocking down the systems that support its clients' real-time data tracking and decision-making tools. The attack has wreaked havoc on its entire client base, with major companies grappling with service interruptions. While some companies, including **Morrisons** and **Sainsbury's**, have resorted to slower, more manual processes, the ripple effect has been most pronounced at **Starbucks**. For a company with thousands of employees across the globe, the disruption is more than just a logistical headache—it has become a full-blown **operational crisis**. --- ### **How Starbucks Is Navigating the Nightmare** Starbucks, known for its seamless customer experience and cutting-edge technology, has been thrust into a scenario few could have predicted. The global coffee chain, famous for its technological prowess in tracking inventory and ensuring smooth operations, is now scrambling to maintain basic functions. The immediate challenge? **Employee payroll**. Without the real-time data needed to process work hours efficiently, Starbucks has been forced to manually track hours worked by its **hundreds of thousands of employees**. In a world where automation was supposed to eliminate such inefficiencies, this disruption has thrown the company into turmoil. **Jaci Anderson**, a spokesperson for Starbucks, commented, _“We’re working swiftly to bring our systems back online and ensure that all of our employees are paid accurately and on time. Our team is doing everything it can to manage the situation and continue to deliver service to our customers.”_ But how long can this "manual workaround" continue? How will this impact employee morale, especially in a high-stakes season for retail? --- ### **Global Implications for Retail and Supply Chain Tech** What we’re witnessing isn’t just an isolated incident—it’s a **widespread vulnerability** in the **global supply chain tech** ecosystem. Blue Yonder, like many other tech vendors, provides critical infrastructure to thousands of businesses. With a single successful attack, **ransomware gangs** are able to strike at the **heart of the supply chain** and affect **countless businesses** with minimal effort. As [mentioned](https://blueyonder.com/customer-update) in our previous Threatfeed, **ransomware gangs** increasingly target the **supply chain** as the weakest link in the cybersecurity armor. Attacks like these are only set to increase, as **cybercriminals** realize the exponential damage they can cause by disrupting just one part of the system. For Starbucks, the attack on Blue Yonder is not just a technical inconvenience—it’s a **warning sign**. While the company has not experienced any customer-facing disruptions, the question remains: **How many more attacks like this will it take before retailers and manufacturers are forced to rethink their entire cybersecurity infrastructure?** --- ### **Future of Supply Chain Security: What Other Retailers Can Learn from Starbucks’ Crisis** As Starbucks scrambles to bring its back-end systems back online, it’s clear that the **need for stronger cybersecurity measures** in the supply chain has never been more urgent. If this attack can bring a giant like Starbucks to its knees, what’s stopping it from happening to other major retailers? The situation at Starbucks serves as a **case study** in **crisis management**. The company has responded quickly, but the **long-term effects** of this disruption may not be fully realized for some time. How long will it take for **Blue Yonder** to fully recover, and how will its clients adjust in the interim? One thing is clear: **ransomware attacks** on supply chain providers are now a **top concern** for every business that relies on third-party tech solutions. Retailers, manufacturers, and distributors must start asking themselves: *Are we prepared for an attack that could bring our operations to a standstill?* --- ### **Can Starbucks Weather the Storm?** With service to customers **largely unaffected** so far, Starbucks has managed to keep the impact of this cyberattack under wraps. However, the **internal challenges** of keeping operations running smoothly are far from over. The company will have to rethink its relationship with Blue Yonder and other third-party vendors in light of this breach. Could this be the wake-up call for the coffee giant to build more **resilient, in-house systems**? As the investigation into the attack continues, and Blue Yonder works to restore its systems, the road to recovery will likely be long and fraught with challenges. For now, Starbucks remains focused on ensuring that employees are paid on time and that its **global supply chain** continues to function as seamlessly as possible—despite the storm raging in the background.

loading..   27-Nov-2024
loading..   5 min read