Jack O'Sullivan
March 9 2021
The Microsoft Exchange attack keeps getting worse and worse
Last week, it was reported that as many as 30,000 organisations worldwide had been affected by the Microsoft Exchange attack. Now, as more information has become available over the weekend, it's looking like the number of businesses that have been targeted is closer to 60,000 - and it continues to climb.
Cybersecurity researchers have put together a timeline of the unprecedented email attack, from when Microsoft first confirmed it in January, to now. They stated that Microsoft had as long as 2 months to properly explain the scope of this attack to users while issuing its first set of patches, but failed to do so.
A potentially state-sponsored Chinese hacking group known as Hafnium are being blamed for the attack - although China is denying any involvement - but they're not the only culprits. Cybersecurity analysts have claimed that, as of this weekend, there are at least five other criminal groups actively exploiting Microsoft's email flaws, so things are likely going to get worse. Read more here.
Is Google doing enough to combat businesses buying fake five-star reviews?
Some very cheeky UK businesses (not us though, we promise) have been caught buying five-star Google reviews, and this is leading a watchdog to question if Google is doing enough to ensure its business reviews are accurate.
Which? set up a fake company and was able to buy bogus five-star reviews and sham potential customers. Dozens of British firms fell for this ruse. Google has responded by saying it has been investing in tech to help solve this problem, which may well have come about because the Competitions and Markets Authority has got the platform in its sights for failing to tackle the issue.
Fake reviews have serious consequences. Fair enough that fake reviews on a hairbrush, for example, may only put you out by £3 or so, but what about fake reviews on financial services or law services? If second-rate businesses are using fake reviews to bolster shoddy services, customers who are potentially in vulnerable positions - either financially or with the law - could be falling hook line and sinker for false claims of a quality service, and suffering significantly as a result. Read more here.
Cyber-criminals have doxed Flagstar Bank employees as part of an extortion attempt
Looks like Cl0p has struck again - this time the ransomware gang has released the names, home addresses, and social security numbers belonging to several workers at Flagstar Bank. The hackers posted data from the Michigan bank to the dark web and emailed local journalists to advertise the doxing - this is all part of a brazen extortion attempt to get money from Flagstar. Basically, if the bank won't pay up, Cl0p will continue leaking data, and putting their staff at risk.
18 employees had their details exposed, but the criminal group also has access to employee information, and corporate data too. So far, Flagstar has confirmed it suffered a data breach and is apparently in negotiation talks with the hackers. In order to pile the pressure on, Cl0p started releasing staff data, in the hopes that Flagstar would be motivated to pay up quicker.
Speaking on their extortion method, the hacking group had this to say: "It often motivates to reconsider the decision. This is advertising for future customers =)" Read more here.
Want the latest technology and cybersecurity news? Check out our Twitter page for upcoming tech world developments and data breach updates, or get in contact with a member of our team to see how our security services can keep your organisation out of the headlines.