Total Tests:
Blog Filters Reset
By Incident
By Jurisdiction
Show More

Almost All Firms Are Working With Breached Third Parties

Read also: Financial firm ION hit with a cyber-attack, Hive ransomware disrupted in a global cyber operation, and more.

Thursday, February 2, 2023

Views: 3.9k Read Time: 2 min.

Almost All Firms Are Working With Breached Third Parties

Over 98% of organizations have ties with breached third-party vendors

Over 98% of organizations are working with at least one third-party vendor that has suffered a cybersecurity incident in the last two years, a new research found. Moreover, half of companies have indirect ties with at least 200 four-parties (third-party vendor’s partners and suppliers) that have been hit with a breach in the last two years.

The IT sector has the most third-parties, with an average of 25 vendors per organization, followed by the healthcare industry (15.5), insurance sector (11), and finance (6.5). Concernedly, in terms of cybersecurity third-parties are significantly lacking compared to primary organizations - nearly 10% of third-parties receive an F rating among organizations that earn an A rating for their own security posture.

Europol and FBI took down Hive ransomware operation

Law enforcement authorities in the US and Europe announced the takedown of the notorious Hive ransomware operation that claimed more than a thousand victims worldwide. The gang’s Tor payment and data leak sites were seized, according to Europol.

The FBI said it was able to covertly infiltrate servers belonging to the Hive gang in July 2022 and obtain 300 decryption keys that allowed victims to recover encrypted files, thus saving them at least $130 million in ransom payments.

Meantime, the US Department of State has offered a reward of up to $10 million for tips that would allow to link Hive or any other threat actors targeting US critical infrastructure to a foreign government.

Ransomware attack on financial firm ION delays EU derivatives trades

UK-based derivatives trading platform ION Cleared Derivatives, a division of ION Markets, which provides software for electronic trading, was hit by a ransomware attack that forced major European and US banks and brokers to process trades manually.

The company said the hack took place on January 31, 2023 and impacted some of its services. Following the attack ION shut down all affected servers. The incident is said to have impacted 42 of the company’s clients.

ION didn’t share details regarding the perpetrator behind the hack, but some reports suggest that the company was hit by the notorious LockBit ransomware gang.

Code signing certs stolen in GitHub breach

Malicious actors breached repositories for GitHub Desktop and Atom apps last December and stole encrypted code signing certificates, GitHub revealed.

The company said that the stolen certificates were password-protected, and that, at present, there is no indication that the certs were decrypted or used for nefarious purposes. However, as a precaution, GitHub said it has revoked exposed certs. More specifically, the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1 will stop working on February 2, 2023.

Google Fi reportedly affected in a massive T-Mobile hack

It appears that a massive January 2023 T-Mobile data breach that affected nearly 37 million customers has also impacted Google Fi, Google’s cell network provider.

In a data breach notification sent to Fi’s subscribers Google said that a “limited amount of Google Fi customer data” was exposed during a recent security incident at “the primary network provider for Google Fi.” Although Google didn’t share the name of the affected network provider, the timing and wording of the message and the fact that Google Fi relies on T-Mobile for the majority of its connections suggest that the breach may be linked to the January T-Mobile security incident.

According to Google, the exposed data includes SIM card serial number, account status (active/inactive), information on when an account was activated, data about mobile service plan. Any personal or financial information was not impacted in the breach, Google has assured.

What’s next:

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential