December 8, 2024 at 10:10PM
The Termite ransomware gang claimed responsibility for a ransomware attack on Blue Yonder, stealing 680GB of data. Blue Yonder’s operations were disrupted, affecting clients like Starbucks and UK grocery chains. Additionally, a Nigerian scammer received eight years in prison for a business email compromise scheme that stole over $6 million.
### Meeting Notes Takeaways
1. **Ransomware Incident**: The Termite ransomware gang has claimed responsibility for the ransomware attack on Blue Yonder, a supply chain SaaS vendor, which occurred on November 21.
– **Data Compromise**: Termite claims to have stolen 680GB of data, including email lists, which may pose future security risks for companies that have engaged with Blue Yonder.
– **Impact**: Affected customers include Starbucks and UK grocery chains Morrisons and Sainsbury’s, facing operational disruptions.
2. **Blue Yonder’s Response**:
– The company is collaborating with external cybersecurity firms and has begun strengthening its security protocols.
– As of December 6, Blue Yonder acknowledged the data compromise and is updating customers on recovery efforts.
3. **Ransomware Information**:
– Termite is reportedly using a modified Babuk ransomware and has targeted various industries across multiple countries.
– The attack methodology remains under investigation, commonly involving phishing and exploiting vulnerabilities.
4. **Critical Vulnerabilities Highlighted**:
– **CVSS 9.8 – CVE-2024-11667**: A vulnerability in Zyxel ATP series firewall firmware allowing unauthorized file access.
– **CVSS 9.8 – CVE-2024-11680**: An issue in ProjectSend that lets remote attackers modify configuration files.
– Immediate patching is recommended for both vulnerabilities.
5. **Data Exposure Incident**:
– The Safelinking service suffered a data breach resulting in the exposure of records for 30 million secure links and over 156,000 users.
– The database was destroyed following a ransom demand from a malicious bot.
6. **Spyware Controversy**:
– Former Polish spy chief Piotr Pogonowski arrested for refusing to testify regarding the alleged use of Pegasus spyware by the previous government.
– He claimed ignorance of the operational use of the spyware, despite being in a top position.
7. **Criminal Sentencing**:
– Okechuckwu Valentine Osuji, a Nigerian national, was sentenced to eight years in US prison for a business email compromise scheme that tricked victims out of over $6 million. He also targeted individuals through romance scams.
8. **Cyber Attack on US Company**:
– A significant US company, with a presence in China, was compromised by a suspected Chinese threat actor.
– The attackers maintained prolonged access to the network, moving laterally and stealing data, suggesting coordinated activity with prior attacks on the same company.
### Action Items
– Companies that engaged with Blue Yonder should notify users about potential email compromise risks.
– Immediate attention is advised for the identified critical vulnerabilities that are currently being exploited.
– Organizations should ensure safe link validation practices to avoid breaches similar to the Safelinking incident.