Cactus Ransomware Claims 2 New Victims
After naming others in the past few weeks, the Cactus ransomware group has claimed cyber attacks on two more organizations. This list includes the UTC Overseas and Unitex cyber attack. Both organizations are based in the United States.
Besides these, the Cactus group added the names of Astro, a lighting supplier in the UK, Orthum Bau, a construction firm in Germany, Seymour’s estate agents, and Promotrans, a coaching service in France. This reflected the concentration of targets attacked by Cactus.
UTC Overseas and the Unitex Cyber Attacks
The alleged Unitex cyber attack impacted the over 100-year-old textile manufacturing firm and rental service provider. Unitex makes hygienic linen and uniforms for employees of healthcare including nursing homes.
In the UTC cyber attack message, Cactus group placed a link to download their exfiltrated data. The placing of the download link suggests that Cactus hackers tried extorting a ransom from the organizations.
However, after failing to gain any positive response, they decided to release the stolen data from UTC and the Unitex cyber attack. UTC has a global presence in offering freight forwarding and cargo logistics services.
With the Unitex ransomware attack, it is likely that the hackers would try to log in to the accounts of its clients in the healthcare sector.
The websites of both organizations were operational when checked by The Cyber Express.
Third-Party Risk Posed to Healthcare and Other Businesses
Keeping the impact of the MOVEit cyber attack, and the more recent Kokoro data breach in view, it can be determined that cybercriminals are now looking for third-party organizations to reach the bigger target. When hackers cannot or do not seek to breach individual organizations, they hack a third-party service provider.
Just like a MOVEit vulnerability exploitation allowed the Clop ransomware group to hack over 2,120 organizations so far, and their clients, Cactus and others are likely looking to target clients of the unsuspecting service providers.
The recent Kokoro cyber attack supports this observation as its exploitation allowed hackers to exfiltrate data of nearly 40 UK-based, high-profile charitable organizations. These organizations are supported by famous and global celebrities and the revenue is expected to be higher than most smaller organizations.
The Kokoro hacking helped hackers to find the data it processed sent by another organization that served several UK-based non-profits. In one attack, hackers are finding databases with names, phone numbers, addresses, etc.
Addressing the processing of donor data by third parties, the Cybersecurity Veteran Graham Cluley aptly said, “And you, as a supporter of a particular charity, are probably completely unaware that Kokoro exists at all, let alone that it has a copy of your personal information.”
A majority of customers of an organization are unaware of their data being handled by organizations for various purposes. MOVEit is a file transfer service that offers the moving of data to countless organizations, safely.
However, are the data processing channels employed by vendors really safe?
The privacy policy of Kokoro reads –
“We will also use technological and organization measures to keep your information secure. We also have procedures in place to deal with any suspected data security breach,” is part of the privacy policy.
This element of third-party vendor security has been discussed by governments across nations. Users need to take into account that they share their data responsibly and avoid sharing when they do not feel safe. This while service providers do their part in making sure all vendors have threat detection and reporting tools in place.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
