Cybersecurity Update March 18th 2023: Banking Sector Risks, Facial Recognition Concerns, and Ransomware Attacks

Welcome to our weekly cybersecurity roundup, where we bring you the latest news and updates from the world of cybersecurity. In this week’s roundup, we’ll be discussing ransomware attacks, data breaches, facial recognition developments and cybercriminal activities that occurred in the past week.

Ransomware Attacks

In recent times, ransomware attacks have been a major concern for businesses and organizations worldwide. In one such attack, the Lockbit ransomware gang claimed to have breached a SpaceX contractor, Maximum Industries, and threatened to sell the acquired data to other manufacturers if a ransom is not paid by March 20th. The stolen data is said to contain about 3,000 drawings certified by SpaceX engineers. The gang has also claimed a cyber attack on Essendant, a US National Wholesale office supplies distributor. The incident is suspected to be caused by ransomware and has led to an extended network outage since March 6, 2023, preventing online orders and impacting both customers and suppliers.

Data Breaches

Several data breaches were reported this week, including the leak of personal information of users who have engaged with Chinese mobile brands like OnePlus, Oppo, and Romi, leaving them in a vulnerable position. In another incident, an unknown hacker offered up 60 gigabytes of sensitive files allegedly stolen by the Lockbit ransomware gang, which contained not only Deutsche Bank employee data but source code derived from the bank’s website.

Criminal Activities

In the world of cybercriminal activities, a disgruntled pro-Russian online gamer community hacked the Ukrainian-owned GSC Game World, stealing 30 gigabytes of materials. The gamer group is now threatening to publish all stolen materials from the company’s upcoming game called Stalker 2 if GSC Game World does not meet several demands, including a formal apology for its unworthy attitude towards ordinary players from these countries. In another incident, an unknown threat actor, Loyola, claimed to have obtained access to sensitive employee data belonging to Indian conglomerate Larson and Toubro Limited (L&T). The compromised data reportedly includes personal and employment information, bank account details, nomination information, permanent account number (PAN), email addresses, passwords, and family information of over 15,000 L&T employees.

Cybersecurity Risks in the Banking Sector

The recent turmoil in the banking sector due to the COVID-19 pandemic has raised concerns about the security of financial institutions. In a recent Tech Check segment on CNBC, Diedra Bosa discussed how the current situation is affecting the cybersecurity of banks. She explained that one of the biggest cybersecurity companies has been monitoring the fallout and has seen a spike in cyber attacks in the sector. Banks like Silicon Valley Bank, Signature Bank, First Republic, and Credit Suisse have been targeted by criminals who pose as banks and send messages to customers of vendors that use these banks. According to Matthew Prince, CEO of cybersecurity company Cloudflare, the banking sector has done a good job of putting the right protections in place, but they are still vulnerable to attacks on some of the largest customers. He also stated that the bigger risk is with the various companies that might be using the banks and how they might be scammed during this time of stress.

The use of Facial Recognition Technology in Retail and Entertainment Venues

The use of facial recognition technology in retail and entertainment venues has become increasingly common. According to a recent report on ABC News, dozens of large retailers are reportedly using facial recognition to catch repeat offenders, and more entertainment venues are using the tool at ticket gates, including First Energy Stadium in Cleveland, Citi Field in New York, and the Rose Bowl in Pasadena. However, the use of this technology is raising privacy concerns. The sign posted outside a Fairway store in New York City read that customers’ biometric data may be collected using a scan of their eye, face, or fingerprint. Fairway stated that the technology is helping their store reduce retail crime, and many businesses in New York City are required to post signs notifying customers of any biometric surveillance. However, Amazon is now being sued for not following this requirement.

The Concerns and Potential Risks

While facial recognition technology can be useful in preventing retail crime and enhancing security, there are concerns about the potential risks associated with its use. The owner of Madison Square Garden has been under fire for using facial recognition to identify and remove people, including lawyers involved in litigation against MSG. There are also concerns about how this data is utilized, especially if it falls into the wrong hands. It is crucial to strike a balance between using facial recognition technology to enhance security and privacy concerns.

Job Openings

In lighter news, the Cybersecurity and Infrastructure Security Agency (CISA) is hiring cybersecurity experts, students, and enthusiasts to work towards a robust security workforce and continue its mission of defending against threats and building a more secure and resilient infrastructure for the future. Cyber attacks are becoming more frequent, and it’s essential to stay informed and take the necessary precautions to protect ourselves and our businesses. As always, we’ll continue to keep you updated on the latest cybersecurity news and trends. Stay safe, stay vigilant and we’ll see you Monday for another update!