In today’s cybersecurity news…
Hawaiian Airlines suffers cyberattack
The incident, which took down some IT systems, was first reported on Thursday morning. The airline stated it was “still able to safely operate a full flight schedule and was working toward an orderly restoration.” Numerous incident responders are attributing the attack to Scattered Spider. This group has been very busy of late, allegedly responsible for the UK retailers’ attacks, as well as attacks on insurance companies such as Aflac.
United Natural Foods says cyber incident will impact quarterly income
Following up on a story we covered on June 10, the food distributor, which is the main supplier for Whole Foods and the largest health and specialty food distributor in the United States and Canada, says that systems have been restored, but that the incident is “likely to have an effect on the company’s income for the final quarter of its fiscal year, which ends in August.” The attack did not include any data breaches, and no group has claimed responsibility. The company had cyber insurance that will cover at least some of the costs but that will likely be paid out at some point in the next fiscal year.
Russia throttles Cloudflare making sites inaccessible
Russian internet service providers have been “throttling access to websites and services protected by Cloudflare, making sites inaccessible from the country.” This has meant that Russian internet users can only download the first 16 KB of any web asset, which is insufficient for most Cloudflare-backed sites. For its part, Cloudflare says it is “in no position to remediate the situation, as the throttling is outside its control, and there are no effective workarounds or mitigations to address the access problems it causes.” The company has not received formal communication about the throttling from the Russian state but “considers this action part of the country’s broader strategy to oust Western tech firms from the domestic market.”
Ahold Delhaize data breach info released
Following up on another food distributors story, the Dutch company, Ahold Delhaize, one of the world’s largest food retail chains, is now notifying more than two million individuals that “their personal, financial, and health information was stolen in the November ransomware attack that impacted its U.S. systems.” The multinational retailer, which operates in Europe, the U.S. and Indonesia, has not named any cybercrime group behind the breach, however, the INC Ransom ransomware group did mention the company on its dark web portal in April, along with samples of documents “allegedly stolen from the company’s compromised systems.”
Huge thanks to our sponsor, Palo Alto Networks
Cortex Cloud by Palo Alto Networks bridges this divide, unifying teams and stopping attacks with real-time cloud security that includes AI-powered protection, detection and automated response capabilities.
Threats are stopped in minutes instead of days, and teams can finally protect cloud environments at the speed and scale of modern attacks. To learn more about how Cortex Cloud stops cloud attacks before they become breaches, visit: paloaltonetworks.com/cortex/cloud-detection-and-response
Microsoft security updates address CrowdStrike crash
A major IT outage last year, caused by a faulty software update from cybersecurity firm CrowdStrike, led to global crashes of millions of Windows devices. Although the issue stemmed from CrowdStrike’s Falcon software, which had deep access to the Windows kernel, Microsoft received much of the blame. In response, Microsoft has now announced changes to reduce such risks. Antivirus software will no longer have direct kernel access, and a new endpoint security platform will soon be introduced. This platform will require security updates from third-party vendors to pass through extensive testing and review before deployment to Windows systems worldwide.
FBI warns of social engineering exploiting patients and healthcare providers
The Bureau has issued a warning about criminals posing as health insurers and claims investigators to steal medical and financial data from patients and healthcare providers. They use emails and texts to pressure victims into handing over sensitive information or to make payments for fake service overpayments. According to Health-ISAC’s Errol Weiss, such scams are increasing, often involving impersonation of trusted entities like government agencies or major brands. Criminals use previously leaked personal data – even partial data – to make their schemes more convincing, creating a false sense of trust and legitimacy.
Google’s emissions up 51% as AI electricity demand counters green efforts
Google’s carbon emissions have jumped 51% since 2019, largely due to the growing energy demands of artificial intelligence. Despite investments in renewable energy and carbon removal, the company is struggling to reduce emissions from its supply chain, known as scope 3 emissions. A 27% year-over-year increase in electricity use reflects the rising power needs of datacentres that support AI models like Google’s Gemini and ChatGPT. Experts warn that AI could push datacentres to consume up to 4.5% of global energy by 2030. Google also notes delays in low-carbon energy solutions like Small Modular Reactors, making decarbonization even harder.
Hacker helped kill FBI source, says El Chapo case witness
A Justice Department watchdog report has revealed how a hacker, hired by the Sinaloa drug cartel “infiltrated cameras and phones to track an FBI official in Mexico investigating the drug lord El Chapo, then used data from that surveillance to kill and intimidate potential sources and witnesses the agent was meeting with.” According to the report, the hacker identified people of interest, including the FBI Assistant Legal Attache, and then was able to hack the attache’s mobile phone number to track calls made and received, as well as geolocation data. The hacker also used Mexico City’s camera system to follow the attache through the city and identify people they met with. “The cartel allegedly used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses.”