Incident & Breach Response
,
Security Operations
Also: Iranian Hackers Phish Israelis Over LinkedIn, Chatbot Jailbreak Occurs
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, pharma company Evotec downgraded its earnings after an April hack, Iranians pretended to be Israelis on LinkedIn, researchers jailbroke AI chatbots, a Ninja Forms WordPress plug-in flaw that can aid in data theft was discovered, and a DDoS attack in Kenya disrupted government services.
See Also: The Critical Nature of Incident Readiness and Response
Evotec Previews $28 Million Breach Cleanup
Publicly traded drug discovery and development company Evotec restated its earnings estimates in the wake of an April hacking incident. The Hamburg, Germany-based company said that as a result of the incident, it expects to see a reduction in full-year revenue of up to 70 million euros – $77 million. That’s despite the company reporting 30% revenue growth in the first quarter of this year.
In a filing with the U.S. Securities and Exchange Commission last week, the company revised downward its revenue forecast for the year, changing it from 820 million to 840 million euros to 750million to 790 million euros. The company estimates that the cost of mitigating and cleaning up the attack will be $28 million.
Evotec disclosed on April 10 that it had detected “unusual activity” on its IT systems on April 6 and had taken systems offline. At the time, Evotec warned investors that the incident could have “a potential impact” on its earnings. The company restarted operations at the end of April and said productivity reached 50% in May and over 80% in June.
Iranian Hackers Pretend to Be Israelis on LinkedIn
The Israeli Security Agency reportedly revealed Sunday that an Iranian phishing campaign had been targeting state employees and researchers through LinkedIn, with the objective of gathering intelligence on state policies.
The intelligence agency told local media that Iranian operatives had initiated contact by impersonating acquaintances over LinkedIn chat and later moving the conversation to email, where they eventually phished the target.
The Israeli intelligence agency Shin Bet said the initial messages had been carefully crafted based on detailed research about each target, ensuring the subject matter was of specific interest. Many targeted Israelis reported the incidents to authorities, which led to the attempts being thwarted.
Researchers Manage to Jailbreak AI Chatbots
Researchers from Carnegie Mellon University exposed techniques that can jailbreak AI chatbots such as ChatGPT and Bard, enabling them to provide full, illicit information instead of standard responses. The study disclosed ways to manipulate large language models, potentially aiding illegal activities such as the production of illegal drugs or hacking the electric grid. Researchers demonstrated that gaining prohibited knowledge required complex inputs, making it challenging for nontechnical users to replicate.
Ninja Forms WordPress Plug-In Flaw Aides Data Theft
Patchstack discovered vulnerabilities in widely used WordPress plug-in Ninja Forms that pose risks of privilege escalation and data theft. The flaws affect versions 3.6.25 and older. The released fix, version 3.6.26, mitigates the vulnerabilities, but around 400,000 sites remain exposed and half of Ninja Forms users have not yet installed the patch. The security issues include an unauthenticated XSS flaw allowing privilege escalation, tracked as CVE-2023-37979, and broken access control problems leading to data export, tracked as CVE-2023-38393 and CVE-2023-38386. Patchstack delayed public reporting to aid patching efforts, but potential exploitation risks persist, urging immediate updates or temporary removal of the plug-in.
Anonymous Sudan Attacks Kenya’s e-Citizen Digital Platform
A Kenyan government official on July 27 disclosed a distributed denial-of-service attack on governmental digital platform e-Citizen, which disrupted essential services such as buying electricity tokens, transacting on M-Pesa, digital banking and other government services on the portal. Self-proclaimed and Russian-speaking hacktivist group Anonymous Sudan took credit for the DDoS attack.