Cybersafetyconnections September 25,2023 vol#136
- From Konbriefing we have ransomware attack on Sabre Corporation – Southlake, Texas, USA (Tarrant County, Denton County).
- The Dunghill leak cybercriminals claimed responsibility for the attack.
- The cybercriminal group claimed to have stolen 1.3 terabytes of data.
- Not much is known about loss mitigation steps taken following the ransomware attack, so I asked Grammarly Go and bingo here are some steps to take to mitigate loss from ransomware attack.
What happened?
Skip the hysteria-what you need to know….
According to Techcrunch travel booking giant Sabre is investigating claims of a cyberattack after a significant amount of data was allegedly stolen from the company and appeared on an extortion group’s leak site.
Sabre is a well-known travel reservation system that provides crucial air passenger and booking data. It’s software and data are extensively used by several airlines and hotel chains to power their bookings, check-ins, and apps.
Who is responsible for the attack?
Cybercriminals increasingly target..
The group, called Dunghill Leak, claimed responsibility for the breach. Not much is known about Dunghill Leak, except that it is a relatively new ransomware and extortion group. According to security researchers at Malwarebytes, it evolved or rebranded from the Dark Angels ransomware, which came from the Babuk ransomware.
Dunghill Leak has claimed responsibility for targeting coin-operated game maker Incredible Technologies, food giant Sysco, and automotive products maker Gentex. Ransomware and extortion groups often threaten to publish sensitive data if a ransom is not paid, instead of encrypting files. The FBI and international law enforcement have long advised victims of ransomware and extortion not to pay the ransom.
Which information/data was stolen?
Information Technologt data thieves
The cyber-criminal group Dunghill Leak said that it had taken around 1.3 terabytes of data, including databases on ticket sales, passenger turnover, employees’ personal data, and corporate financial information. Screenshots seen by TechCrunch showed several database names containing tens of millions of records, including employee records with sensitive information such as passport numbers, visa numbers, and email addresses.
It is not known when the breach took place, but the screenshots posted by the extortion group show data that appears to be as recent as July 2022
How is the loss being mitigated?
What we know is that in 2017 Sabre had to pay 2.4 million to settle with several states as a result of data breach. Currently there is no other information.
So, what can be done to mitigate the loss of ransomware attack? Here are some suggestions from Grammarly Go:
There are several steps that organizations can take to mitigate the loss from a ransomware attack, including:
1. Backup your data: Regularly back up all of your critical data and store it in a secure and isolated location. This can help you recover your data in case of a ransomware attack.
2. Keep your software up to date: Ensure that all of your software and operating systems are up to date with the latest security patches and updates. This can help prevent vulnerabilities that can be exploited by attackers.
3. Use anti-virus and anti-malware software: Install and regularly update anti-virus and anti-malware software to help detect and prevent ransomware attacks.
4. Educate your employees: Educate your employees about the risks associated with ransomware attacks and how to avoid them. This can help prevent them from inadvertently clicking on malicious links or attachments.
5. Implement security best practices: Implement security best practices such as strong passwords, multi-factor authentication, and network segmentation to help protect your systems and data from ransomware attacks.
6. Develop a response plan: Develop a ransomware response plan that outlines the steps to be taken in case of a ransomware attack. This can help you respond quickly and effectively to minimize the impact of the attack.
Subscribe to get the latest post.
Your CyberSafety Advocate 