InfoSecBulletin Cybersecurity for mankind
On September 16, 2024, Globe Pharmaceuticals Ltd., a major pharmaceutical company in Bangladesh, was hit by a ransomware attack detected by the BCSI Threat Intelligence Platform, highlighting ongoing cyber vulnerabilities in established firms.
The Attack Unfolds:
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
Globe Pharmaceuticals experienced a ransomware attack on September 16th, but the method of attack is unclear. Two days later, the new group ValenciaLeaks took credit for the attack, adding Globe to their list of victims without revealing how they gained access.
The Data Leak:
On September 18th, ValenciaLeaks released a 200MB data sample on the dark web site. This data was analyzed and found to include:
Bank Details: Sensitive financial information that may increase the company’s risk exposure..
Official Excel Sheets: Possible sensitive internal data is linked to operations.
Configuration files: Information that could expose the company’s network and increase security risks.
Private Keys: Confidential encryption keys pose a threat to the company’s data security. Internal emails may contain sensitive business information. The leak of this information risks Globe Pharmaceuticals’ financial and operational security and underscores the widespread effects of ransomware attacks.
What This Means:
The attack on Globe Pharmaceuticals shows that cyber threats are changing. Organizations must realize that even if they think their systems are secure, they can still be targeted.
Here are some simple ways companies can stay safe::
Regular Security Audits: Regularly checking security measures can help find and fix weaknesses before they are taken advantage of.
Data Encryption: Encrypting sensitive data ensures that even if stolen, it remains protected.
Employee Training: Train staff to identify phishing and social engineering to prevent breaches.
Incident Response Plan: Having a plan in place enables quick and effective responses to minimize damage.
Backups: Regular backups help companies recover quickly after an attack.
The ValenciaLeaks attack on Globe Pharmaceuticals Ltd. highlights the urgent need for organizations to enhance their cybersecurity. Being proactive and vigilant will help companies better protect their data and reputation in a dangerous digital environment.
