Security Breach – 23 May 2025

phishing

23 May Security Breach – 23 May 2025

Posted at 16:13h in Security Breach, TCT News by

When most IT professionals think about phishing, they picture employees in accounting clicking on fake invoices or someone in HR opening a malware-laden attachment. While those are legitimate risks, there’s another department that bad actors are especially interested in targeting, and compromising one of these employees’ accounts can be a gold mine. IT team members often have privileged access to critical parts of a company’s infrastructure. As a recent high-profile cyberattack in the U.K. demonstrated, the consequences of a successful phishing attack on an IT staffer can be catastrophic. While IT professionals typically recognise and avoid low-effort phishing attempts, when they do fall victim to a cybercriminal’s lure, the effects are explosive. IT and engineering staff receive nearly twice as many targeted phishing emails as other departments because compromising an IT team member is more likely to give adversaries the keys to the kingdom.

Recent Breaches

Australia – MKA Accountants – Business Services 

Exploit: Ransomware

Risk to Business: Moderate: Moonee Ponds-based MKA Accountants was named a victim of the Qilin ransomware gang. The group published 12 stolen documents on its darknet site on May 14, including internal emails, financial statements and insurance records. The firm has notified clients and reported the incident to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. MKA says it is aware of the claims and is working to verify the extent of the breach.

France – Christian Dior – Retail

Exploit: Hacking

Risk to Business: Moderate: Christian Dior Couture, one of LVMH’s most prominent fashion houses, confirmed it was the target of a recent cyberattack that compromised customer data. According to a statement from the House of Dior, an unauthorised external party gained access to some client information, though no financial details such as bank or credit card numbers were exposed. Initial findings suggest the breach primarily affected customers in South Korea and China. Dior has not disclosed the number of individuals impacted. No cybercriminal group has claimed responsibility for the intrusion, and the stolen data has not appeared on the dark web.

Talk to a TCT team member today about implementing cyber security plan for your business.

 

Robert Brown
23/05/2025

Related Articles:
Watch Out for New Malware Threats
Signs for a Device Upgrade