Cyber breach

Blogs

Oxford City Council Latest Prey of Cyber criminal; Personal Data on legacy system exposed

The Oxford City Council informed it suffered a data breach where attackers accessed personally identifiable information from legacy systems. The incident which took place over the weekend of 7 and 8 June, witnessed how attackers accessed historic data stored over a decade held on legacy systems.

The leaked personal information are of individuals who worked on elections administered by the council between 2001 and 2022, including poll station workers and ballot counters. Most of these people, said the council, will be current or former council officers.

‘”No evidence to suggest that any of the accessed information has been shared with third parties,” said the council in a statement.

The automated systems were able to detect the breach and resulted in disruption to some of their services last week. But the have been working hard to minimize impact on residents.

The council’s email systems and wider digital services remain secure and safe to use, it said, and the council has reported the incident to the relevant government authorities and law enforcement agencies.

According to the Information Commissioner’s Office (ICO), cyber attacks on local authority systems rose by a quarter between 2022 and 2023, while personal data breaches rocketed by 58%.

Major cyber attacks on institutions based in UK

The Oxford attack is the latest of many to affect UK councils. In 2025 alone, Gateshead and West Lothian councils have reported material attacks on their systems, with ransomware groups claiming responsibility for both.

Nottingham City Council also suffered a freak service outage earlier this year, which turned off the lights at the authority’s office building, although that was caused by a datacenter electrical fault rather than intruders.

Legacy Systems Vulnerable to cyber attacks:

A study by Accenture found that 85% of IT leaders in government agencies believe not updating legacy systems threatens their future.

When legacy systems were developed, these applications may have been on top of then-current cybersecurity practices. But with the passage of even a short time, the threat landscape evolves while many legacy systems get left behind.

Legacy systems are the workhorses of many businesses and dependable as these aging software and hardware applications keep core operations running. Legacy dependencies can stall a strategic move to the cloud and digital transformation. 

These outdated software applications, databases, and codebases were once reliable. Presently the software’s struggle to keep pace with digital trends.

Few examples of Legacy system

  • Old Enterprise Resource Planning (ERP) systems: These were often built with a monolithic architecture, making them inflexible and difficult to integrate with newer technologies.
  • Outdated databases: Hierarchical and older relational database systems may lack the features and security needed for modern applications.
  • Custom code: Businesses may still rely on proprietary software written in languages like COBOL, posing challenges for maintenance and updates.

Protect your Network & Digital environment with Intru360

If you are storing sensitive information like passwords, API keys, certificates, and other secrets, it’s critical to ensure they are kept secure.

Many developers often overlook this crucial step, either hardcoding secrets directly into their code or storing them in an insecure manner.

Sometimes lack of attention can have disastrous consequences as we have witnessed many high-profile breaches over the years.

  • For seamless business continuity even in the face of cyber threats while maintaining productivity and profitability Intru360 have been introduced to proactive cybersecurity measures and protect your valuable information.
  • Stay safe, stay informed and protect your digital environment as Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack.
  • Intru360 simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
  • Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst.
  • Unify latest threat intelligence and security technologies to prioritize the threats that pose the greatest risk to your company.

 

(Sources: https://www.theregister.com/2025/06/20/oxford_city_council_breach/)

https://www.secopsolution.com/blog/common-vulnerabilities-in-legacy-systems-and-how-to-mitigate-them

Blogs

16 Billion Passwords Leaked in Largest Data Breach; Impact of Infostealer Malware

Data Breach with 30 exposed Datasets & contained approx 10 to 3.5 billion records making it one of the largest data breach.

According to a report security researchers from Cybernews found about a Data breach that leaked important data or passwords that was mostly generated by various cybercriminals using info stealing malware. They exposed data was made to look like a breach but these login credentials were gathered from social media, corporate platforms, VPNs etc via infostealer.

Now cybercriminals have unprecedented access to personal credentials and these credentials be used for account takeover, identity theft and targeted phishing activities.

The concern is the structure and recency of these datasets as they are not old breaches being recycled. This is fresh, weaponizable intelligence at scale”, added researchers.

The data sets contains a mix of details from stealer malware, credential stuffing sets and repackaged leaks. There is no way to compare these datasets, but likely to contain at least some duplicated information. This makes it hard to determine how many people were affected by the data breach.

What are Data sets & how deadly can be Infostealer as a malware?

Datasets are basically structure collection of data collected over the years or so and organized as case specific models

In 2024 datasets containing billions of passwords have previously found their way on the internet. Last year, researchers came across what they called the Mother of All Breaches, which contained more than 26 billion records.

The data breach that happened had data in sets, following a particular pattern, containing an URL followed by a username and password. To those unaware, this is exactly how infostealing malware collects information and sends it to threat actors.

The exposed data came from platforms widely used round the world starting from Google, Apple, Github, Telegram & Facebook. So data was first collected over a period of time, further made into data sets and grouped together.

Info stealers are malware programs that are designed to silently steal usernames and passwords Basically designed to swipe of credentials from people’s devices and send them to threat actors for further them for sale on dark web forums.

An infostealer is malware that attempts to steal credentials, cryptocurrency wallets, and other data from an infected device. Over the years, infostealers have become a massive problem, leading to breaches worldwide. No device is spare from infostealer’s impact including Windows and Macs, and when executed, will gather all the credentials it can find stored on a device and save them in what is called a “log.”

If a organization or individual is infected with an infostealer and have hundreds of credentials saved in their browser, the infostealer will steal them all and store them in the log. These logs are then uploaded to the threat actor, where the credentials can be used for further attacks or sold on cybercrime marketplaces.

An infostealer log is generally an archive containing numerous text files and other stolen data.

Fig1:

(Image courtesy: Bleeping computers)

A devastating data breach is a nightmare for customers and affected organizations, but breaches can have a positive side also. Each incident is a learning opportunity. It’s easier to defend critical data when we understand the mistakes made by others and the tactics used by attackers.

How to be secure & keep your Data safe

If users are in midst of data breach or may find that their data is not safe as an infostealer might be there in your systems or devices then scan your device with an antivirus program. Once done then change password or your newly entered credentials could be stolen again. The system is clean so password hygiene can be maintained time to time.

At times even unique passwords won’t help you stay protected if you are hacked, fall for a phishing attack, or install malware. Its better not to change all credentials in one go instead having a cyber security hygiene in routine is better as an option.

Intru360

For organizations to stop and detect any intrusion by attackers prefer to have Intru360 in your list of cyber security go to products from Intruceptlabs.

Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.

Globally every year cyberattacks are growing and mutating each month. Organizations have their Intelligent intrusion network detection systems in place analyze and detect anomalous traffic to face these threats.

Do visit our website for more information.

Source: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/amp/

Blogs

Orange Group Suffered Data Breach; Threat Actors Exposes Compromised Data

Threat actors aimed infiltrating on Orange’s systems; A case of Ransomware cannot be denied on the data breach that took place.

Orange has confirmed it has recently experienced a cyber-attack, that exposed compromised data. Orange insists it is still investigating the case. The data breach on Orange group when analyzed found it included thousands of internal documents, including sensitive user records and employee data, after infiltrating the company’s infrastructure.

As per reports one of Orange’s non-critical apps breached in an attack aimed at its Romanian operations after HellCat ransomware gang member “Rey” alleged exfiltrating thousands of internal files with user records and employee details, which have been leaked on Tuesday, according to BleepingComputer.

Key Breach details on Orange Group

  • The data breach aimed at Infiltration of Orange’s systems for more than a month via the exploitation of Jira software and internal portal vulnerabilities.
  • This facilitated the eventual breach and can be a ransomware case as of almost 6.5 GB of corporate data including about 12,000 files over a nearly three-hour period on Sunday.
  • The hacker, known by the alias Rey, is a member of the HellCat ransomware group, noted the intrusion to be independent from the HellCat ransomware operation.
  • The threat actor claims that they have stolen thousands of internal documents of current and former Orange Romania employee, contractor, and partner email addresses, some of which dated from over five years ago, as well as mostly expired partial payment card details.
  • The hacker claims that they gained access to Orange’s systems by exploiting compromised credentials and vulnerabilities in the company’s Jira software (used for issue tracking) and other internal portals.
  • The point was getting access to the company’s systems for over a month before executing the data exfiltration as per the hacker. They also stated that they had dropped a ransom note on the compromised system, but Orange did not engage in negotiations.
  • Orange emphasized that the attack has not impacted operations amid an ongoing investigation into the incident. The company is yet to disclose whether affected individuals will be notified or if additional security measures will be introduced to prevent similar breaches in the future.

Cyber Security Implications 

From cybersecurity point the incident reflected how major organization face cyber threats and what is their strategy for incident response?

How far is the preparedness of enterprises against a ransomware attack?

These are some of the eminent questions organizations must face in order to defend their brand name..Is it proactive, are organizations prepared as Ransomware groups are focusing with advanced techniques.

Cyber security preparedness the next step

It is important that security teams be on their toes to stop any ransomware attack at the source.

AI on the endpoints is the requirement of the day, detecting atypical behavior to predict and block attack advances, at the same time before encryption, having visibility full visibility from the kernel to the cloud enables one to spot signs of compromise .This can also be any ransomware chain or any early indicators of compromise.

Experts keep on warning how to protect assets from getting compromised warning customers and employees to remain vigilant for potential phishing attempts based on the data that has been leaked.

AI Leveraging Ransomware campaigns

Earlier we witnessed cybercriminals would encrypt data and provide the decryption key once payment was received.

Now threats has doubled up with double or triple extortion attacks to expose stolen information on data leak sites in exchange for larger ransoms.

The greater availability of artificial intelligence and machine learning tools has led to these gangs be more sophisticated in their attack methods. Now the attack vectors leverage AI and ML capabilities to evade detection, spread more effectively to reach their final goals.

AI Reshaping Cyber security Roadmap

AI in cybersecurity firstly integrates artificial intelligence technologies that are required to gain critical insights and automate time-consuming processes and this includes machine learning and neural networks, into security frameworks.

These technologies are a must to enable cybersecurity teams and systems to analyze vast amounts of data, recognize attack patterns, and being able to adapt new evolving threats that can be performed with minimal human intervention. Read our blog: AI Reshaping Roadmap for Cyber security

With AI capabilities what is the next scenario we may witness in Ransomware campaigns

    • Making ransom calls using Voice Cloning

    • Malware that can target key personnel within the organization

    • The ability to decipher financial data and demand ransom amounts accordingly

AI-driven systems learn from experiences and AI will empowers organizations, enterprises in future and still doing to enhance their cybersecurity posture and reduce the likelihood of breaches, identify potential risks by acting independently.

Sources:

https://www.scworld.com/brief/orange-group-hack-confirmed-following-leak-by-hellcat-ransomware-member

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Scroll to top