MSP cybersecurity news digest, September 2, 2024

Halliburton, a leading oil services company with a revenue of $23.02 billion in 2023, confirmed a cyberattack that led to the shutdown of some of its systems.

The company became aware of unauthorized access and activated its cybersecurity response plan, launching an investigation with external advisors. As a precaution, Halliburton took certain systems offline to contain the breach and reported the incident to law enforcement. Their IT team is working on restoring affected devices and assessing the impact of the attack.

Halliburton is also communicating with customers and stakeholders about the situation. The exact nature of the cyberattack remains undisclosed, but is rumored to be linked to the RansomHub ransomware group.

Google has released an emergency Chrome update to fix two newly discovered zero-day vulnerabilities, CVE-2024-7971 and CVE-2024-7965, both of which are actively exploited in the wild.

These high-severity flaws are linked to issues in Chrome's V8 JavaScript engine, including type confusion and inappropriate implementation, which could allow attackers to execute arbitrary code on targeted devices. The vulnerabilities were reported by Microsoft's security teams and a researcher known as TheDog, respectively.

This update marks the ninth and tenth Chrome zero-days patched by Google in 2024. Users are advised to update their browsers immediately by going to the Chrome menu and clicking "Help" > "About Google Chrome" to apply the fix. Google has not yet released full details of the exploits to ensure most users are protected before the information becomes public.

Researchers have discovered a new dropper, dubbed PEAKLIGHT, that delivers malware to Windows systems through malicious movie downloads. PEAKLIGHT is a memory-only PowerShell-based downloader that distributes malware strains like Lumma Stealer, Hijack Loader and CryptBot.

The attack begins when users download LNK files disguised as pirated movies, which then connect to a content delivery network hosting a JavaScript dropper. This dropper executes the PEAKLIGHT script, reaching out to command-and-control servers to fetch further payloads.

PEAKLIGHT uses deceptive methods like simultaneous downloads of legitimate movie trailers to mask malicious activity.

Microchip Technology Incorporated, an American chipmaker with a revenue of $8.439 billion in 2023, disclosed that a cyberattack disrupted its operations across multiple manufacturing facilities.

The incident forced the company to shut down and isolate affected systems, impacting its ability to meet customer orders across various sectors, including automotive, aerospace, and defense. The breach was confirmed as an unauthorized party disrupting certain servers and business operations.

Microchip Technology Incorporated is working with external cybersecurity experts to assess the attack's extent and restore its systems. The company has not yet determined the full impact of the incident or whether it will materially affect its financial condition. The Play ransomware group claims to have breached Microchip's internal systems, potentially stealing confidential data, personal information, and financial records, though these claims have not yet been verified.

AutoCanada, a large car dealership operator that employs over 4,700 people and had a revenue of over $6 billion in 2023, experienced a cyberattack that affected its internal IT systems, potentially causing disruptions.

The company reportedly took steps to secure its network and data and has enlisted external cybersecurity experts for containment and remediation. The investigation is ongoing, and it is currently unclear if any data has been compromised. While business operations are continuing, disruptions may occur until systems are fully restored.

AutoCanada, which operates numerous dealerships in Canada and the U.S., reported significant financial losses in Q2 2024, partly due to the recent CDK Global IT outage. The company has not yet disclosed details about the attacker, and no major ransomware groups have claimed responsibility.