Cushman & Wakefield Confirms Vishing Cyberattack

about 1 month agoUS

Source: theregister.com

Commercial real estate giant Cushman & Wakefield (C&W) has confirmed a cyberattack resulting from a vishing (voice phishing) incident. Two cybercrime groups, ShinyHunters and Qilin, have claimed responsibility for the attack, creating uncertainty about the responsible party.

Key Insights

•

Cushman & Wakefield confirmed a 'limited' data security incident due to vishing, where an employee was socially engineered.

•

ShinyHunters claimed to have stolen over 500,000 Salesforce records containing PII and internal corporate data.

•

Qilin, considered a prolific ransomware group, also claimed responsibility but provided no specific details of the attack.

•

The company activated its response protocols and engaged third-party experts to investigate the incident.

•

Why this matters:: This incident highlights the increasing sophistication of cyberattacks, particularly social engineering tactics like vishing, and the potential for significant data breaches, even in large organizations.

In-Depth Analysis

Cushman & Wakefield, a major player in the commercial real estate sector, has found itself the target of a cyberattack. The attack, stemming from a vishing incident, underscores the vulnerability of even large corporations to social engineering tactics. According to The Register&ref=yanuki.com, a C&W spokesperson stated the attack was 'limited' in scope. ShinyHunters, known for their large-scale breaches, claimed responsibility on May 1st, alleging the theft of 500,000 Salesforce records. Qilin, a prominent ransomware group, also claimed responsibility on May 4th, listing C&W on their data leak site but without providing details.

The situation is complicated by the dual claims of responsibility. It's unclear whether the two groups collaborated or if these are separate, coincidentally timed attacks. Cushman & Wakefield is currently investigating the incident with the help of third-party experts.

How to Prepare:

•

Employee Training: Implement regular training programs to educate employees about vishing and other social engineering tactics.

•

Security Protocols: Reinforce and update security protocols to prevent unauthorized access and data breaches.

•

Incident Response Plan: Maintain a well-defined incident response plan to quickly and effectively address security incidents.

Who This Affects Most:

•

Cushman & Wakefield Clients: Clients' sensitive data may be at risk.

•

Cushman & Wakefield Employees: Employee PII (Personally Identifiable Information) could be compromised.

•

Stakeholders: Reputational damage and financial losses can affect stakeholders.

FAQs

•

Q: What is vishing?

Vishing is a type of social engineering attack conducted over the phone, where attackers trick individuals into divulging confidential information.

•

Q: Who are ShinyHunters and Qilin?

ShinyHunters is a cybercrime group known for large-scale data breaches. Qilin is a prolific ransomware group known for targeting numerous organizations.

Key Takeaways

The Cushman & Wakefield cyberattack serves as a reminder of the persistent threat of cybercrime and the importance of robust security measures. Key takeaways include:

•

Social engineering attacks like vishing can be highly effective.

•

Data breaches can have significant consequences for businesses and their stakeholders.

•

Incident response plans are crucial for minimizing the impact of cyberattacks.

Discussion

Do you think companies are doing enough to protect themselves from vishing attacks? Share your thoughts in the comments below!

Share this article with others who need to stay ahead of this trend!

View Original Source

Telegram Groups Facilitate Domestic Hacking and Abuse

Source: wired.com

SecurityCybercrime

Telegram Groups Facilitate Domestic Hacking and Abuse

Recent research has uncovered a disturbing trend: Telegram groups are being used to facilitate domestic hacking and abuse. These groups are ...

2 months ago