It’s Tuesday 28 January 2025 and today we’re covering three big cyber security stories. Australian companies falling victim to C10P ransomware, gangster PayPal being fined for cyber security failures and an automotive manufacturer hit by a ransomware attack. I’m Leigh Kefford. Let’s dive in.

CI0p Ransomware
Let’s start with the C10P ransomware gang. This has listed major Australian companies Ampol, Linfox and Steel Blue as victims.

This attack exploited vulnerabilities in Clio’s managed file transfer software, a tool widely used to exchange sensitive business data.

Once inside, the attackers encrypted systems and threatened to release stolen data if a ransom wasn’t paid.

These companies are now working to assess the damage and recover from the attack.

Take Action:

• Regularly update and patch all software, especially third party tools used for transferring data.
• Monitor for unusual activity in systems that handle sensitive information.
• Use endpoint protection and network segmentation to limit the spread of ransomware.

Ransomware is a growing threat and staying ahead with proactive measures is key.

PayPal Fined
Next up, we’ve got PayPal was fined $2 million for cybersecurity lapses that exposed customers personal information, including US Social Security numbers. Back in 2022, New York’s Department of Financial Services found that PayPal systems lacked adequate protections, leading to the exposure of sensitive data.

This fine serves as a reminder that even big corporations need to remain vigilant about their cybersecurity practices.

Take Action:

• To protect your business Conduct regular audits of your data Security measures
• Encrypt sensitive customer information to reduce exposure risks.
• Train employees on how to identify and respond to phishing attempts or security gaps.

Customer trust is earned through strong cybersecurity practices. Don’t let your business fall short.

Cluth Industries Cyberattack
And finally today, let’s talk about Australian automotive manufacturer Clutch Industries. They recently confirmed a cyber attack after the Lynx Ransomware Group claimed to have stolen 350 gig of data, including employee records and financial information.

The attack highlights the risk facing industries with extensive supply chains and interconnected systems. Clutch Industries is now working to secure their systems and assess the impact of the breach.

Take Action:

• Implement multi factor authentication across all systems to limit unauthorized access.
• Backup your data regularly and ensure backups are stored securely offline.
• Conduct penetration tests to identify vulnerabilities before attackers do.

For manufacturers and businesses relying on supply chains, a strong cybersecurity posture is non negotiable.

And that is a wrap for today’s Don’t Be a Sitting Duck podcast episode. For more tips and resources, please visit www.sittingduck.com don’t forget to subscribe so you never miss an episode. I’m your host, Leigh Kefford, reminding you to stay safe online. Thank you for listening.