Round Up of Major Breaches and Scams
A former Cisco Systems employee pleaded guilty this week to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco’s collaboration application for enterprises. In a plea agreement in a San Jose federal court, Sudhish Kasaba Ramesh, 30, admitted to intentionally accessing Cisco’s cloud infrastructure – without the networking company’s permission – on Sept. 24, 2018.
Earlier this week, US authorities arrested and charged a Russian national for traveling to the US to recruit and convince an employee of a Nevada company to install malware on their employer’s network in exchange for $1 million. While no court indictment named the targeted company, several news outlets specialized in covering the electric cars scene speculated today that the attack had very likely targeted US carmaker Tesla, which operates a mega-factory in Sparks, a town near Reno, Nevada.
The U.S. Justice Department today filed a civil forfeiture complaint aiming to seize control of 280 Bitcoin (BTC) and Ethereum (ETH) accounts containing funds allegedly stolen by North Korean hackers in attacks against two unnamed cryptocurrency exchanges. Based on information contained within a civil forfeiture complaint in rem filed today, the first attack took place when the North Koreans hacked and stole more than $272,000 worth of cryptocurrency and Proton Tokens, PlayGame, and IHT Real Estate Protocol tokens.
The research was conducted by security experts at CyberNews, who claim to have identified more than 800,000 printers that were accessible over the internet and had network printing features enabled. They then selected a sample of 50,000 exposed printers and sent them a script that instructed the devices to print the security guide. The researchers said the document was printed by nearly 28,000 of those devices, which suggests that 56% of exposed printers can be hijacked.
Online banking and digital transactions have grown massively in India due to the temporary closure of shops and malls. The Indian e-commerce market is also seeing unprecedented growth, especially in tier-II and tier-III cities. Bad actors are taking advantage of the situation, with a jump in online fraud, phishing, and vishing cases in India. A joint study by NASSCOM’s Data Security Council of India and Paypal on “Fraud & Risk Management in Digital Payments” confirms this, with insights and data points.
Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files. The attacks have happened in July and August this year, according to Israeli cyber-security firm ClearSky, who published a report today detailing this particular campaign.
Round Up of Major Malware and Ransomware Incidents
Over the last few weeks, a cybercrime group has been extorting various organizations all over the world by threatening to launch distributed denial-of-service (DDoS) attacks against them unless they pay thousands of dollars in Bitcoin. The attackers have been targeting organizations operating in various industries, notably finance, travel, and e-commerce. They don’t seem to be targeting any specific region, as ransom letters have been sent to organizations residing in the United Kingdom, the United States and the Asia-Pacific region.
The Gosnell School District is recovering from a ransomware attack on Sunday. Superintendent Bornad Mace said ransomware software infiltrated the school’s system Sunday morning. Mace said the district’s tech team, the Arkansas Division of Information Services, and the P12 Cyber Threat Response Team worked to clear and recover data on Tuesday. Gosnell wasn’t the only school district hit over the weekend. In Los Angeles, the Rialto Unified School District was also attacked.
The Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances. Lemon_Duck (spotted last year by Trend Micro and further examined by SentinelOne) is known for targeting enterprise networks, gaining access over the MS SQL service via brute-forcing or the SMB protocol using EternalBlue according to Guardicore’s Ophir Harpaz.
Local government bodies are more likely to be targeted by ransomware attacks than any other type of organization, according to a new study by Barracuda Networks, which looked at 71 global ransomware incidents over the last 12 months. It found that 44% of global ransomware attacks that have taken place so far in 2020 have been aimed at municipalities, which is virtually the same proportion as in 2019 (45%).
During ordinary monitoring activity of data leaks, the Cyble Research Team identified a leak disclosure post published by the REvil ransomware operators claiming to have breached a healthcare organization, the Valley Health Systems. Healthcare organizations are a privileged target of hackers due to the sensitive data they manage. During this period, due to the ongoing COVID19 pandemic, these structures are under pressure and more exposed to cyber risks.
Round Up of Major Vulnerabilities and Patches
A team of academics from Switzerland has discovered a security bug that can be abused to bypass PIN codes for Visa contactless payments. This means that if criminals are ever in possession of a stolen Visa contactless card, they can use it to pay for expensive products, above the contactless transaction limit, and without needing to enter the card’s PIN code. The attack is extremely stealthy, academics said, and can be easily mistaken for a customer paying for products using a mobile/digital wallet installed on their smartphone.
The CyberNews research team uncovered an unsecured data bucket owned by an unidentified party, containing seven gigabytes worth of unencrypted files that include 350,000,000 strings of unique email addresses. The massive trove of emails was left on a publicly accessible Amazon AWS server, allowing anyone to download and access the data.