Categories
APT Breach Brute-force Cryptojacking cryptominers CVE DDoS Hacking Malware Phishing Ransomware Scam Vishing Vulnerability

16K Webex accounts deleted: Cisco employee pleads guilty, Elon Musk confirms Russian attempt to target Tesla, and more

Major cybersecurity events on 28th August 2020 (Morning Post): 28,000 printers hijacked by researchers, suggests that 56% of exposed printers can be easily hijacked. Lemon_Duck cryptominer malware targets Linux devices. 350m decrypted email addresses exposed on unsecured server.

Round Up of Major Breaches and Scams

Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts

A former Cisco Systems employee pleaded guilty this week to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco’s collaboration application for enterprises. In a plea agreement in a San Jose federal court, Sudhish Kasaba Ramesh, 30, admitted to intentionally accessing Cisco’s cloud infrastructure – without the networking company’s permission – on Sept. 24, 2018.

Elon Musk confirms Russian hacking plot targeted Tesla factory

Earlier this week, US authorities arrested and charged a Russian national for traveling to the US to recruit and convince an employee of a Nevada company to install malware on their employer’s network in exchange for $1 million. While no court indictment named the targeted company, several news outlets specialized in covering the electric cars scene speculated today that the attack had very likely targeted US carmaker Tesla, which operates a mega-factory in Sparks, a town near Reno, Nevada.

US files lawsuit to seize cryptocurrency stolen by DPRK hackers

The U.S. Justice Department today filed a civil forfeiture complaint aiming to seize control of 280 Bitcoin (BTC) and Ethereum (ETH) accounts containing funds allegedly stolen by North Korean hackers in attacks against two unnamed cryptocurrency exchanges. Based on information contained within a civil forfeiture complaint in rem filed today, the first attack took place when the North Koreans hacked and stole more than $272,000 worth of cryptocurrency and Proton Tokens, PlayGame, and IHT Real Estate Protocol tokens.

Researchers Hijack 28,000 Printers to Show How Easily They Can Be Hacked

The research was conducted by security experts at CyberNews, who claim to have identified more than 800,000 printers that were accessible over the internet and had network printing features enabled. They then selected a sample of 50,000 exposed printers and sent them a script that instructed the devices to print the security guide. The researchers said the document was printed by nearly 28,000 of those devices, which suggests that 56% of exposed printers can be hijacked.

DSCI-PayPal Report Shows Increase in Online Payment Fraud in India

Online banking and digital transactions have grown massively in India due to the temporary closure of shops and malls. The Indian e-commerce market is also seeing unprecedented growth, especially in tier-II and tier-III cities. Bad actors are taking advantage of the situation, with a jump in online fraud, phishing, and vishing cases in India. A joint study by NASSCOM’s Data Security Council of India and Paypal on “Fraud & Risk Management in Digital Payments” confirms this, with insights and data points.

Iranian hackers impersonate journalists to set up WhatsApp calls and gain victims’ trust

Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files. The attacks have happened in July and August this year, according to Israeli cyber-security firm ClearSky, who published a report today detailing this particular campaign.

Round Up of Major Malware and Ransomware Incidents

DDoS extortion campaign targets financial firms, retailers

Over the last few weeks, a cybercrime group has been extorting various organizations all over the world by threatening to launch distributed denial-of-service (DDoS) attacks against them unless they pay thousands of dollars in Bitcoin. The attackers have been targeting organizations operating in various industries, notably finance, travel, and e-commerce. They don’t seem to be targeting any specific region, as ransom letters have been sent to organizations residing in the United Kingdom, the United States and the Asia-Pacific region.

AR: Gosnell schools hit with ransomware attack

The Gosnell School District is recovering from a ransomware attack on Sunday. Superintendent Bornad Mace said ransomware software infiltrated the school’s system Sunday morning. Mace said the district’s tech team, the Arkansas Division of Information Services, and the P12 Cyber Threat Response Team worked to clear and recover data on Tuesday. Gosnell wasn’t the only school district hit over the weekend. In Los Angeles, the Rialto Unified School District was also attacked.

Lemon_Duck cryptominer malware now targets Linux devices

The Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances. Lemon_Duck (spotted last year by Trend Micro and further examined by SentinelOne) is known for targeting enterprise networks, gaining access over the MS SQL service via brute-forcing or the SMB protocol using EternalBlue according to Guardicore’s Ophir Harpaz.

Local Government Organizations Most Frequently Targeted by Ransomware

Local government bodies are more likely to be targeted by ransomware attacks than any other type of organization, according to a new study by Barracuda Networks, which looked at 71 global ransomware incidents over the last 12 months. It found that 44% of global ransomware attacks that have taken place so far in 2020 have been aimed at municipalities, which is virtually the same proportion as in 2019 (45%).

REvil ransomware operators breached healthcare org Valley Health Systems

During ordinary monitoring activity of data leaks, the Cyble Research Team identified a leak disclosure post published by the REvil ransomware operators claiming to have breached a healthcare organization, the Valley Health Systems. Healthcare organizations are a privileged target of hackers due to the sensitive data they manage. During this period, due to the ongoing COVID19 pandemic, these structures are under pressure and more exposed to cyber risks.

Round Up of Major Vulnerabilities and Patches

Academics bypass PINs for Visa contactless payments

A team of academics from Switzerland has discovered a security bug that can be abused to bypass PIN codes for Visa contactless payments. This means that if criminals are ever in possession of a stolen Visa contactless card, they can use it to pay for expensive products, above the contactless transaction limit, and without needing to enter the card’s PIN code. The attack is extremely stealthy, academics said, and can be easily mistaken for a customer paying for products using a mobile/digital wallet installed on their smartphone.

350 million decrypted email addresses left exposed on an unsecured server

The CyberNews research team uncovered an unsecured data bucket owned by an unidentified party, containing seven gigabytes worth of unencrypted files that include 350,000,000 strings of unique email addresses. The massive trove of emails was left on a publicly accessible Amazon AWS server, allowing anyone to download and access the data.