Round Up of Major Breaches and Scams
Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies.
A database belonging to the Digital Point webmaster forum leaked the records of over 800,000 users. San Diego, California-based Digital Point describes itself as the “largest webmaster community in the world,” bringing together freelancers, marketers, coders, and other creative professionals. On July 1, the WebsitePlanet research team and cybersecurity researcher Jeremiah Fowler uncovered an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak.
According to the Georgian Ministry of Internal Affairs, the purpose of infiltrating the Ministry of Health’s database was to get hold of important medical records. The Ministry of Internal Affairs reported that the Cyber Crimes Department of the Criminal Police Department of the Ministry of Internal Affairs of Georgia has begun an investigation into the fact of unauthorized entry into the computer system of the Ministry of Health of Georgia.
Newcastle University, in the North East of England, has suffered a cyber attack which has already caused several days of disruption to its IT services. And, the university warns, it will “take several weeks” to get systems up and running again: Our teams are working with a number of agencies to address the current issues and are taking further measures to secure the IT estate. The nature of the problem means this will be an on-going situation for some time and it will take several weeks to address.
Victims of the Charing Cross Gender Identity Clinic data breach – which occurred a year to the day yesterday – could be eligible to claim up to £30,000 each in damages, according to consumer action and data breach law firm Your Lawyers. As was reported last year, the Charing Cross Gender Identity Clinic sent out mass emails to people using the CC function instead of the BCC function, mistakenly revealing the names and email addresses of close to 2000 people on its email list.
The Australian Cyber Security Centre (ACSC) recorded 59,806 cybercriminal complaints in the past 12 months (From July 2019 to June 2020) and responded to 2,266 legitimate ones at an average of 164 reports per day, or one report every 10 minutes. The First Annual Cyber Threat Report was jointly produced by the ACSC, the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police (AFP). The report underlines Australia’s growing concerns about the frequency, scale, and sophistication of cyberthreats targeted at its digital and now critical infrastructure.
Round Up of Major Malware and Ransomware Incidents
A Russian national has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company’s network. The man, Egor Igorevich Kriuchkov, 27, was arrested on August 22, when the U.S. Department of Justice announced that he had attempted to recruit an employee of a company in Nevada, offering them $1 million to install malware within the enterprise environment.
With organizations across the world continuing their operations remotely, opportunistic cybercriminals are taking advantage of this situation by targeting online e-learning platforms. Hackers have set their sight on the education industry with various kinds of phishing attacks, fake domains, and other malicious activities. A survey from Kaspersky revealed that there has been a surge in distributed denial-of-service (DDoS) attacks on online educational services in 2020, compared to 2019.
Round Up of Major Vulnerabilities and Patches
Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows. Tracked as CVE-2020-3495 and featuring a CVSS score of 9.9, the flaw can be exploited remotely without authentication through sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) message to a vulnerable application. The issue exists because the software fails to properly validate message contents.