Round Up of Major Breaches and Scams
Security experts have discovered a major new Business Email Compromise (BEC) campaign that has already stolen over $15 million from a possible 150 organizations. Israeli incident response specialist Mitiga was first called in after a multimillion-dollar transaction went awry, according to head of research, Andrey Shomer. It appears that a cyber-criminal was monitoring email communications between a corporate buyer and seller, and at the last minute, stepped in to impersonate the seller, sending over new wire payment instructions.
Intelligence from the FBI prompted Twitter to take down roughly 130 accounts that “appeared to originate in Iran,” and were trying to generate conflict during the presidential debate Tuesday, the social media company reported. In its announcement Wednesday, Twitter did not offer more details about the origin of the accounts or the extent of the FBI’s tip, but said it would publish the results of its full investigation later.
A Russian hacker who was found guilty of hacking LinkedIn Dropbox , and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that’s more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users.
Twitter users are currently experiencing issues around the world, with users unable to use the website and mobile apps. When attempting to access Twitter’s website, users are given “Something went wrong” errors or other messages stating that the company is aware of the problem and are working on restoring access. This outage started within the last 30 minutes and according to DownDetector, social media platform, Twitter is currently experiencing an outage in the U.S, Europe, India, Japan, Australia, and other parts of the world.
Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. The Blue Cross-Blue Shield insurer said Wednesday that it will pay $39.5 million to settle an investigation by a group of state attorneys general. Anthem said it was the last open investigation into the attack. The company also agreed nearly two years ago with the U.S. Department of Health and Human Services to pay $16 million to settle possible privacy violations.
Round Up of Major Malware and Ransomware Incidents
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices. A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux, which were targeted by previous variants of the malware). Researchers say, the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide. Half of the infected machines are in Hong Kong, South Korea and Taiwan.
The Netwalker ransomware operators have published the stolen data for K-Electric, Pakistan’s largest private power company, after a ransom was not paid. On September 7th, 2020, K-Electric suffered a Netwalker ransomware attack that disrupted online billing services, but not the supply of power. Soon after, BleepingComputer obtained access to the Tor ransom payment page for K-Electric’s attack, where ransomware operators demanded a $3,850,000 payment. The attackers also stated that they would release files stolen during the attack if a ransom was not paid.
It has been said that a picture is worth a thousand words. In the world of malware, a picture is worth an infection — in other words, a picture can actually be the malware (ransomware, specifically in this case) that initially infects the compromised machine. This malware is called Tycoon and it uses an obscure image format to infect machines and inflict its ransomware chaos onto the compromised machine.
A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.
Round Up of Major Vulnerabilities and Patches
The Windows Subsystem for Linux 2 will bypass the Windows 10 firewall and any configured rules, raising security concerns for those who use the feature. In a blog post today, Mullvad VPN explained that their product includes an ‘Always require VPN’ option that blocks Internet access via the Windows Firewall unless connected to the VPN. After Mullvad received a tip from a user, it was determined that WSL2 Linux distributions bypass the Windows 10 firewall and its configured rules, and prevent the VPN’s ‘Always require VPN’ security feature from working.