Categories
APT Breach Bug Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Vulnerability

“Immense” IT problem targets AIDA cruise ships, Unauthorized access at Kawasaki may have caused leak, and more

Major cybersecurity events on 29th December 2020 (Morning Post): Facebook ads misused by cybercriminals in phishing scam to steal 615,000 login credentials. Nefilim ransomware operators leak data stolen from Whirlpool. The Parliament of Finland confirms hackers breached MPs’ emails accounts.

Round Up of Major Breaches and Scams

AIDA Cruise Ships Under Cyber Attack

AIDA cruise ships, including the Aidamar and the Aidaperla, are suffering what has been described as an “immense” IT problem, according to a German newspaper published today. Bild reports that the AIDA cruise line’s operations in its home port of Rostock, Germany have been affected by the failure of the company’s land based and shipboard telephone and internet systems.

Kawasaki announces security incident and responsive measures

Kawasaki Heavy Industries, Ltd. announced that it was subject to unauthorized access from outside the company. As a result of a thorough investigation, the company have discovered that some information from overseas offices may have been leaked to external parties. At this time, the company has found no evidence of leaking information to the external network. However, due to the fact that the scope of unauthorized access spanned multiple domestic and overseas offices, it took a considerable amount of time until the company can formally announce the incident.

Finland confirms that hackers breached MPs’ emails accounts

The Parliament of Finland confirmed that threat actors had access to email accounts of multiple members of parliament (MPs). “Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliament technical surveillance. Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs.” Parliament officials said.

Hackers phish 615,000 login credentials by using Facebook ads

Once again, Facebook ads have been misused by cybercriminals in a large-scale phishing scam to steal victims’ login credentials. Facebook seems to find itself involved one way or another in every second phishing scam out there. In the latest, researchers from ThreatNix have discovered a phishing campaign that was being run using Facebook ads and redirecting users to Github where the actual phishing pages resided.

Hackers Amp Up COVID-19 IP Theft Attacks

In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime. Attackers are looking to the healthcare space as a rich repository of intellectual property (IP) now more than ever, as critical research of COVID-19 therapeutics are developed and Pfizer, Moderna and other biotech firms begin to mass produce vaccines. Several incidents show that nation-states are targeting these companies with a vengeance, as the quest to beat the pandemic continues.

Round Up of Major Malware and Ransomware Incidents

Nefilim ransomware operators leak data stolen from Whirlpool

The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom. The leak comes after failed negotiations with the executives of Whirlpool.

Round Up of Major Vulnerabilities and Patches

CISA releases Azure, Microsoft 365 malicious activity detection tool

The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. This comes after Microsoft disclosed how stolen credentials and access tokens are actively being used by threat actors to target Azure customers. Azure administrators are strongly recommended to review both these articles to learn more about these attacks and to discover how to spot anomalous behavior in their tenants.