Categories
APT Breach Bug Cyber Security Egregor Info-stealer Malware Ransomware RAT Vulnerability

Ticketmaster Fined £1.25m Over Data Breach, Image stock site 123RF hacked, Cencosud hit by Egregor Ransomware, and more

Major cybersecurity events on 16th November 2020 (Evening Post): Biotech research firm Miltenyi Biotec hit by Mount Locker ransomware, Chilean-based retail giant Cencosud hit by Egregor Ransomware, and Schneider Electric Warns Customers of Drovorub Linux Malware.

Round Up of Major Breaches and Scams

Botnet Attackers Turn to Vulnerable IoT Devices

Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks. The vast number of Internet-of-Things (IoT) devices are proving to be lucrative for botnet operators to carry out various attacks, from sending spam to launching harmful distributed denial-of-service (DDoS) attacks.

Ticketmaster Fined £1.25m Over Data Breach

A British ticketing company has been financially penalized over a 2018 data breach that exposed the personal information of millions of customers across Europe. The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25m for failing to keep its customers’ personal data secure. Ticketmaster issued a data breach notice in June 2018 after a third-party platform provider Inbenta Technologies was infected with malicious software.

New stealthy hacker-for-hire group mimics state-backed attackers

A new mercenary hacker group tracked as CostaRicto by BlackBerry researchers is selling its services to entities requiring APT-level hacking expertise in cyber-espionage campaigns spanning the globe and targeting a multitude of industry sectors. This hacker-for-hire group’s toolset includes custom and never-before-seen malware, as well as the use of SSH tunnels set up on their victims’ networks and VPN proxies that enables them to avoid detection and hide their malicious activity.

Crypto Firm Offers $200,000 Bug Bounty to Hacker Who Stole $2m

A cryptography borrowing and savings company has offered an attacker $200,000 as a bug bounty in return for the $2m in funds they stole late last week. Gibraltar-based Akropolis was attacked on Thursday, when an individual exploited a bug in the deposit logic of its SavingsModule smart contract to make off with a little over two million in DAI virtual currency. However, the firm’s security company PeckShield claimed to have located the attacker’s Ethereum account, where the funds were transferred to, and said it is monitoring it for any further movement.

Image stock site 123RF hacked; 8.3M user database leaked

123RF suffered a data breach earlier this year in March while its database was leaked on a hacker forum on November 8th and as a result, its database with 8.3 million users has been leaked on an infamous hacker forum for download. 123RF is part of Chicago, Illinois based Inmagine Group. The service has more than 12 million active users.

Round Up of Major Malware and Ransomware Incidents

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

New skimmer attack uses WebSockets to evade detection

Experts spotted a new skimmer attack that used an alternative technique to exfiltrate payment information from payment cards. Threat actors are using fake credit card forum and WebSockets to steal the financial and personal information of the users. Online stores are increasingly outsourcing their payment processes to third-party vendors, which means that they don’t handle credit card data inside their store. To overcome this, the attacker creates a fake credit card form and injects it into the application’s checkout page. The exfiltration itself is done by WebSockets, which provide the attacker a more silent exfiltration path.

New Jupyter information stealer appeared in the threat landscape

Russian-speaking threat actors have been using a piece of malware, dubbed Jupyter malware, to steal information from their victims. The Jupyter malware is able to collect data from multiple applications, including major Browsers (Chromium-based browsers, Firefox, and Chrome) and is also able to establish a backdoor on the infected system.

Chilean-based retail giant Cencosud hit by Egregor Ransomware

Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved. The company has more than 1045 stores in Latin America (Argentina, Brazil, Chile, Colombia, and Peru) with over 140,000 employees and $15 billion in revenue for 2019.

Schneider Electric Warns Customers of Drovorub Linux Malware

One of the security bulletins released this week by Schneider Electric warns customers about Drovorub, a piece of Linux malware that was recently detailed by the NSA and the FBI. The U.S. agencies issued a joint advisory in mid-August to warn organizations that the cyber-espionage group known as APT28, which has been linked to Russia’s General Staff Main Intelligence Directorate (GRU), has been using a piece of Linux malware named Drovorub.

Biotech research firm Miltenyi Biotec hit by Mount Locker ransomware

Biotech research firm Miltenyi Biotec disclosed a ransomware attack that took place in October and affected its IT infrastructure worldwide. The company announced that it has fully restored systems after the attack, anyway in some countries local employees are still facing problems with mail and telephone systems.