Connect with us

Overview of security incidents for the period from 14 to 20 October 2021

Published

on

A brief overview of the main events in the world of information security for the week.

The untold story of the largest hack in the history of Twitch, two consecutive attacks on Acer, another “dismissal” of REvil, a bank robbery with a “diplomat”, a fraudulent broadcast of the MacBook Pro presentation – read about these and other high-profile events in the world of information security for a week in our review.

One of the most notorious events for the period from 14 to 20 October 2021 is the next “departure” of the sensational cyber ransomware group REvil. The group’s partner published a message according to which unknown assailants seized control of the REvil payment portal in Tor and its site of leaks.

One of the world’s largest hotel chains, Meliá Hotels International, has become a victim of unknown ransomware. The incident mainly affected operations at the Meliá hotels in Spain. The attackers have disabled parts of the internal computer network and some web servers, including the room reservation system and public websites.

Hillel Yaffe Medical Center in Hadera, Israel has been attacked using ransomware. As a result of the attack, hospital staff had to use alternative systems to treat patients and manually record information. A week after the incident, the medical center is still struggling to rebuild its systems, and all patient examinations are still manually recorded.

The surge in ransomware attacks on healthcare organizations in Israel was warned by the Ministry of Health and the Police Cyber ​​Administration. Last weekend, ransomware operators attempted to attack nine medical facilities in Israel, but their attempts were unsuccessful thanks to joint efforts at the state level and timely and decisive action by IT specialists, according to the notice.

Sinclair Broadcast Group, which operates dozens of television stations across the United States, fell victim to a ransomware cyberattack. Some of its servers and workstations have been encrypted with ransomware, according to an official statement from the company. Moreover, the cybercriminals stole part of the data from the computer network.

Twice in a week, the Taiwanese computer giant Acer fell victim to cyberattacks. First, the hackers broke into the company’s after-sales service systems in India. Although Acer did not provide details regarding the attackers responsible for the attack, the criminals reported on one of the hacker forums that more than 60 GB of files and databases were stolen from Acer servers. A few days later, attackers attacked the company’s servers in Taiwan. According to them, this time they did not demand a ransom, but hacked systems with one goal – to demonstrate the vulnerability of Acer servers.

The good news is that information security company Trustwave has released a free utility for recovering data encrypted by BlackByte ransomware, which allows ransomware victims to recover their files without paying a ransom. You can download the utility from GitHub. The decryptor exploits a vulnerability in the BlackByte encryption process. In a two-part technical analysis, Trustwave says the BlackByte encryption process begins after downloading a fake forest.png graphic file to all computers in the attacked organization.

The US authorities fear hacker attacks on water supply systems. This was announced by several federal agencies at once, including the FBI, the Agency for Infrastructure and Cybersecurity, the Environmental Protection Agency and the National Security Agency. Their joint notification addressed to the relevant agencies and services refers to “malicious cyber activity by both known and unknown perpetrators targeting information technology and operational networks, systems and ancillary devices in the water and wastewater sector. [WWS]”.

The cybercriminal group, dubbed by security researchers LightBasin, has been hacking into mobile communications systems around the world for five years. Since 2019, the group has attacked more than a dozen telecommunications companies and maintained its presence on their networks using custom malware. The goal of the hackers was to collect subscriber information and metadata for intelligence services. LightBasin has been active since at least 2016 and attacks servers mainly Linux and Solaris, however, if necessary, hackers can also break into Windows systems.

Cybersecurity researchers at Proofpoint have discovered a malicious email campaign targeting users in Germany and Austria. Security experts have linked the current campaign to the TA505 cybercriminal group, whose members used the Dridex banking Trojan and tools such as FlawedAmmyy, FlawedGrace, the Neutrino botnet and Locky ransomware in past attacks.

The operators of the Magnitude exploit suite have added support for chaining attacks against the Chrome browser. This event is out of the ordinary, since active exploit kits are very rare at present, and even then, they mainly target Internet Explorer. Exploits target two vulnerabilities. A vulnerability in Chrome fixed in April this year (CVE-2021-21224) allows you to bypass the browser sandbox, and a privilege escalation vulnerability in Windows fixed in June (CVE-2021-31956) allows you to attack the operating system.

The attacker hacked into the IT network of the Argentine government and stole the identity cards of the entire population of the country. The hack targeted the national registry of persons, Registro Nacional de las Personas (RENAPER). Information available to attackers includes full names, home addresses, dates of birth, gender information, ID card issue and expiration date, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.

Specialists of the information security company Sophos also uncovered an international cyber fraudulent scheme, during which cybercriminals stole $ 1.4 million in bitcoins from victims using Tinder and fake iOS applications. The fraudulent scheme, dubbed CryptoRom, impresses with a high level of professionalism in terms of both programming and psychology.

An unknown person withdrew assets worth about $ 16 million from the liquidity pools of the DeFi project Indexed Finance. According to the developers, the target of the attack was two indices – DEFI5 and CC10. An attacker exploited a pool rebalancing vulnerability.

The criminals robbed a bank in the UAE worth $ 35 million by forging a voice using artificial intelligence technologies. Using a deepfake voice, the attackers tricked a bank employee into sending them money. The employee himself was confident that he was transferring funds as part of a legitimate business transaction.

Motherboard reported on the biggest hack in Twitch history in 2014, just months after Amazon bought the service for nearly $ 1 billion. The attack was so severe that the company decided to declare nearly all servers compromised. It was easier to gradually migrate to new servers than to deal with old ones. As a result, Twitch had to rebuild most of the code infrastructure.

Juniper Threat Labs researchers have noted new activity by the Python botnet FreakOut, also known as Necro and N3Cr0m0rPh, targeting Visual Tools DVRs used in professional video surveillance systems. The botnet actively uses several services, including an exploit for Visual Tools DVR VX16 4.2.28.0. After exploiting the vulnerability, the botnet launches a Monero miner on the system.

An unofficial YouTube broadcast of Apple’s new product launch on Monday, October 18th, which attracted tens of thousands of users, turned out to be a cryptocurrency scam as a result.

The YouTube broadcast, which took place before the official Apple event, was watched by 30 thousand people. The fraudulent scheme is very simple. Users have been advised that if they transfer a certain amount of Bitcoin to a specified wallet, they will receive Ethereum in response “via AirDrop”. Of course, users who fell for the bait did not receive any Ethereum cryptocurrency.

Chinese security researchers have won a total of $ 1.88 million in the country’s premier hacking competition, the Tianfu Cup, hacking the world’s most popular software, including Windows 10, iOS 15, Ubuntu, Chrome, and more.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Instagram said it is strengthening the protection of its underage users

Published

on

The head of Instagram is due to speak at a hearing in the US Congress on December 7 and talk about the measures taken by his service to protect children.

Tuesday, December 7th, Instagram administration stated the intention to carefully select the content recommended for teens and to nudge them to other areas if they get hung up on one thing. On its blog, the service announced a few more changes that will affect teenagers.

Instagram chief Adam Mosseri is due to speak at a hearing in the US Congress on Wednesday, December 7, and talk about the measures taken by his service to protect children online.

Recently, Instagram and parent company Meta Platforms (formerly Facebook) have come under fire for the potential harm to the mental health and safety of children online.

According to Mosseri, Instagram will disable the ability for users to tag or mention teenagers who are not their followers. Starting in January 2022, teenagers will have the opportunity to massively delete their content, previously set “likes” and written comments.

The service looked at control tools to limit potentially harmful or sensitive content to teens through search, hashtags, short videos (Reels) and featured pages, Mosseri said.

Instagram is also launching a Take a Break feature for users in the US, UK, Canada and Australia, which will remind users to distract themselves if the user is stuck in the app for a long time.

In March 2022, Instagram will launch its first parental control tool that will allow parents and guardians to see how much time a teen is spending on the app.

In September of this year, the Instagram administration decided to postpone the launch of the version of the application for children for now, and now the press service of the service has confirmed that the Instagram management does not intend to return to this project yet.

Continue Reading

Security

Israeli authorities strengthen oversight of cyber technology exports

Published

on

The move follows a series of scandals involving Israeli spyware developer NSO Group.

Israel’s Defense Export Control Agency has decided to tighten oversight over the export of offensive cyber products. Companies buying Israeli cyber technologies will have to sign a declaration to use the products “only for the investigation and prevention of terrorist attacks and serious crimes.” Countries that violate the terms of use may be subject to sanctions, “including restricting and / or shutting down the cyber system.”

As the Associated Press reported, the decision was made just days after another NSO Group spyware scandal. US diplomats in Uganda have been targeted by a software tool developed by the NSO Group. Spyware, developed by the Israeli company NSO Group, has been used to hack iPhone smartphones by at least nine US foreign policy officials.

The NSO Group has faced a flood of international criticism over accusations that it helps governments spy on political opponents and human rights defenders. However, according to the company itself, its product is intended solely to help countries in the fight against crime and terrorism. Israel’s Defense Ministry has also drastically reduced the list of countries to which Israeli companies are allowed to sell their cyber technology. If earlier the list included 102 countries, now it has been reduced to 37. In particular, Israel’s new allies Morocco and the United Arab Emirates, in which cases of human rights violations are known, were excluded from it.

Continue Reading

Security

Life360 service is suspected of selling geodata of children to third parties

Published

on

The company is one of the largest providers of confidential information on the personal data market.

Specialists of the non-profit organization The Markup spent investigation into the service Life360, which allows tracking the geolocation of children. As it turned out, the company is one of the largest providers of confidential information in the personal data market.

The Markup contacted two former employees of the so-called “data brokers” Cuebiq and X-Mode. Life360 made about $ 16 million in 2020 from selling user data to dozens of different companies, according to whistleblowers. In addition, two former Life360 employees also told the organization about the company’s additional source of income.

According to a former X-Mode employee, the raw location data from Life360 was one of the most valuable offerings on the market due to the sheer volume and accuracy of the data. A former Cuebiq employee joked that the company would not be able to carry out its marketing campaigns without the constant stream of location data from Life360.

The privacy policy of the application specifies the transfer of personal data, but the wording of the document actually allows the company to “transfer information to third parties in a form that allows you to identify the user.”

The functionality of the service allows you to prohibit the transfer of data, but this is not directly communicated to the user. This function is hidden in several sub-items of the settings, and consent to the use of information for commercial purposes is activated by default.

Whistleblowers said the company did not maintain adequate user anonymity and only removed names or home addresses prior to the sale. The rest of the information made it possible to easily identify the identity of the user. Any organization could become a buyer of data from Life360; the company did not enter into transactions only with government agencies.

The founder of the company, Chris Hulls (Chris Hulls) was unable to confirm or deny the results of the investigation.

Continue Reading

Most Popular