TL;DR

TL; DR: 12 years in prison for cyberattack and botched update of Apple (38th week)

Apple has not been able to update the Finder; cybercriminals are being associated with Mafia and the data leaks continue. There also appeared a manual of Conti ransomware attack and finally one attacker got into jail for his role in a seven-year scheme.

Botched update

In the latest macOS Big Sur update, Apple tried to fix a critical security vulnerability in the Finder file search application. Vulnerability allowed to execute a malicious code after opening a seemingly harmless file, completely without providing a warning to the user. The update took place non-standardly – the vulnerability was only partially fixed and the CVE identification number was not assigned.

Cyber Mafia

Europol, in cooperation with the Italian police, successfully dismantled a cybercrime group linked to the Italian Mafia. Police forces arrested 106 suspects involved in organised crime and also, among other things, in executing phishing attacks, SIM swapping and business e-mail compromise. Europol states that the last year alone, the gang has earned about € 10 million.

Finally in prison

A cybercriminal of Pakistani nationality was sentenced to 12 years of prison for his role in a seven-year scheme to illegally unlock nearly 2 million AT&T mobile devices and caused more than $ 200 million in losses. The attack consisted of recruiting bribed AT&T employees to install malware in the internal network and to recruit other colleagues for further attacks.

Gigabytes of sensitive data

A Comparitech security researcher has discovered an unsecured database containing personal information of 106 million people who visited Thailand in the last ten years. Thai authorities have secured the 200 GB database within three days, have replaced it with a honeypot and after an investigation reported that any unauthorised persons have not accessed the data.

Manual of Conti

Talos’ security researchers translated a playbook for the cyberattack of Conti ransomware group. The manual is so detailed and simple that it would allow an attack on a larger corporate network with “relatively little experience”. The ransomware manual was leaked by an affiliate of the Conti gang as a revenge for a low payment.

SHORTCUT

  • The French shipping firm CMA CGM was hit with another cyberattack following the ransomware attack of September 2020. Attackers have accessed the customers’ information including first and last names, employer’s details, positions, e-mail addresses and phone numbers.
  • CISA, FBI and the NSA issued an alert related to an increased use of Conti ransomware in attacks on the US organisations. The alert provides an overview of how Conti enters the affected systems along with a set of recommendations.
  • An agricultural cooperative Crystal Valley based in the US Minnesota has become a target of a ransomware attack. The attack has interrupted operations of the company and has shut down its payment systems. The attacker and the ransom are not known so far.
  • New Cooperative, an Iowa-based farm service provider, has been hit with the BlackMatter ransomware attack. The attackers demand $5.9 million ransom for the decryption key.
  • The incorrect implementation of Microsoft Exchange’s Autodiscover feature allowed the leakage of 100 thousand login names and passwords from Exchange accounts worldwide.

« Späť na zoznam
Current threats
all publications
Links