TL; DR: Apple, Microsoft and Netflix. A researcher managed to breach the protection of several IT giants (6th week)
You will learn about an attempt to attack drinking water supply in the USA, as well as a popular android application or a streaming service Spotify.
Security authorities have solved several successful cases, and North Korean hackers can say likewise, because they have enriched the state budget by hundreds of millions of dollars in cryptocurrencies.
Two American hospitals or a Polish gaming studio haven’t escaped the data theft.
A special attack among top companies
A security researcher managed to breach successfully the protection of more than 35 major companies, including Apple, Microsoft, PayPal, Netflix, Tesla and Uber. A special supply chain attack which depended on automated uploading of libraries by applications of mentioned companies was used. The attacker used a new unique method of attack called dependency confusion.
It could have been a fatal aftertaste
An unknown cyberterrorist tried to poison the drinking water in the US state of Florida. The attacker tried to attack the control systems of the waterworks and increase the level of sodium hydroxide hundred times. The attack was interrupted in time – it was detected during the operational monitoring of the waterworks. Installed remote access software was misused for the attack.
Malicious code in update
Barcode Scanner, a popular Android application, has become a target of a supply chain attack. Attackers managed to slip the malicious code into December update. It managed to infect millions of devices until Google removed it from Play Store. Consequently, the application was opening advertisements for victims and forced them to install other malicious applications.
They confirmed the attack
More than a hundred thousand user accounts on the Spotify music platform have leaked. A credential stuffing attack, similar to that in November 2020, was discovered and published by security researcher Bob Diachenko. After the release, Spotify confirmed that there has been an attack and they issued password resets to all impacted users.
The Democratic People’s Republic of Korea is successfully making money on cryptocurrencies
The North Korea stole more than 316 million dollars in cryptocurrencies in cyberattacks between 2019 and November 2020. The DPRK was to use the money to produce fossil material, maintain nuclear facilities and ballistic infrastructure.
International successful cases
Ukrainian security authorities, in cooperation with Australian and American police agencies, have successfully arrested a cybercriminal – the administrator of the tool uPanel. At the time of arrest, the tool had 200 active clients. uPanel was used as a phishing management tool and had been used for more than half of phishing attacks in Australia.
Another effort by international security authorities succeeded in dismantling the cyber gang, specialized in theft and misuse of SIM cards (also known as SIM swapping / SIM hijacking). The attackers were focusing highly profiled targets – actors, musicians, sports stars and their families.
SHORTCUT
- Two hospitals in Texas and Miami have become a target of ransomware attacks. The attackers successfully stole hospital databases with medical records connected with tens of thousands of patients and employees. Databases are already for sale on the dark web.
- Following a two-year downtime, an Iran-linked cyberespionage operation has resumed its activities with an updated variant of the Infy malware.
- The Polish studio CD Projekt Red has become a target of a ransomware attack. The attackers were able to successfully obtain game source codes and encrypt the company’s servers. Despite the grave situation, the company announced that it would not negotiate with the attackers.
« Späť na zoznam
