The 45th week was also in the spirit of data leaks and ransomware campaigns. Attackers targeted business, medical and technology organizations. A large-scale attack was attributed to the Chinese state-sponsored APT 10 – Cicada.
Security researchers from Birmingham managed to revive an old vulnerability of Intel processors, and Facebook fixed a vulnerability in Messenger.
China will not spare Japan
Symantec company discovered a major hacking campaign in the form of supply chain attacks against Japanese companies in the United States, Germany, France, the United Kingdom, Belgium and the Southeast Asia.
The Chinese state-sponsored spy group APT 10, also known as Cicada (Red Apollo, Stone Panda), is probably responsible for the campaign. The main target was the automotive industry, and also government organizations, pharmaceutical industry and other business organizations.
They listened without invitation
Facebook released an update for its Messenger for Android application. There was a vulnerability that could have allowed attackers to eavesdrop users of Messenger without the user interaction.
A fix not fixed
Security researchers at the University of Birmingham have managed to breach security of Intel SGX processors. This attack, called Plundervolt, which Intel fixed with updates in late 2019, can be again executed using a separate device that can be installed on a processor, to which the attacker has physical access.
A Canadian city of Saint John has become a target of a ransomware attack. An unknown attacker was able to encrypt the city’s website, servers and e-mails. Critical city functions are still operational despite the attack. The attacker demanded a ransom of 75 000 dollars from the city. Data theft has not been confirmed yet.
Beyond the law
DarkSide ransomware operators plan to open a new distributed storage system for stolen files. The storage system is also intended to serve other cybercriminal organizations and could significantly make it harder for security authorities to discover, block or otherwise cease similar services.
- The attack on Mercy Iowa City Hospital resulted in the leakage of personal and medical information of more than 60 000 people. Names, social security numbers, driver’s license numbers, dates of birth, medical treatment information and also health insurance data have been revealed.
- The web hosting provider Managed.com was hit with REvil ransomware attack. The hacking group is demanding a ransom of 500 000 dollars in the cryptocurrency Monero.
- The North Face website suffered a credential stuffing attack. Attackers were able to steal the personal data of several users. The names and passwords used by the attacker were gained from an unknown source.
- An unknown perpetrator obtained data of 27 million citizens in Texas. The attacker gained access to a database of the insurance company Vertafone that contained personal identification data (names, dates of birth and addresses) as well as the vehicle registration histories.
- A ringleader of the FIN7 hacking group faces up to a 25-year prison. He has pleaded guilty of stealing more than 15 million payment cards. The security forces managed to arrest 2 other members of the group as well.
« Späť na zoznam