TL; DR: A potential data theft record and career change for a cybercriminal (Week 27)

A ransomware cybercriminal has rearmed for cryptojacking, an international hotel chain has another data leak, and a potential data theft of record proportions is under investigation.

Another Marriott International data leak

The Marriott International hotel chain has been the target of another data leak following the November 2018 and March 2021 attacks. Attackers managed to steal 20GB of data from the US branch in Maryland. The reporting is considered controversial as the company declared that it was only internal business data and subsequently that it would notify all regulators and the 300 to 400 people whose personal data was leaked as part of the incident.

Record data theft?

An unknown cybercriminal under the handle “ChinaDan” wrote on the hacker forum Breach Forums that he stole the data of 1 billion Chinese citizens. In total, he is selling 23TB of data for 10 BTC (bitcoins), which is currently worth more than €200,000. The authenticity of the leak has not yet been confirmed, but Binance CEO Zhao Changpeng tweeted that they have recorded the sale of 1 billion Asian residents’ data, and the data includes names, addresses, national IDs, mobile numbers, and police and medical data.

Hanging the ransomware on a nail

The cybercriminal responsible for spreading the AstraLocker ransomware has publicly announced that he is quitting, but will be back. He concluded by saying that he is done with ransomware, but he is switching to cryptojacking (“I’m done with ransomware for now. I’m going in cryptojaking lol”). He posted the decryption keys to AstraLocker on VirusTotal and Emsisoft is working on creating a tool for convenient decryption.

Theft and sale of reported vulnerabilities

A now-former employee of the vulnerability scanning platform HackerOne unauthorisedly gained access to reported vulnerabilities, which he then reported to another similar platform for financial rewards. The investigation began with a report on another platform that was brought to the company’s attention by one of the vulnerability reporters. After analyzing several suspicious reports and then working with the relevant payment service providers, the company uncovered fake accounts created by its employee. No evidence was found that the vulnerabilities had been exploited for cyberattacks.

SHORTCUTS:

• Phishing is being spread on the social networking site Twitter to gain access to a victim’s account. To spread the phishing message and increase its credibility, the attacker exploits stolen verified accounts and uses the victim’s legitimate profile photo in a phishing web page inviting to log in,
• An unknown cybercriminal successfully gained access the British Army’s Twitter account. It is not known how he gained access, but he used it to spread cryptojacking,
• the UK branch of US publisher Macmillan was forced to shut down its IT systems after it was the target of a ransomware attack. The attack also led to the closure of both physical and virtual offices in New York, and the entire incident is under investigation,
• CVE’s vulnerability identifier registration platform MITRE mistakenly published links to the management consoles of vulnerable IPs,
• IT company SHI International was the target of an unspecified cyberattack. The company was forced to shut down multiple systems, including its website and email,
• Apple has disclosed that it is working on a new security feature called “Lockdown mode”. The aim of the feature is to reduce the success rate of professional spyware malware like Pegasus.

« Späť na zoznam