TL; DR: Google and Apple were patching and Facebook didn’t protect half a billion data (4th week)
In the fourth week of this year, at least on the surface, the security authorities’ achievements seemed to outweigh the successes of the attackers. Apple has successfully fixed a serious vulnerability exploited by the attackers, Proofpoint researchers have published a research on banking Trojan DanaBot and organisations haven’t again avoided ransomware attacks of a larger extent.
In the meantime, Google revealed a sophisticated campaign and Facebook didn’t protect half a billion phone numbers.
More wasn’t probably possible
Security researchers from the dfndr lab revealed a massive information leak in Brazil. There are up to 220 million records in someone’s hands, which in practice is almost the entire Brazilian population.
The records contained full names, birth dates and tax identification numbers. The database also included data on 104 million vehicles (a body number, registration number, place of registration, colour, model, year of production, engine capacity and fuel used by the vehicle).
The leaked company data contained their identification numbers, business names and dates of formation.
Half a billion phone numbers weren’t protected
More than 500 million phone numbers have leaked from Facebook’s social network databases. The fact was revealed by the company Motherboard, which discovered an auction sale of data on the dark web market. The attackers used an automated Telegram bot to collect data. The vulnerability they exploited was already fixed in August 2019. Although the data is older, but due to the lifetime of phone numbers they are still relevant.
In the last moment
On 26 January 2021, Apple quickly released a security update due to the fact that it is actively exploited by attackers. Fixed vulnerabilities in combination allow malicious code to be executed on Apple devices when the victim opens the offered web address.
Researchers as a target
Google revealed a sophisticated and extensive campaign. Attacks were specifically targeting the security community of cyber researchers. A blog and Twitter focusing on sharing vulnerabilities and their research and attributed to North Korea, was luring researchers into a contractual cooperation.
After establishing contact, the attackers sent the researcher a Visual Studio Project, containing malware and sending data on the attackers’ server.
It’s even stronger
Banking Trojan DanaBot is growing again. According to Proofpoint security researchers, its latest version is large, multi-layered and modular. Malware is highly sophisticated and written in Delphi, which makes it difficult to analyse.
Another scalp
The European and American security authorities, in cooperation with Ukraine, have successfully attacked Emotet’s infrastructure. The operation was called Ladybird and was intended to disrupt and take over Emotet’s infrastructure located in more than 90 countries.
Two cybercriminals, who were directly involved in maintaining Emotet, were arrested in Ukraine.
SHORTCUT
- In a coordinated offensive against cybercrime group NetWalker, security authorities seized nearly half a million dollars in cryptocurrency and disabled a dark web leak site.
- Dutch police have arrested two cyber attackers for theft and the subsequent attempt to sell Covid patients’ personal data.
- Security researchers at CheckPoint have discovered vulnerability in TikTok’s social network. It allowed to misuse the “Find Friends” feature to collect users’ identification data.
- On 15 January, the Australian Securities and Investment Commission (ASIC) became a target of cyberattack. Unknown files and license applications disappeared. They used the same procedure for the attack as for the New Zealand’s central bank.
- The construction company Palfinger with 35 branches and 11 thousand employees has become a target of a cyberattack of an unknown type so far, which has disrupted most of its global infrastructure.
« Späť na zoznam
