TL;DR

TL; DR: Arresting Cybercriminals and Selling Twitter Data (30th Week)

A year of investigative work led to success for security forces in Spain; tens of millions of dollars in cryptocurrency were confiscated in England within one year; and one cybercriminal is selling the data of millions of social network users.

Arrest of cybercrime suspects

Spanish security forces have arrested cybercriminals suspected of a cyberattack on the radioactivity alert network (RAR) controlling radiation levels across Spain. After a year of police investigation, two house searches and one search of an unnamed company, two former workers contracted by the General Directorate of Civil Protection and Emergencies were arrested. Both were familiar with the RAR infrastructure and continued to have access to the system even after they left. The reason for the attack is still unknown.

Warning about the ongoing campaign

UK police in Leicester have issued a warning about an ongoing campaign in which an unknown cybercriminal posted indecent images and videos of young children after gaining access to a victim’s social network account. Police recommend setting strong and unique passwords and using two-factor authentication to social network users. The reasons for the attacks are unknown, as police have no evidence of blackmailing the victims.

The cost of a data breach in 2022

Security researchers at IBM Security have published “The Cost of a Data Breach Report 2022”. After conducting 3,600 interviews with employees of 550 companies that suffered a data breach, they found that a data breach costs the company an average of 4.35 million dollars (a 2.6% increase compared to 2021). Other findings included that 83% of them had more than one breach, 60% had to increase the price of their services, 79% did not have Zero Trust principles deployed, 19% of breaches were caused by supply chain attacks, and 45% of breaches occurred in the cloud.

Financial scam ranking

ESET security researchers have published top 10 most common financial scams. The list included, for example, phone calls from fraudsters (e.g. calls from cybercriminals posing as Microsoft tech support), invoices for unordered services, and “guaranteed” funding opportunities.

Sale of social network data

An unknown cybercriminal exploited the vulnerability to obtain the data of more than 5.4 million users of the social network Twitter. The data in the sample provided by the attacker – email addresses and phone numbers have been verified and the attacker is offering the entire database for 30 thousand dollars. The vulnerability, which have been fixed today, was exploitable regardless of Twitter account security settings.

SHORTS

  • T-Mobile US will pay a total of 350 million dollars to settle class action claims related to the leak of 80 million customers’ data (names, driving licenses and social security numbers) in 2021.
  • A US managed service provider NetStandard from Kansas suffered a cyberattack, and therefore was forced to shut down its MyAppsAnywhere cloud service. According to security researchers the company became a victim of a ransomware attack.
  • The US federal Rewards for Justice Program has doubled the reward for useful information about North Korean cybercriminals attacking hospitals and critical services.
  • An Italian revenue agency, has become a target of a ransomware attack, according to Lockbit ransomware gang website. The cybercriminals claimed that they stole 100 GB of internal documents, scans, financial reports and contracts, but the investigation has not confirmed the attack yet.
  • The UK’s National Crime Agency (NCA) confiscated approximately 27 million dollars in cryptocurrency during the period April 2021 to March 2022.

« Späť na zoznam
Current threats
all publications
Links