TL;DR

Weekly TL; DR (Week 43)

The National Cyber Security Centre SK-CERT introduces a new activity, the aim of which is to provide a weekly overview of important information in the field of cybersecurity. Its title is “TL; DR” (Too Long; Didn’t Read) and contains brief information from open sources along with a link to the original article.

During the 43rd week of TL; DR, data leaks of countless number of users predominate. There was also a particularly serious attack on Nuclear Authority in Japan. Similar to week 42, it is possible to observe the expansion of ransomware, including the Ryuk ransomware spreading not only through the TrickBot infrastructure.

Contents

  • Mariott fined for data breach
  • Botnet operator sentenced to 8 years in prison
  • Attack on the University of Vermont Health Network
  • The group that created the Maze ransomware has announced the cessation of activities
  • REevil Group has purchased KPOT malware
  • Australian media company Isentia has been a target of a ransomware attack
  • Toy maker Mattel has been a target of a ransomware attack
  • Leakage of 23 000 stolen Cit0day databases
  • Leakage of 34 million records, including 1 million user data from the Lazada Redmart Singapore store
  • Cyberattack on the Japanese developer company Capcom
  • Attack on Nuclear Authority in Japan

Mariott, the English hotel group, was fined 15.4 million pounds for data leakage of 339 million guests, which began in 2014 and lasted until 2018. The fine has been slashed from over 99 million   pounds originally proposed, due to COVID-19 disruption, in order to reduce the impact of the pandemic on economy

Source: https://www.zdnet.com/article/marriott-fined-gbp18-4-million-by-uk-watchdog-over-customer-data-breach/

A Russian botnet operator has been sentenced to 8 years in prison in the United States. The attack, in cooperation with other attackers, led to the theft of 40 000 credit cards and infections of 500 000 computers with malware. These activities led to losses of more than 100 million dollars.

Source: https://www.bankinfosecurity.com/russian-botnet-operator-sentenced-to-8-years-in-prison-a-15293 

The University of Vermont Health Network has been a target of a cyberattack. The operation of 6 hospitals that were connected to this network wasn’t limited. The attack was executed through the Ryuk ransomware, and spread most likely through the TrickBot malware. However, according to analyses of the security company Sophos, it is possible that the ransomware was downloaded from the Google drive URL address. The group operating Ryuk can thus continue to distribute the ransomware along with the attacks on TrickBot infrastructure.

Source: https://www.cybersecurity-insiders.com/google-drive-been-used-to-spread-ryuk-ransomware/ 
https://slate.com/technology/2020/11/ryuk-trickbot-hospital-ransomware-google-drive.html 
https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/ 

The group that was a pioneer in double exortion, i.e. stealing data before encrypting the victim’s files and subsequent installation of ransomware, the Maze ransomware group, announced its official closing. The group declared that its motivation was not money, but demonstrating poor security practices of systems. According to several security experts, a complete cessation of Maze’s activities is unlikely.

Source: https://www.securityweek.com/pioneers-double-extortion-say-maze-ransomware-project-over 
https://grahamcluley.com/maze-ransomware-gang-closes/ 

The REevil group, also known as Sodinokibi, auctioned the malware’s source code KPOT 2.0 for 6 500 dollars on a hacker forum. KPOT malware was designed to extract passwords from applications, chat applications, VPN, RDP services, FTP applications, e-mails, cryptocurrency wallets and gaming software. According to security experts, it is possible that the group will further develop and update the malware.

Source: https://www.securityweek.com/revil-ransomware-operator-bids-kpot-stealer-source-code 
https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/ 

Australian media communications company Isentia has become a target of an unknown ransomware attack. Data recovery will cost the company 6 million dollars.

Source: https://threatpost.com/media-comms-giant-ransomware-cost-millions/160904/ 
https://www.itnews.com.au/news/isentia-hit-by-cyber-attack-555191

Toy maker Mattel suffered a ransomware attack. The attack was stopped very fast, and despite the fact that some systems were impacted, Mattel successfully restored its operations. Subsequent forensic investigation concluded that despite the attacker’s threatening to leak stolen data, the attacker did not steal any personal or sensitive data.

Source: https://docoh.com/filing/63276/0001628280-20-015358/MAT-10Q-2020Q3 
https://www.zdnet.com/article/toy-maker-mattel-discloses-ransomware-attack/ 

All hacked databases were leaked on several hacker forums from a defunct illegal Cit0day service,  which used to provide stolen databases to other hackers for a monthly fee. Cit0day contained more than 23 000 hacked databases and this is the biggest leak of its kind. Though most stolen databases could be considered old, there also were newer databases that could now become a source of information for targeted attacks.

Source: https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/ 

Leak of 34 million user records are available for sale on hacker forums. Leak involves 17 companies, including 1 million data from Singapore’s largest store Lazada Redmart. The leaked dump contains Lazada Redmart customer accounts‘ email addresses, SHA-1 passwords, names, phone numbers, home addresses, partial credit card numbers and their expiration dates.

Source: https://threatpost.com/34m-records-17-companies-cybercrime-forum/160923/ 
https://www.bleepingcomputer.com/news/security/over-1m-lazada-redmart-accounts-sold-online-after-data-breach/ 

One of the largest game developers in Japan, Capcom, has suffered a cyberattack. The attack did not affect players’ connections or access to websites, but file and e-mail servers were impacted. Capcom claims that there is “no indication” that customer information has been accessed or compromised.

Source: https://www.bleepingcomputer.com/news/security/japanese-game-dev-capcom-hit-by-cyberattack-business-impacted/ 
https://www.zdnet.com/article/capcom-quietly-discloses-cyberattack-impacting-email-file-servers/ 

The Nuclear Regulation Authority (NRA) of Japan has been a target of a cyberattack. The attack successfully disabled the entire e-mail network, and the authority could only be contacted via phone or fax. There has been no confirmation that any data was leaked. Information related to nuclear security and sensitive data were held on a separate system.

Source: https://www.cybersecurity-insiders.com/cyber-attack-on-japan-nuclear-authority/ 
https://grahamcluley.com/japanese-nuclear-agency-cyber-attack/ 
https://www3.nhk.or.jp/news/html/20201028/k10012685221000.html 


« Späť na zoznam
Current threats
all publications
Links