Last week, there were data breaches and cyber attacks from a range of industries and countries. With many being held for ransom or found their data being sold online on the Dark Web.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. 101,134 hacked ChatGPT accounts up for sale. Researchers from Group IB found that the login credentials (usernames and passwords) for 101,134 hacked ChatGPT accounts are for sale on the dark web. These compromised credentials were found within the logs of info-stealing malware traded on the dark web. The number of available logs containing compromised ChatGPT accounts peaked in May 2023, with 26,802 accounts. According to Group-IB, the Asia-Pacific region experienced the highest concentration of ChatGPT credentials being offered for sale over the past year. Furthermore, the logs indicated that most of the breached ChatGPT credentials were stolen by the Raccoon information-stealing malware. UPS disclosed data breach: exposed customer information used in SMS phishing. UPS alerts Canadian customers that some of their personal information might have been compromised and are used in phishing attacks. Their email notification about the data breach states that they have been receiving reports of SMS phishing messages that contain the recipients’ names and address information. This was when they found that some of their customers have been receiving text messages demanding payment before a package can be delivered. After investigation, they found the attackers were using their package look-up tools to gain delivery information which includes the recipients’ personal contact information. UPS stated this data breach may have affected a small group of shippers and their customers from 1 February 2022 to 24 April 2023. Globally, UPS customers are also affected by these phishing attacks. This was shown from online reports about these attackers utilising their names, phone numbers, postal codes and information on recent orders. Threat actors seem to be impersonating Lego and Apple shipments. Reddit ransomware attackers threaten to leak 80GB of Data. Reddit ransomware attackers have threatened to leak 80GB of data stolen from Reddit in a data breach that occurred this February if Reddit does not pay the ransom of $4.5 million to delete the data. Interestingly, the hackers have also demanded Reddit to reverse the controversial changes to their API that would effectively kill 3rd party apps by the end of June. According to Dominic Alveieri, a cybersecurity researcher, the ransomware group BlackCat has claimed responsibility for the attack on Reddit. iOttie disclosed a data breach after their site was hacked to steal credit cards. iOttie, a car mount and mobile accessory maker, have disclosed that their site has been compromised for almost 2 months. Attackers have been stealing online shoppers’ personal information and credit cards. They discovered last week that their online store was compromised between 12 April 2023 to 2 June 2023 with malicious scripts. iOttie did note during a WordPress plugin update, the malicious code has been removed. Stolen information included customers’ names, personal information and payment information, which encompass financial account numbers, credit and debit card numbers, security codes, access codes, passwords and PINs. It is highly recommended that all iOttie customers who have purchased a product between 12 April 2023 to 2 June 2023 should monitor their credit card statements and bank accounts for fraudulent activity. PwC and EY impacted by MOVEit cyber attack. PwC and EY, multinational accounting firms, are added to the growing list of victims linked to the MOVEit cyber attack by the Clop ransomware gang. PwC spokesperson stated that they are aware of the cybersecurity incident on MOVEit, and believe that the breach will have a “limited impact” and that their company’s network had not been affected by the data breach. Similarly, EY stated they had halted all use of MOVEit software once the critical vulnerability was revealed. EY have also launched their own internal investigation, and said they have taken steps to secure and protect data that may have been accessed during the cyber attack. They also stated that most of their systems which use MOVEit are “secure and not compromised”, and they will contact all those affected, as well as relevant authorities. Major law firm in Australia data breached: Australia’s government, banks & businesses might be affected. HWL Ebsworth, a major law firm in Australia that has governments and large corporations as clients, has acknowledged that the BlackCat ransomware group has accessed and stolen some of their information from a part of the firm’s system. The attackers have also later published some of the stolen data on the dark web. Reportedly, the investigation revealed that over 1.4 terabytes of information was leaked. Information stolen included local and remote company credentials, credit card information and loans data, customer documentation including insurance agreements, identification details and internal company data. The state government of Tasmania has acknowledged that they are a client, and may therefore be exposed. The big 4 banks in Australia, Westpac, NAB, Commonwealth Bank, and ANZ are also caught up in this attack. In addition to banks, numerous ASX-listed companies and government agencies, such as the ACCC, the Department of Human Services, the Office of the Australian Information Commissioner (OAIC) and the Australian Federal police have lost data. The Australian government announced the appointment of Australia’s first coordinator of cybersecurity. Medibank’s staff details stolen after data breach. Medibank Private, Australia’s largest private health insurer, stated that a file containing staffs’ names, email addresses and phone numbers had been compromised after their property manager faced a data breach from the MOVEit transfer attack. However, Medibank did state that their systems are not impacted by MOVEit cyberattack. Fullerton Health and its vendor fined $68k after stolen data found for sale on the Dark Web. Fullerton Health Group and its vendor, both in Singapore, have been fined a total of $68,000 after the vendor’s server was hacked, which led to customers’ data being put up for sale on the dark web in 2021. More than 150,000 patients and employees were impacted by the breach. Compromised data included identity numbers, telephone numbers, financial details such as bank account numbers and codes, and health information. Fullerton Health was fined $58,000, while Agape Connecting People Holdings (the vendor that helped to make appointments for Fullerton Health’s patients) was fined $10,000. PDPC also stated that the healthcare provider was “ultimately responsible for exercising due diligence and reasonable supervision over Agape.” BlackCat ransomware gang threatens to leak stolen plastic surgery patients’ photos. BlackCat ransomware gang claims that they have stolen “lots” of highly sensitive medical records, and will leak patients’ photos if Beverly Hills Plastic Surgery does not pay up. The threat actors have claimed that they have stolen patient’s personal information and healthcare records which included pictures of patients. Beverly Hills Plastic Surgery have not responded to inquiries about this supposed attack as of this writing. UK cyberspy arm warns of ransomware groups targeting law firms. The National Cyber Security Centre (NCSC) has warned British law practices of “all sizes and types” that their adoption of hybrid working and their handling of large sums of money, has made them a target for ransomware groups. They also warned that the connections the law firms have with the “supply chain” of enemy states is another attributing factor of them being a target. NCSC also reported that they do see increasing hackers-for-hire who carry out malicious cyber activities for 3rd party clients. The report also adds that smaller practices do face particular risks due to their reliance on external IT contractors which makes it difficult to assess whether the controls are appropriate to the risk faced. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|