Last week, there were data breaches and ransomware attacks from a range of industries and countries, with a few resulting in personal information of victims being leaked. Furthermore, an advisory from the US and Canada has been issued in regards to the rising usage of malware variants, and new patches have been released to address the vulnerabilities found in MOVEit Transfer. Not only that, companies that breached privacy and security laws were fined. To add on, new ransomware and malware have been discovered.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Japan’s largest and busiest port suffers a ransomware attack. The Port of Nagoya has suffered a ransomware attack, and the attack has currently impacted the operation of container terminals. The administrative authority of the Port of Nagoya issued a statement on 5th July on the malfunction in the “Nagoya Port Unified Terminal System” (NUTS), which is the central system controlling all of their container terminals. They stated upon investigating the cause, the issue was due to a ransomware attack. Operations at the port have gradually resumed after an outrage of more than 48 hours - with operations at one cargo terminal resumed on Thursday at 3pm. The association stated that they aim to restart another terminal by 5:30pm, and the three others by 6:30pm. The longer than anticipated restoration of the port was due to the large amounts of deleted data they needed to recover. More than 34 million Indonesian passport holders leaked. A cybersecurity researcher, Teguh Aprianto, has found that the data of 34.9 million Indonesian passport holders at the Immigration Directorate General have been reportedly breached by a hacker, Bjorka. The 4GB of data was offered for sale for US$10,000. The leaked data include full names, passport numbers, expiry dates, birth dates and gender. The ministry’s Director General for Applications and Informatics, Semuel A. Pangerapan stated that their investigation has not yet concluded that there is in fact a data leak, and that the results of the investigation would be announced soon. 2 Swedish companies fined $1.1 million for using Google Analytics data transfer to the U.S. The Swedish Authority for Privacy Protection has fined 2 companies US$1.1 million for using Google Analytics and have warned 2 other companies for the same thing. The agency explained that the firms breached the European Union’s General Data Protection Regulation (GDPR) via using Google Analytics to generate web statistics. Specifically, the firms violated GDPR Article 46(1), which forbids the transfer of personal data to countries or international organizations that lack safeguards that warrant safety and legal remediation mechanisms. The Court of Justice of the European Union has deemed the United States as a risky location for the storage of data of European users, and that any data transfers to the U.S in the context of the then-existing mechanism, “Privacy Shield” were illegal. Furthermore, the agency stated that the technical security measures these firms have taken are “”not sufficient to ensure a level of protection that essentially corresponds to that guaranteed within the EU/EEA”. Capita’s pension fund suffers data breach during March cyberattack. Members of Capita’s pension fund have been notified that their data has been stolen during a cyberattack in March on the outsourced company that provides administration services. The notification was sent to Capita’s pension fund members more than 3 months after the hack. In May, early investigations indicated that 4% of its servers were accessed during the 9 days the criminals were in the servers, but later the outsourcer revised this to 0.1% and also admitted that it had “evidence” customer data was stolen. Capita administers 450 pension schemes with 3.5 million members. The outsourcing company warned the members of the potential unauthorised access to their data on servers that were breached during the cyberattack. Capita is already facing their first legal claim over the data breach, with law firm Barings Law sent a Letter of claim to Capita last month. Nickelodeon suffered a data breach - ‘Decades old’ data leaked. Nickelodeon has confirmed that they had suffered a data breach which caused a data leak whereby some of it appears to be decades old. Proof of the data leak started circulating on social media, which reportedly has 500GB in documents and media files. A Nickelodeon spokesperson has stated that there is an investigation currently underway, and that the files leaked does not appear to be from the recent breach of their systems. Also they had assured that the leaked data does not contain user or employee data, and the leaked data is limited to production resources and other intellectual property. Over 130,000 solar panels are exposed online. Security researchers warned that tens of thousands of PV monitoring and diagnostic systems are easily reachable on the public web, making them potential targets for cybercriminals. Cyble’s threat analysts found 134,634 products from various vendors exposed. The vendors include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI. Their research shows that unauthenticated visitors can find information including settings that could be used to organize an attack. Exploiting vulnerabilities in the PV systems has happened recently, hence these vulnerabilities found for the above products should not be taken lightly. Bangladesh citizen’s personal data leaked by Bangladesh government website. A Bangladeshi government website has leaked the citizen’s personal information which include, full names, phone numbers, email addresses and national ID numbers. Viktor Markopoulos, a researcher who accidentally discovered the leak, has said that the leaked data included data of millions of Bangladeshi citizens. TechCrunch was able to verify the leaked data as legitimate. Markopoulos even stated that the data “was too easy” to find as they just appear as Google results. On Sunday, the State Minister of Information and Technology (ICT), Junaid Ahmed Palak, acknowledged the data leak and assumed full responsibility for the data breach. He also emphasized the need to address the issue promptly. U.S and Canadian authorities warn about rising Truebot malware variants. U.S and Canadian authorities - the CISA and CCCS - issued a joint advisory last Thursday about the increasing widespread use of Truebot malware variants that are being utilized by threat actors against organizations in these 2 countries. Truebot is a botnet used by malicious cyber groups such as the Clop ransomware gang. Newer versions of the malware allow threat actors to gain initial access via the exploitation of a remote code execution vulnerability in Netwrix auditor - listed as CVE-2022-31199. Threat actors also use phishing campaigns with malicious links to deliver their Truebot variants. MOVEit Transfer customers warned to patch new critical flaws. MOVEit transfer, the epicenter of the recent massive spread of Clop ransomware breaches, has got an update that would fix a critical-severity SQL injection bug and 2 other less severe vulnerabilities. This SQL injection vulnerability would allow an unauthenticated attacker to gain unauthorized access to the MOVEit transfer database, as well as modify and disclose the database content. Users of MOVEit transfer are highly recommended to upgrade to the new available versions to help address the vulnerabilities found. New information stealer - Meduza Stealer discovered: Targets 19 password managers and 76 crypto wallets. Cybersecurity researchers have discovered a new Windows-based information stealer - Meduza Stealer that is being actively developed to evade detection by software solutions. Uptycs stated that “the Meduza Stealer has a singular objective: comprehensive data theft”. He stated that no digital artifact is safe, from login credentials to your browsing history, to even your crypto wallet extensions, password managers and 2FA extensions. Medeuza Stealer gathers data from 19 password managers, 76 crypto wallets, 95 web browsers, Discord, Steam, system metadata, harvests miner-related Window Registry entries and list of installed games. It is currently offered for sale on the dark web and on a dedicated Telegram channel. New ‘Big Head’ ransomware spread through fake Windows updates and Microsoft Word installers. Security researchers have analyzed a recently emerged ransomware strain called ‘Big Head’ that may be spreading via the promotion of fake Windows updates and Microsoft Word installers. ‘Big Head’ ransomware installs 3 AES-encrypted files on the target system - the first file is used to propagate the malware, the second file for Telegram bot communication, and the third files encrypts files and can also show the user a fake Windows update. During the encryption process, the ransomware displays a screen that looks like a legitimate Windows update. After the encryption process is completed, the victim’s wallpaper will be changed to alert of the infection, and ransom will be dropped on multiple directories. Other variants of this ransomware have also been found with some differences. One variant has the capability to collect and exfiltrate sensitive data from the victim’s system, and another inserts malicious codes on the breached system although the exact purpose of this is currently unknown. Trend Micro commented that Big Head is not a sophisticated ransomware strain. However, it appears to focus on consumers who can be easily fooled with easy tricks such as the fake Windows update or those who have difficulty understanding the safeguards necessary to avoid the cybersecurity risks. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|