DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
DICK’S Sporting Goods suffers cyberattack
The largest chain of sporting goods retail stores in the U.S. has now confirmed that confidential information was exposed in a cyberattack that was detected Wednesday, August 21. An anonymous source quoted by BleepingComputer said that email systems had been shut down, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems. Phone lines at local stores are also down due to the incident.
Brain Cipher claims attack on Paris museums, promises data leak
Following up on a story we covered earlier this month, the cyberattack on several major museums in Paris that occurred in the first week of July to coincide with the Olympic Games, has now been claimed by the Brain Cipher ransomware group, who has also announced their intention to release 300GB of data. The group, which is suspected of building its technology off the LockBit 3.0 builder, used what is being referred to as “a system used to centralize financial data related to the approximately 40 institutions” under the administration of the Parisian museum agency RMN-GP.
Play ransomware hackers claim attack on Microchip Technology
Following up on a story we covered last week, the Play ransomware gang has claimed responsibility for last week’s attack on the U.S.- based manufacturer of semiconductors. The information was displayed on its leak site this past Tuesday. Kevin O’Connor, a researcher at the U.S.-based cybersecurity firm Adlumin says the one week delay may indicate that negotiations had been occurring, adding that the Play operation has grown “considerably over the past year, likely due to its shift to an affiliate model — which can complicate attribution for an attack.”
BlackByte gang only posting a third of its successful attacks
According to researchers at Cisco’s Talos group, the BlackByte ransomware gang has been posting only a fraction of its successful attacks on its leak site, around 20 percent or up to 30 percent, this year. In 2023, the group posted 41 victims, but this year it has listed only three. This despite the fact the gang has been quite active, with attacks on Newburgh, New York, and Augusta, Georgia, as well as organizations like the San Francisco 49ers and Yamaha. Talos does not have an answer as to why they are being so shy with their numbers, saying that the group continues to evolve rapidly.
领英推荐
Thanks to today’s episode sponsor, Scrut Automation
Hacking Microsoft Copilot Is “scary easy”
One of the more intriguing presentations at Black Hat this month was from security researcher Michael Bargury, a former senior security architect in Microsoft’s Azure Security CTO office and now co-founder and chief technology officer of Zenity. He demonstrated how attackers can use Copilot to search for data, exfiltrate it without producing logs, and socially engineer victims to phishing sites even if they don’t open emails or click on links. Much of this has to do with modifying the behavior of bots, which Microsoft refers to as “copilots,” through prompt injection. Based on Copilot’s visibility deep into the enterprise, including emails, messaging applications, and much more, it is an attractive target for malicious actors, he said. A detailed description of his findings is available at DarkReading. The link is available in the show notes to this episode.
Missouri IT engineer charged with extortion plot against former employer
The individual, Daniel Rhyne, of Kansas City, Missouri, is described in the criminal complaint as a “core infrastructure engineer specializing in hosting virtual machines (VMs). He was arrested on Tuesday in connection with a November 2023 attack against his former employer, a New Jersey-headquartered industrial company. He demanded a ransom of $750,000 in bitcoin after allegedly doing the following:
Rhyne is facing a potential maximum of thirty years in prison, and, ironically a total of $750,000 in fines.
Windows downdate tool that lets users unpatch Windows systems is now available
In yet another update, Alon Leviev, a security researcher SafeBreach has now released his Windows Downdate tool, which can be used against downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems. Downgrade attacks happen when, “threat actors force up-to-date targeted devices to revert to older software versions, thus reintroducing security vulnerabilities that can be exploited to compromise the system.” Leviev’s Downdate, which he first revealed at Black Hat, is now available as an open-source Python-based program and a pre-compiled Windows executable.
Online scam cycles are getting shorter and more effective
A mid-year cybercrime report released Thursday by Chainalysis, shows that “scammers are refreshing their online and blockchain-based infrastructure faster than ever before.” Eric Jardine of Chainalysis, quoted in CyberScoop, says that this trend has coincided with a cultural shift. “Online infrastructure used for scamming, such as social media personas, social engineering websites and lures, is being discarded and replaced, with months long or yearslong schemes targeting broad audiences giving way to smaller, more targeted efforts that build trust with victims before requesting a large sum of money.