Indonesia battles Lockbit, DOJ charges cybercrime group, SEC reports following CDK attack
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Indonesia battles Lockbit 3.0 ransomware
Indonesia’s national data center has been compromised, causing disruptions to 200 government services, including immigration checks at airports. While some services, including those immigration checks, have been restored, efforts to recover others are ongoing, with authorities refusing to pay the $8 million ransom demand. The National Cyber and Crypto Agency reports detecting samples of Lockbit 3.0 ransomware in the attack.
Lockbit claims U.S. Federal Reserve breach
The Lockbit ransomware gang is claiming to have compromised 33 terabytes of data, including “Americans’ banking secrets,” from the U.S. Federal Reserve. The group posted the claims on their data leak site and threatened to publish the stolen data on Tuesday, June 25th, 2024, if the ransom is not paid. However, the group has yet to publish any samples of the stolen data, leading many to be skeptical about whether this is an actual breach or merely an announcement for attention. It seems only time will tell.
SEC reports pile in following CDK Global attack
We’re continuing to learn more about the impact from a ransomware attack on CDK Global last week. On Monday, we reported that the BlackSuit ransomware gang has claimed responsibility for the attack, and now we are learning multiple car dealers have reported disruptions to the SEC. Some of those companies include Lithia Motors, Group 1 Automotive, Penske, and Sonic Automotive, who in their SEC filings have said they’ve had to implement incident response plans and that most of them have severed all connections to CDK as a precautionary measure. According to Bloomberg, CDK is planning to pay the ransom, the amount of which has not been disclosed.
DOJ charges cybercrime group for $71 million in damages
Four Vietnamese members of the FIN9 hacking group have been charged by the Department of Justice for crimes that lead to the loss of more than $71 million to U.S. companies. Between May 2018 and October 2021, the defendants hacked networks using phishing and supply chain attacks, stealing private information, employee benefits, and funds. They redirected digital employee benefits and exfiltrated PII and credit card information, selling stolen gift cards via social media and cryptocurrency marketplaces. The defendants face sentences ranging from a minimum of 2 years in prison with potential cumulative sentences spanning several decades.?
领英推荐
And now a word from our sponsor, Prelude
30 million impacted by ShinyHunters breach
The ShinyHunters cybercrime gang is taking credit for the Ticketek Australia breach, affecting around 30 million users.? We first reported this attack back in early June when the ticketing giant disclosed the breach stating that customer names, dates of birth, and email addresses were stolen by exploiting a third-party cloud provider. This incident mirrors the recent Ticketmaster breach, where ShinyHunters exploited poorly secured Snowflake accounts, impacting 165 organizations. Despite speculation, Ticketek has not confirmed a connection to Snowflake or identified ShinyHunters as the culprit.
LivaNova USA notifies 130,000 of data breach
LivaNova USA, a medical device manufacturer, is notifying 130,000 individuals that their personal information was compromised in an October 2023 ransomware attack. The LockBit ransomware gang has since claimed responsibility for the attack. The gang was able to evade detection for about a month before anyone noticed what was happening, which led to the group being able to steal 2.2 terabytes of data. The breach included names, addresses, social security numbers, and medical information.
RedJuliett cyber espionage campaign targets Taiwan and beyond
RedJuliett, a likely Chinese state-sponsored group, targeted Taiwan in cyber espionage campaigns from November 2023 to April 2024. Recorded Future’s research team reports the campaigns impacted 24 organizations, including government agencies in Taiwan, Laos, Kenya, and Rwanda . The group exploited known vulnerabilities in internet-facing appliances like firewalls and VPNs, using techniques such as SQL injection and directory traversal exploits. They also conducted post-exploitation activities with open-source webshells and a Linux privilege escalation vulnerability.?
Push notification fatigue causes breach
Another example of how hackers don’t need to recreate the wheel—old tactics work just fine. Following up on a story we first reported on last week, the Los Angeles County Department of Health Services (DHS) suffered a data breach back in April that compromised sensitive information, including individuals’ names, Social Security numbers, and medical information. We have now learned hackers were able to get in using a ‘push notification spamming’ method or push notification fatigue. This method overwhelms the user with MFA prompts until they approve the login attempt. The breach allowed access to 23 DHS employees and compromised more than 6,000 individuals.