Ransomware gang busted in Ukraine, North Texas water utility cyberattack, Former Uber CISO breaks 6-year silence
Ransomware gang busted in Ukraine by international operation
European authorities said Tuesday that Ukrainian police arrested the 32-year-old ringleader of a ransomware operation, along with four accomplices, as part of an international investigation. The gang’s attacks impacted victims in 71 countries using ransomware variants including LockerGoga, MegaCortex, HIVE and Dharma. The arrests are the continuation of an investigation that began in 2019 and included 12 arrests in 2021. Seven countries took part in the investigation, including personnel from the US Secret Service and the FBI.
(CyberScoop and BBC)
North Texas water utility hit with cyberattack
The North Texas Municipal Water District (NTMWD), which serves two million people in North Texas, is dealing with a cybersecurity incident. On Monday, the cybercrime gang known as Daixin Team claimed to have stolen more than 33,000 customer information files belonging to the water utility. A spokesperson said most of the water utility’s network has been restored but that the utility’s phone systems are still offline. NTMWD’s core water, wastewater and solid waste services were not impacted by the incident. The incident comes just one day after a cyberattack on a Pennsylvania water authority forcing workers to use backup tools to maintain water pressure.
Former Uber CISO speaks out after 6-year silence
Back in May, former Uber CISO, Joseph Sullivan, was sentenced to three years’ probation, 200 hours of community service, and a $50,000 fine for failing to report the infamous breach that affected over 50 million Uber customer and driver records. Sullivan’s lawyers had advised him to remain silent despite what Sullivan claims were false accusations by the media that he covered up the breach. With the matter now settled, Sullivan is speaking out after six years of silence. Sullivan said people don’t realize that he and his team followed their internal incident playbook, engaging legal counsel, public relations and Uber’s CEO. Sullivan does admit that he made the mistake of not engaging third-party investigators and counsel to validate their internal handling of the incident. Sullivan plans to share his story in a keynote address at Black Hat Europe 2023 on December 7.
LockBit claims cyberattack on India’s national aerospace lab
On Wednesday, the notorious Lockbit ransomware gang claimed responsibility for a cyberattack targeting India’s state-owned National Aerospace Laboratories (NAL). NAL’s website remained inaccessible and LockBit posted eight purportedly stolen documents, including confidential letters, an employee’s passport and other internal documents. The group threatened to publish the organization’s stolen data if it fails to pay an unspecified ransom.
领英推荐
Huge thanks to our sponsor, SpyCloud
Experts warn of critical ownCloud vulnerability being exploited
Threat actors have started exploiting a maximum severity vulnerability (CVE-2023-49103) in open source file-sharing and collaboration software, ownCloud, just days after its public disclosure. The issue impacts Graphapi app versions 0.2.0 to 0.3.0, allowing attackers to retrieve credentials, license keys, and other system info. However, the flaw cannot be mitigated by simply disabling the Graphapi app. The recommended fix includes deleting the app’s PHP file and changing potentially exposed admin passwords, access keys, and mail server and database passwords. On Monday, CISA included the bugs in its weekly vulnerability roundup while Shadowserver Foundation said it has identified roughly 11,000 internet-exposed ownCloud instances which are potentially at risk.
(The Record and Bleeping Computer)
Google disputes Workspace “design flaw” identified by researchers
According to Hunters Security, a flaw in Google Workspace’s domain-wide delegation feature gives attackers a way to steal Gmail emails, exfiltrate data from Google Drive, and take unauthorized actions within Google Workspace APIs.? Hunters released proof-of-concept code on GitHub this week to demonstrate the attacks against the flaw it has dubbed “DeleFriend”. However, Google rejected Hunters’ characterization of the issue as a design flaw saying the report did not identify an underlying security issue in Google products. Google did “encourage users to make sure all accounts have the least amount of privilege possible” to combat “these types of attacks.”
ID theft service resold by cybercriminals
According to Krebs On Security, since at least February 2023, a cybercriminal service advertised as JackieChan/USiSLookups allows anyone to look up the SSN or background report on virtually any American. For anywhere between $8 to $40 in virtual currency, a bot will return detailed consumer background reports in just a few moments. The service’s Telegram channel features sample background reports, including that of President Joe Biden, and podcaster Joe Rogan. Report data includes the subject’s date of birth, addresses, phone numbers, employers, known relatives and associates, and driver’s license information. JackieChan abuses the name and trademarks of Columbus, OH based data broker, USinfoSearch, whose website says it provides risk management, identity and fraud prevention services.
Bots make up 30% of internet traffic?
According to a report from DataDome, malicious bots are plaguing the internet, accounting for over 30% of all internet traffic, which cybercriminals use to target online businesses with fraud and other attacks. The report also reveals that traditional CAPTCHAs are no longer an effective tool in preventing automated attacks. Finally, the report indicates that 68% of US websites lack adequate protection to defend against bot attacks.