Wednesday 20th November 2024
Aidan Dickenson
Business Development Manager // Tailored solutions to enhance security, improve efficiency, and drive growth.
Good morning! Thank you for joining me for the latest edition of Cyber Daily. Today we're covering stories ranging from Ford’s security scare. A potential data breach puts 44,000 customer records in the crosshairs. VPN under siege, Chinese threat actors leverage a Fortinet zero-day in an unsettling espionage campaign. Ransomware takedown. The alleged mastermind behind Phobos ransomware has been extradited to the U.S., marking a win for international law enforcement.
Enjoy!
Ford investigates alleged data breach involving 44,000 customer records
Ford Motor Company is in full-on detective mode following claims of a data breach involving 44,000 customer records. The data, allegedly stolen by cyber actors "EnergyWeaponUser" and "IntelBroker," was reportedly dumped for free on BreachForums, a notorious cybercrime platform. The leaked database is said to include customer names, physical locations, and purchased products.
While Ford is investigating, it hasn’t confirmed the breach or responded to specific questions. Notably, IntelBroker has a track record of high-profile intrusions, including Europol and the Pentagon, adding credibility to the claims.
Meanwhile, satellite manufacturer Maxar Space Systems disclosed its own breach involving employee data, likely accessed by a Hong Kong-based hacker. The data stolen includes social security numbers, employment details, and contact information, leaving employees vulnerable to social engineering attacks.
If verified, these breaches highlight the escalating challenges companies face in protecting sensitive information from increasingly audacious cybercriminals.
Chinese threat actors exploit zero-day vulnerability in Fortinet VPN client
Chinese hacking group BrazenBamboo is exploiting a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client, using a custom toolkit called DeepData to extract usernames, passwords, and VPN server information. This vulnerability, reported to Fortinet in July 2024 by Volexity researchers, remains unpatched, leaving organizations at risk.
The flaw enables attackers to dump credentials from memory after VPN authentication, leveraging DeepData’s plugins to decrypt sensitive JSON objects in the software’s memory and exfiltrate them using another malware, DeepPost. FortiClient’s recent releases, including v7.4.0, are affected, and no CVE has been assigned yet.
With stolen VPN credentials, BrazenBamboo can infiltrate corporate networks, spread laterally, and launch sophisticated espionage campaigns. The group’s track record includes advanced malware like LightSpy and DeepPost, designed for data collection, credential theft, and surveillance.
Until a patch is released, experts recommend restricting VPN access, monitoring login activity, and implementing strict network segmentation to limit exposure.
Alleged Phobos ransomware operator extradited to the US
Evgenii Ptitsyn, a 42-year-old Russian man accused of administering the Phobos ransomware, is now in U.S. custody following his extradition from South Korea. This ransomware has extorted over $16 million from more than 1,000 victims globally, targeting schools, hospitals, government agencies, and corporations.
Ptitsyn, known online as "derxan" and "zimmermanx," allegedly developed and distributed Phobos to other cybercriminals, taking a cut of the ransoms paid. His charges include wire fraud, conspiracy, and computer fraud-related extortion. The attacks date back at least four years and were known for small ransom demands, though their scope and impact drew FBI and CISA warnings earlier this year.
Phobos activity had notably declined in recent months, coinciding with this arrest. Experts suspect this crackdown might explain the slowdown. The case underscores international collaboration in fighting ransomware, involving law enforcement from South Korea, Japan, Europe, and the U.S.
Senior Security Program Manager | Leading Cybersecurity Initiatives | Driving Strategic Security Solutions| Cybersecurity Excellence | Cloud Security
3 天前It’s crucial for businesses to stay vigilant and proactive in patching vulnerabilities and securing sensitive data. Aidan Dickenson