The Sting 01/25/2023
Security Alert: Recent Data Breaches and Cyberattacks
01/25/2023
LastPass Owner GoTo Says Hackers Stole Customers’ Backups
LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on Nov. 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service shared by LastPass and GoTo. The attackers used information stolen from an earlier breach of LastPass systems in August to further compromise the companies’ shared cloud data. GoTo, which bought LastPass in 2015, said at the time that it was investigating the incident. Now, almost two months later, GoTo said in an updated statement that the cyberattack impacted several of its products, including business communications tool Central; online meetings service Join.me; hosted VPN service Hamachi, and its Remotely Anywhere remote access tool. Full Story
Source: TechCrunch
01/25/2023
UK Ice Rink Operator Suffers Data Breach
The ice rink operator Planet Ice has suffered a data breach, with thousands of customers' details stolen. An email sent to customers said only non-financial data had been stolen because another company handles payments to use the rink. It means fraudsters may have been able to access people's names, addresses and passwords used for Planet Ice. The company operates 14 ice rinks across the UK, including sites in Bristol, Leeds and the West Midlands. The company opened its Bristol ice rink in Cribbs Causeway in Oct. 2021. Approximately 200,000 people had been affected by the security breach, Planet Ice said. "We apologise for the inconvenience this may have caused and want to assure customers that personal data has been made secure." Full Story
Source: BBC
01/24/2023
Wormhole Hacker Moves $155M In Biggest Shift Of Stolen Funds In Months
The hacker behind the $321 million Wormhole bridge attack has shifted a large chunk of stolen funds, with transaction data showing that $155 million worth of Ether (ETH) was transferred to a decentralized exchange (DEX) on Jan 23. The Wormhole hack was the third largest crypto hack in 2022, after the protocol’s token bridge suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped ETH (wETH), worth around worth $321 million. According to the transaction history of the hacker’s alleged wallet address, the latest activity shows that 95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets such as Lido Finance’s staked ETH (stETH) and wrapped staked ETH (wstETH). Full Story
Source: Cointelegraph
01/24/2023
FBI Says N. Korea-Related Hacker Groups Behind U.S. Crypto Firm Heist
Two hacker groups associated with North Korea, the Lazarus Group and APT38, were responsible for the theft last June of $100 million from U.S. crypto firm Harmony's Horizon bridge, the FBI said yesterday. On Jan. 13, the groups used a privacy protocol called Railgun to launder over $60 million worth of ethereum stolen during the theft in June. A portion of the stolen ethereum was subsequently sent to several virtual asset providers and converted to bitcoin. The FBI said North Korea's theft and laundering of virtual currency is used to support its ballistic missile and Weapons of Mass Destruction programs. Harmony develops blockchains for decentralized finance - peer-to-peer sites that offer loans and other services without traditional gatekeepers such as banks - and non-fungible tokens. Full Story
Source: Reuters
01/24/2023
Ticketmaster Says Cyberattack Disrupted Taylor Swift Ticket Sales
Ticketmaster was hit by a cyberattack in November that led to the problems with ticket sales for Taylor Swift’s upcoming U.S. tour, the president of its parent company plans to tell a congressional committee today. A massive influx of traffic on the Ticketmaster website caused the slowdown in ticket sales, and part of that was due to a cyberattack, Joe Berchtold, president of Ticketmaster parent company Live Nation, will tell the Senate Judiciary Committee, according to prepared remarks. During the Swift concert sales, Ticketmaster was “hit with three times the amount of bot traffic than we had ever experienced, and for the first time in 400 Verified Fan on-sales, they came after our Verified Fan access code servers,” Berchtold plans to say. Berchtold emphasizes in his remarks that the hackers did not manage to illegally obtain any tickets. Full Story
Source: Politico
01/24/2023
Insulet Alerts 29,000 Omnipod Dash Insulin Pump Users To Data Breach Linked To Recall
Insulet has issued an alert for a data breach that may have compromised the health data of thousands of users of its Omnipod Dash insulin pumps. The devicemaker notified affected users and filed a report of the breach with the U.S. Department of Health and Human Services on Jan. 5. According to the HHS’ database, the cybersecurity incident spans around 29,000 Omnipod Dash users. The Omnipod Dash device is a simplified version of Insulet’s flagship Omnipod 5 pump. Both offer a tubeless, waterproof makeup and three days’ worth of around-the-clock insulin delivery, but the Dash model doesn’t share its sibling’s ability to sync with a user’s continuous glucose monitor or wirelessly connect to their smartphone. Insulet didn’t immediately respond to a request for comment on the breach. Full Story
Source: Fierce Biotech
01/24/2023
South Dakota Governor Kristi Noem Says Cell Phone Number Hacked
South Dakota Gov. Kristi Noem said yesterday that her personal cell phone number has been hacked and blamed it on the release of her Social Security number amid hundreds of documents that the House Jan. 6 committee released last year. The Republican governor, who is weighing a 2024 White House bid, said in a statement that her personal cell phone number had been linked to hoax calls. She has written letters urging U.S. Attorney General Merrick Garland and Congress to investigate the release of her family’s Social Security numbers after they were included in a list of personal information for thousands of people who visited the White House during then-President Donald Trump’s. Noem said that South Dakota’s Fusion Center, a state agency that compiles criminal intelligence, has been notified of the cell phone hack. Full Story
Source: Associated Press
01/23/2023
Drivers Warned About Identity Theft After UK Car Dealers Giant Hit By Cyberattack
Tens of thousands of motorists could be at risk of identity theft and online fraud after one of Britain’s biggest car dealers was hit by a major cyberattack. Arnold Clark customers have had information including addresses, passports and national insurance numbers leaked on the dark web by criminal gang Play. The hackers have already posted one 15-gigabyte data dump and threaten to upload 467 gigabytes more unless Arnold Clark pays a multi-million pound ransom. The Mail yesterday has seen some of the data, which includes copies of bank statements and car registration numbers. The cyberattack was reported to have hit Arnold Clark this past Christmas eve. Play came to prominence last year after a series of government websites in Latin America was hacked. Full Story
Source: Daily Mail
Ransomware at Large: Current and Recent Incidents
01/25/2023
Alexander City, Alabama Falls Victim To Ransomware Attack
The Alexander City Council called an emergency public meeting yesterday to discuss the city’s response to a ransomware attack. Alexander City, Ala. Mayor Woody Baird informed council members that the city received a ransom letter. “This morning as people were coming in at 7 a.m., we realized that we had a ransomware attack,” Baird said. “We immediately went to our insurance company because we do have insurance for this.” City IT director Joe Milam then addressed city leaders regarding the extent of the attack. “I was able to go back and actually get the backup because this impacted not only my physical servers, but my virtual servers as well. My whole vCenter [software], which is my virtual server environment, I can’t even get to passwords because they have been changed,” Milam said. Full Story
Source: The Outlook
01/24/2023
Indiana-Based Wawasee Community School Corp. Faces Ransomware Attack
At approximately 6 a.m. Fri., Jan. 20, Wawasee School Corporation was alerted to a possible ransomware attack on one of their district computers. They immediately took action to shut down the network and began investigating the possible breach. As part of that protocol, they alerted the Indiana Department of Education, the FBI, and the Department of Homeland Security. As they continued the investigation, they confirmed that the corporation had been subject to a ransomware attack that impacted all of their windows-based computers, servers, and other technology systems. The corporation said it will rebuild its systems and get their network back online. Wawasee Community School Corporation' contains 5 schools and 2,836 students located in the heart of Kosciusko County, Ind. Full Story
Source: Ink Free News
The Cryptocrime Scene: A Summary of recent incidents and developments
01/25/2023
Toronto-Based Exco Technologies Hit By Cybersecurity Incident At Three Factories
Exco Technologies Ltd. says three of its factories have been hit by what it is calling a cybersecurity incident. The Toronto, Canada-based company says it has taken steps to secure its systems and mitigate the impact to the company's data and operations and that it is in the process of bringing the systems it temporarily disabled back online. It expects operations to be substantially restored over the next two weeks. The company says shipments to customers have not and are not expected to be materially interrupted. Exco designs, develop and manufactures automotive interior trim components as well as tooling and related products for the aluminum die-cast and extrusion industries. The affected facilities are within the company's large mould group. Full Story
Source: The Canadian Press
01/24/2023
Wormhole Hacker Moves $155M In Biggest Shift Of Stolen Funds In Months
The hacker behind the $321 million Wormhole bridge attack has shifted a large chunk of stolen funds, with transaction data showing that $155 million worth of Ether (ETH) was transferred to a decentralized exchange (DEX) on Jan 23. The Wormhole hack was the third largest crypto hack in 2022, after the protocol’s token bridge suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped ETH (wETH), worth around worth $321 million. According to the transaction history of the hacker’s alleged wallet address, the latest activity shows that 95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets such as Lido Finance’s staked ETH (stETH) and wrapped staked ETH (wstETH). Full Story
Source: Cointelegraph
01/24/2023
FBI Says N. Korea-Related Hacker Groups Behind U.S. Crypto Firm Heist
Two hacker groups associated with North Korea, the Lazarus Group and APT38, were responsible for the theft last June of $100 million from U.S. crypto firm Harmony's Horizon bridge, the FBI said yesterday. On Jan. 13, the groups used a privacy protocol called Railgun to launder over $60 million worth of ethereum stolen during the theft in June. A portion of the stolen ethereum was subsequently sent to several virtual asset providers and converted to bitcoin. The FBI said North Korea's theft and laundering of virtual currency is used to support its ballistic missile and Weapons of Mass Destruction programs. Harmony develops blockchains for decentralized finance - peer-to-peer sites that offer loans and other services without traditional gatekeepers such as banks - and non-fungible tokens. Full Story
Source: Reuters
01/19/2023
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
Unfortunately, we have no new updates to share in this section at the moment. We apologize for any inconvenience and we assure you that we are working to bring you the latest news and updates on data breaches and cyber threats as soon as they become available. We will continue to monitor the situation and will update this section in a couple of days with new information and insights. Thank you for your patience and understanding.
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
01/25/2023
U.S. Accuses Google Of Abusing Monopoly In Ad Technology
The Justice Department and a group of eight states sued Google yesterday, accusing it of illegally abusing a monopoly over the technology that powers online advertising. The lawsuit said Google had “corrupted legitimate competition in the ad tech industry by engaging in a systematic campaign to seize control of the wide swath of high-tech tools used by publishers, advertisers and brokers to facilitate digital advertising.” The lawsuit asked U.S. District Court for the Eastern District of Virginia to force Google to sell much of its suite of ad technology products and to stop the company from engaging in allegedly anti-competitive practices. The lawsuit describes a campaign by Google to monopolize advertising technology and then abuse that dominance, to the detriment of publishers, advertisers and ultimately consumers. Full Story
Source: The New York Times
01/25/2023
Hackers Demand $10M From Riot Games To Stop Leak Of ‘League Of Legends’ Source Code
Hackers stole the source code for League of Legends, and now they’re asking for $10 million from developer Riot Games. Motherboard has obtained a copy of a ransom email the hackers sent to Riot Games. “Dear Riot Games,” it begins. “We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000.” As evidence, the hackers provided Riot Games with two large PDFs they said would prove they had access to Packman and the League of Legends source code. Full Story
Source: Motherboard
01/25/2023
LastPass Owner GoTo Says Hackers Stole Customers’ Backups
LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on Nov. 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service shared by LastPass and GoTo. The attackers used information stolen from an earlier breach of LastPass systems in August to further compromise the companies’ shared cloud data. GoTo, which bought LastPass in 2015, said at the time that it was investigating the incident. Now, almost two months later, GoTo said in an updated statement that the cyberattack impacted several of its products, including business communications tool Central; online meetings service Join.me; hosted VPN service Hamachi, and its Remotely Anywhere remote access tool. Full Story
Source: TechCrunch