The Sting 01/27/2023
Security Alert: Recent Data Breaches and Cyberattacks
01/27/2023
Russian Hackers Launch Cyberattack On Germany In Leopard Retaliation
The websites of key German administrations, including companies and airports, have been targetted by cyberattacks, the Federal Cybersecurity Agency (BSI) said yesterday. The BSI has been informed of "DDoS attacks (by denial of service) currently in progress against targets in Germany", said a spokesperson. “Individual targets in the financial sector” and federal government sites were also attacked, with no major consequences at this stage. Denial of Service (DDoS) attacks involve targetting a computer system by flooding it with messages or connection requests. Russian hacker site Killnet has taken credit for the attack, according to the BSI. Handelsblatt media group reported that the attacks were a retaliation against Berlin approving the deployment of Leopard 2 tanks to Ukraine. Full Story
Source: Euronews
01/26/2023
Zacks Breach Lasted Nearly A Year, 820,000 People Affected
Stock market data giant Zacks Investment Research is sending out breach notification letters to 820,000 people on Jan. 27 after discovering a breach that lasted nearly one year. The company revealed that it suffered a breach that lasted from Nov. 2021 to Aug. 2022. The company did not respond to requests for comment about why the breach lasted so long and why it took so long for them to notify victims. The breach involved names, addresses, phone numbers, email addresses, and passwords used for Zacks.com. Founded in 1978, Zacks provides users with a range of investment information ranging from earnings predictions to ratings that help people make stock market trades. “On Dec. 28, 2022, Zacks learned that an unknown third-party had gained unauthorized access to certain customer records,” the company said. Full Story
Source: The Record
01/26/2023
Massive Campaign Uses Hacked WordPress Sites As Platform For Black Hat Ad Network
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including tech support scams, adult dating, phishing, or drive-by-downloads. Since late December, the researcher team at Sucuri has been tracking a new spike in WordPress website infections related to the following malicious domain: track[.]violetlovelines[.]com PublicWWW results show over 5,600 websites impacted by this malware at the time of writing, while urlscan.io shows evidence of the campaign operating since Dec. 26th, 2022. This is a new wave of the same WordPress infection campaign that Sucuri has been tracking for 5+ years. Full Story
Source: Sucuri
Ransomware at Large: Current and Recent Incidents
01/27/2023
Ohio Town Working To Restore Municipal Court Systems After Cyberattack
An Ohio town is investigating a cyberattack that has brought down the systems used by their court and may have accessed sensitive data. The Circleville Municipal Court was added to the leak site of the LockBit ransomware group last week. The group claimed it stole 500 GB of data that included case information and gave the court a deadline of Jan. 24 to pay a ransom. The town’s mayor and the Ohio governor’s office did not respond to requests for comment. Circleville has about 14,000 residents. The attack comes just weeks after another town in Ohio, Mount Vernon, said its police department, municipal court and other government offices were affected by a ransomware attack that started on Dec. 19. Full Story
Source: The Record
01/27/2023
FBI Disrupts ‘Hive’ Ransomware Group
U.S. authorities seized the servers of the Hive ransomware group after entering its networks and capturing keys to decrypt its software, the Justice Department said yesterday, calling its effort a “21st-century cyber stakeout.” The group linked to Hive is widely seen as one of the most prolific and dangerous cybercriminals in recent years. It has been linked to attacks on more than 1,500 victims including hospitals and schools—and has extorted more than $100 million in ransom payments, the Justice Department said. In an operation that began in the summer in Tampa, Fla., FBI agents infiltrated Hive’s network and used the access to identify victims and provide them keys with which to take back control of their networks, blocking $130 million in demanded ransoms, department officials said. Full Story
Source: The Wall Street Journal
The Cryptocrime Scene: A Summary of recent incidents and developments
01/27/2023
Hackers Take Control Of Robinhood Twitter Account To Promote Fake Crypto
Hackers broke through the social media accounts of Robinhood, the online crypto trading platform, to peddle a fraudulent coin. The fake token is called RBH on the Binance Smart Chain. On Jan. 25, the account released a tweet announcing the debut of the suspicious coin on BSC, with an initial price of $0.005. An analysis of the token reveals that creator and tokenomics information are missing. According to a BSC analysis provided by internet inspector ZackXBT, the fraudsters were able to extract around $8,200 worth of BNB tokens. Following the incident, the hacker had also posted on the platform’s other accounts. Robinhood afterwards said “We’re aware of the unauthorized posts from Robinhood Twitter, Instagram, and Facebook profiles, which were all removed within minutes.” Coinbase revealed that about 10 people had bought about $1,000 worth of the fake coin RBH before the tweet was taken down. Full Story
Source: Bitcoinist
01/27/2023
'Blockchain Bandit' Reawakens: $90M In Stolen Crypto Seen Shifting
A hacker dubbed the “Blockchain Bandit” has finally woken from a six-year slumber and has started to move their ill-gotten gains. According to Chainalysis, around $90 million in crypto pilfered from the attacker’s long-running string of “programmatic theft” since 2016 has started moving over the past week. This included 51,000 Ether and 470 Bitcoin — worth a total of around $90 million — leaving the bandit’s address for a new one. The hacker was dubbed the “Blockchain Bandit” due to being able to empty Ethereum wallets protected with weak private keys in a process termed “Ethercombing.” The attacker’s “programmatic theft” process has drained more than 10,000 wallets from individuals across the globe since the first attacks were perpetrated six years ago. Full Story
Source: Cointelegraph
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
01/26/2023
Dutch Hacker Obtained Virtually All Austrians' Personal Data, Police Say
A Dutch hacker arrested in November obtained and offered for sale the full name, address and date of birth of virtually everyone in Austria, the Alpine nation's police said yesterday. A user believed to be the hacker offered the data for sale in an online forum in May 2020, presenting it as "the full name, gender, complete address and date of birth of presumably every citizen" in Austria, police said in a statement, adding that investigators had confirmed its authenticity. The trove comprised close to nine million sets of data, police said. Austria's population is roughly 9.1 million. The 25-year-old suspect arrested in an Amsterdam apartment was known to international police and is under investigation by the Dutch police and judicial authorities, Austrian police said. Full Story
Source: Reuters
01/26/2023
Michigan Man In Prison Pleads To Hacking Cellphone Data, Emptying Bank Accounts
A Michigan man in prison for unemployment fraud pleaded guilty in connection with using cellphone account information to empty bank accounts, the state Attorney General’s office announced on Jan 25. Johnny Richardson entered his plea Friday in Wayne County Circuit Court in front of Judge Paul Cusick, records show. He was charged with conducting a criminal enterprise, a 20-year felony. “The charge stems from Richardson’s activities, which included hacking into the victims’ bank accounts by utilizing dark web identity information and using the ported cellphone numbers for two-factor authentication,” officials said. “The funds from the victims’ bank accounts and the unauthorized loans would then be routed through several other bank accounts. Richardson’s associates would intercept the mailed checks delivered to unsuspecting victims’ homes.” The scheme netted more than $379,000 USD for Richardson and his associates. Full Story
Source: The Star
01/26/2023
Morocco Extradites French Cybercrime Suspect To The U.S.
Morocco yesterday extradited to the U.S. a French national wanted for a string of alleged cybercrimes, a Moroccan police source told AFP. Sebastien Raoult was put on a flight from Casablanca to New York, the source said on condition of anonymity. "The operation was carried out by FBI agents," the source added. Raoult is suspected by the FBI of "conspiracy to commit electronic fraud and abuse", "serious identity theft" and of belonging to the ShinyHunters hacking group which has allegedly targeted US companies including Microsoft. Raoult, a 21-year-old former IT student from Epinal in eastern France, was arrested in Morocco in May last year on the basis of an Interpol red notice. Full Story
Source: Le Monde
01/26/2023
Sydney Court Dishes Out Jail Term For SMS Phishing Scam Involving 450 Victims
A 40-year-old Australian man has been sentenced to jail for more than two years over an SMS phishing scam, during which he stole AU$100,000 ($69,751) and targeted 450 victims. The Sydney Local Court found the man guilty of various cybercrime offences, including obtaining and supplying data with intent to commit a computer offence. He was sentenced to two years and eight months' imprisonment, said the Australian Federal Police (AFP), which gathered evidence from website registrations suspected of being used to facilitate the phishing scams. Investigations kicked off in Sep. 2021, with the AFP working alongside the NSW Police Cybercrime Squad to execute a search warrant at the man's home. SIM cards, bank cards, electronic devices, mobile phones, and storage devices were amongst items seized. Full Story
Source: ZDNet
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
01/27/2023
Scammers Posed As Tech Support To Hack Employees At Two US Agencies Last Year, Officials Say
Cybercriminals hacked employees of at least two U.S, federal civilian agencies last year as part of a “widespread” fraud campaign that sought to steal money from individuals’ bank accounts, U.S. cybersecurity officials revealed on Jan. 25. In one case, the unidentified hackers posed as tech support, convinced a federal employee to call them and then instructed the federal employee to visit a malicious website, according to the advisory from the U.S. Cybersecurity and Infrastructure Security Agency, National Security Agency and a threat-sharing center for state and local governments known as MS-ISAC. The goal of the scam, which appears to have hit both private sector and government agencies, was to trick victims into sending the scammers money. It was unclear if that happened in the case of the federal employees. Full Story
Source: CNN