The Sting DATE
💻🔥 Cyber Alert! 🔥💻
Stay informed with the latest incidents in the world of cyber threats. 💻🕵️♂️
In this edition of the newsletter, we bring you the latest updates on:
👨💻 Russian Cyber Gang Killnet taking down websites of top US Hospitals and Universities
💰 Ransomware attacks on the rise
💸 Hackers using fake business emails to steal $800,000 from a Houston company
🔓 Data leaks exposing personal information
🚨 Multiple cyber criminals arrested
🇮🇷 Iranian nation-state hacking a French magazine
💳 Data Breach at Vice Media involving Social Security Numbers
🏙️ City of London traders hit by Russia-linked cyber attack and more!
Stay protected with the latest insights and news. 💻🔒
Security Alert: Recent Data Breaches and Cyberattacks
2/06/2023
UK Engineering Company Vesuvius Hit By Cyber Attack
London-based engineering company Vesuvius Plc (VSVS:LSE) said it’s managing a cybersecurity incident involving unauthorized access to its systems. The molten metal flow control firm has shut down affected systems and initiated steps to assess the scale of the attack, it said in a statement today. The shares fell as much as 3.1 percent in early trading in London. The incident adds to a spate of security breaches reported by UK companies in recent weeks. Specialty chemicals supplier Morgan Advanced Materials Plc disclosed last month that it was the target of a cyber incident. A ransomware attack on UK’s Royal Mail disrupted its international letters and parcels delivery for several days. Full Story
Source: Bloomberg
02/04/2023
Cyberattack Forces Florida Hospital System To Divert Some Emergency Patients To Other Facilities
A cyberattack has forced a network of Florida health care organizations to send some emergency patients to other facilities and to cancel some non-emergency surgeries, the health care network said yesterday. Tallahassee Memorial HealthCare, which operates a 772-bed hospital and multiple specialty care centers, said an “IT security issue” on Feb. 1 forced it to take down its computer system. “We are also diverting EMS [emergency medical services] patients and will only be accepting Level 1 traumas from our immediate service area,” the hospital system said in a statement. Level 1 trauma refers to the most acute injuries and illnesses. Staff have been unable to access digital patient records and lab results because of the shutdown, a hospital source told CNN. Full Story
Source: CNN
02/03/2023
Data Breach At Vice Media Involved SSNs, Financial Info
A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 people. In two separate filings over the past week, Vice Media said it was alerted in Mar. 2022 that there was a cyberattack on its network. The media company hired a cybersecurity firm to investigate the incident and found that hackers managed to break into an internal Vice e-mail account. The company said that the effort to figure out what personal information was involved and find up-to-date addresses for all victims lasted until Jan. 25, 2023. In the first filing, Vice Media said Social Security numbers were involved in the breach – which affected 1,724 people. In the second filing five days later, the company said the breach also involved financial account numbers, credit and debit card numbers as well as security codes, access codes, passwords and PINs for accounts. Full Story
Source: The Record
Ransomware at Large: Current and Recent Incidents
02/06/2023
Ransomware Hacking Campaign Targets Europe And North America, Italy Warns
Italy’s National Cybersecurity Agency (ACN) warned yesterday of a large-scale campaign to spread ransomware on thousands of computer servers across Europe and North America. France, Finland and Italy are the most affected countries in Europe at the moment, while the U.S. and Canada also have a high number of targets, the ACN warned, according to Italian news agency ANSA. The attack targets vulnerabilities in VMware ESXi technology that were previously discovered but that still leave many organizations vulnerable to intrusion by hackers. France was the first country to detect the attack, according ANSA. The French cybersecurity agency ANSSI on Feb. 3 released an alert to warn organizations to patch the vulnerability. It is estimated that thousands of computer servers have been compromised around the world. Full Story
Source: Politico
02/04/2023
Metro Detroit Police Departments Targeted In Ransomware Attacks
Multiple Wayne County police agencies were targeted yesterday in a ransomware attack but were able to thwart a data breach thanks to quick actions. The details of what agencies were impacted and when by a cyberattack are still emerging, but Wyandotte Police Lt. Neil Hunter said they noticed a lot of phishing emails this week sent to officers and city workers. According to Hunter, a records management system that supports several downriver police agencies was hit with malware. They're still determining which departments all had to deal with the mess but FOX 2 has learned that servers had to be shut down temporarily to fix the issue. "Our IT identified it rather quickly. They took care of the problem before it became a bigger problem," Hunter said. Full Story
Source: Fox 2 Detroit
02/02/2023
City Of London Traders Hit By Russia-Linked Cyber Attack
Trading in the City of London has been plunged into chaos after a Russian-linked ransomware gang attacked a company that plays a key role in Britain’s financial system. Lockbit, the group behind the cyberattack against Royal Mail last month, targeted trading software provider Ion Group earlier this week. The London-based company plays an integral role in the plumbing that underpins the trading of shares, debt and derivatives in the Square Mile and around the world. Ion said 42 clients have been affected by the attack as it faces disruption in its cleared derivatives division. One senior City banker described the attack as a “major incident” that “would take out most of the City if it were to escalate”. The attack has also had a knock-on effect on other trade processing systems and has forced some companies to process trades manually. Full Story
Source: The Telegraph
02/02/2023
BlackCat Ransomware Hits Defence Contractor, Steals Weapons Data
The BlackCat (ALPHV) ransomware group claims to have hacked the industrial explosives manufacturer Solar Industries India Limited. It has stolen over 2 TB of critical data, including designs of weapons currently in use. The stolen data includes details about the company’s employees and customers, armament supply chains, and information about the other partners and contractors of the firm. The data further includes technical documentation of the company’s products, engineering documentation of the callout elements, blueprints of the weapons, details of warhead compositions, and internal product testing. the attackers managed to access all the production cameras and offices, and posted screenshots, along with several other images of stolen data as proof of the hack. Full Story
Source: Cyware Social
The Cryptocrime Scene: A Summary of recent incidents and developments
02/04/2023
YouTuber Baits MMA Fighter Into Secretly Shilling Fake NFTs For $1K
Coffeezilla, a YouTuber and crypto investigator, revealed that American mixed martial artist Dillon Danis promoted a fake NFT project without disclosing that he received $1,000 for the advertisement. While the support from numerous A-list celebrities expedited the nonfungible token (NFT) boom of 2021 and 2022, some promoted unvetted projects to fans without knowing if they were legitimate or scams. The practice retains its popularity in 2023 as markets recover. In the promotion, Danis tweeted out a digital image with a website URL, which, according to Coffeezilla, “literally spells out S.C.A.M.” A further investigation from Cointelegraph shows that the website was newly created on Feb. 1, 2023 — an important clue to check when checking the credibility of new projects. Full Story
Source: Cointelegraph
02/03/2023
Trader Is Charged In Alleged $110 Million Crypto Manipulation Scheme
A man who authorities say publicly admitted to manipulating trading on decentralized exchange Mango Markets and draining more than $110 million of cryptocurrency is now facing U.S. criminal and civil charges. The man, Avraham Eisenberg, a 27-year-old resident of Puerto Rico, made his first court appearance Thursday afternoon at the federal court in Manhattan after being arrested on Dec. 26 in San Juan, Puerto Rico, the Justice Department said. He faces charges of commodities fraud, commodities market manipulation and wire fraud in connection with what prosecutors said was manipulation of Mango Markets. Mr. Eisenberg remained in police custody on Thursday and will be arraigned Feb. 14, when he would be asked to enter a plea. Full Story
Source: The Wall Street Journal
02/03/2023
Spanish Police Arrest 3 Executives Of Crypto Platform Bitzlato
Spanish police on Thursday said they arrested the CEO, sales executive and marketing director of the crypto platform Bitzlato for its alleged involvement in money laundering. The police operation also involved simultaneous raids in France, Portugal, Cyprus and the U.S. In total, six people were arrested, all of Russian and Ukrainian nationals, and French police deactivated and seized the technology used to host the cryptocurrency platform. Police said Bitzalto was one of the main ways criminals could launder money with cryptocurrency on a global scale. The platform started in Russia and neighboring countries in 2016 under the name BTC Banker. It later expanded geographically, changed its name to Bitzlao and launched a peer-to-peer crypto exchange app in 2020. Spanish police say since its beginnings, the technology’s anonymity allowed it to become one of the main exchanges used by cybercriminal organization due to its anonymity. Full Story
Source: Anadolu Agency
02/02/2023
Australia's Black And White Cabs Booking Service Offline After Cyberattack
A cyberattack on Brisbane, Australia-based Black and White Cabs has shut down the company's phone and online booking system. Suspicious activity was detected by staff yesterday morning and a "serious threat" to the company was determined in the afternoon. Black and White Cabs has confirmed that a CryptoLocker virus has infiltrated its network security, and it has reported the attack to the Australian Cyber Security Centre."Unfortunately, the restoration of our systems is still a while off as we do not wish to resume operations when there is any doubt that the virus is not yet contained" said Greg Webb, Managing Director at the taxi company. Black and White Cabs has locations serving Queensland, Victoria, Western Australia and New South Wales. Full Story
Source: ABC News
02/02/2023
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
02/04/2023
Julius ‘Zeekill’ Kivimäki, Former Lizard Squad Hacker, Arrested In France
Julius Kivimäki, the Finnish member of Lizard Squad — who as a teenager in 2015 was convicted on over 50,000 counts of computer crimes — has been arrested again in France. Finnish police confirmed the arrest yesterday in a press release stating the suspect is being held by French authorities while they “immediately initiate measures to extradite the suspect to Finland.” Finland’s police service had issued a European arrest warrant for Kivimäki, who now goes by the first name Aleksanteri, on charges of computer-related crime and racketeering and extortion. He was being sought as part of an investigation into a cyberattack targeting Vastaamo, a Helsinki-based private psychotherapy center, that was made public in 2020. As a result of the hack, which began in 2018, sensitive patient data was stolen as well as financial information that was reportedly fraudulently used. Full Story
Source: The Record
02/03/2023
Trader Is Charged In Alleged $110 Million Crypto Manipulation Scheme
A man who authorities say publicly admitted to manipulating trading on decentralized exchange Mango Markets and draining more than $110 million of cryptocurrency is now facing U.S. criminal and civil charges. The man, Avraham Eisenberg, a 27-year-old resident of Puerto Rico, made his first court appearance Thursday afternoon at the federal court in Manhattan after being arrested on Dec. 26 in San Juan, Puerto Rico, the Justice Department said. He faces charges of commodities fraud, commodities market manipulation and wire fraud in connection with what prosecutors said was manipulation of Mango Markets. Mr. Eisenberg remained in police custody on Thursday and will be arraigned Feb. 14, when he would be asked to enter a plea. Full Story
Source: The Wall Street Journal
02/03/2023
Former Ubiquiti Dev Pleads Guilty In Data Theft And Extortion Case
A former Ubiquiti Networks employee accused of hatching an elaborate plot to first steal nearly $2 million from his employer, extort more, then later orchestrating a smear campaign against the company pleaded guilty to multiple felony charges yesterday. Nickolas Sharp, 36, of Portland, Ore. now faces a maximum of 35 years in prison after pleading to one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of making false statements to the FBI. The bizarre story behind the Sharp case is the stuff of CISO nightmares. As The Register previously reported at the time, Sharp was charged in connection with the high-profile Ubiquiti data theft and ransom attempt in late 2021. Full Story
Source: The Register
02/03/2023
Spanish Police Arrest 3 Executives Of Crypto Platform Bitzlato
Spanish police on Thursday said they arrested the CEO, sales executive and marketing director of the crypto platform Bitzlato for its alleged involvement in money laundering. The police operation also involved simultaneous raids in France, Portugal, Cyprus and the U.S. In total, six people were arrested, all of Russian and Ukrainian nationals, and French police deactivated and seized the technology used to host the cryptocurrency platform. Police said Bitzalto was one of the main ways criminals could launder money with cryptocurrency on a global scale. The platform started in Russia and neighboring countries in 2016 under the name BTC Banker. It later expanded geographically, changed its name to Bitzlao and launched a peer-to-peer crypto exchange app in 2020. Spanish police say since its beginnings, the technology’s anonymity allowed it to become one of the main exchanges used by cybercriminal organization due to its anonymity. Full Story
Source: Anadolu Agency
02/02/2023
Northern Ireland Teen Hacker Who Crashed KSI-Logan Paul Fight Site Sentenced
A teenager who made a computer virus to target a celebrity boxing match and hundreds of financial institutions has been given a suspended sentence. Josh Maunder, 19, targeted websites through a Distributed Denial of Service attack, which overloads a system with requests which are difficult to stop. Targets included Nationwide and the server hosting a boxing match between rapper KSI and YouTube star Logan Paul. The Northern Ireland teen was 15 when the crimes occurred between 2017 and 2018. Maunder, of Abbey Park in Bangor, pleaded guilty to 19 computer misuse offences. Handing down the sentence to Maunders, the judge said he would "have to bear in mind you were a child when the offences were committed".A total sentence of 20 months, suspended for three years, was passed. Full Story
Source: BBC
02/02/2023
U.S. Promoter Of Foreign Cryptocurrency Companies Sentenced To 60 Months In Prison
On Jan. 31, in federal court in Brooklyn, N.Y., John DeMarr was sentenced to 60 months in prison for his participation in a cryptocurrency and securities fraud scheme. The Court also ordered DeMarr to pay more than $3.5 million in forfeiture. In Jul. 2021, DeMarr pleaded guilty to one count of conspiracy to commit securities fraud. DeMarr conspired with others to defraud investor victims by inducing them to invest in their companies, “Start Options” and “B2G,” based on materially false and misleading representations. Start Options purported to be an online investment platform that provided cryptocurrency mining, trading, and digital asset trading services. B2G was purportedly an “ecosystem” that would allow users to trade B2G tokens, provide digital wallet staking, and trade digital and fiat currencies “on a secure, comprehensive platform.” Both Start Options and B2G, however, were fraudulent. News Release
Source: U.S. Department of Justice
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
02/06/2023
Hacks Rattle Stowe, Vermont Town Offices
Two separate cyberattacks in recent months continue to wreak havoc in Stowe’s town hall. The Stowe town clerk’s office is slowly regaining the ability to access online land records dating back to the end of World War II, after a holiday cyberattack on Cott Systems, which contracts with dozens of Vermont towns and more than 20 other states to manage their records. The two cyberattacks are unrelated — the phishing attempt in the town finance department happened Aug. 30 and appears to have directly targeted a particular email account, while the incident that affected the town clerk’s office stems from a Dec. 26 attack on an Ohio-based company that works with scores of towns and cities. Full Story
Source: Stowe Reporter
02/06/2023
Cyberattack Results In More Than $800K Stolen From Houston Business, Lawsuit Filed
A lawsuit has been filed after online hackers used fake business emails to steal more than $800,000 from a Houston company. Hackers reportedly controlled the account despite it looking like a legitimate company. In reality, officials said the unidentified hackers got access to an employee's computer and accessed their company's computer networks including email servers as well as accounts. Through these phishing attacks, they were able to create fake email addresses but identified employees responsible for financial obligations and posed as vendors who were owed money. That's how, according to the U.S. Attorney's Office, the employees were "tricked" into wiring funds to an account, that the hackers controlled. Full Story
Source: Fox 26 Houston
02/06/2023
Taiwan Car Rental Platform Plans Compensation For Data Leak Victims
Car rental and carshare platform iRent will prepare a compensation package for 400,000 clients deemed at risk from a recent leakage of private data, the company said Feb. 4. The service, which is managed by Hotai Motor, the group manufacturing Toyota vehicles in Taiwan, was accused of having left users’ personal information online unprotected by a password. Reports emerged Jan. 31 that the data included names and addresses as well as information about driver’s licenses and payment details. Hotai apologized for the leak Saturday, and said it would prepare compensation calculated in time and distance for an estimated 400,100 members. iRent alerted its members of the issue and hired a cybersecurity specialist to track down potential leaks. Full Story
Source: Taiwan News
02/06/2023
South Africa ISP RSAWeb Hit By Ransomware Attack
On Feb. 1 Cape Town, South Africa-based RSAWeb's services were down nationwide for a few hours and some of its customers experienced intermittent connectivity over the last few days after the attack. "RSAWeb was the target of a highly sophisticated cyberattack" said Rudy van Staden, CEO of the internet service provider. "On discovery, steps were immediately taken to contain and secure our systems. Our teams have been working tirelessly to restore services to all our customers, and to determine the cause of this malicious attack" van Staden added. He further explained that RSAWeb was targeted by an 'extremely capable and devious threat actor', and said that the attack was part of a campaign that has victimised many other businesses both in South Africa and globally. Full Story
Source: BizCommunity
02/04/2023
Iran Responsible For French Magazine Charlie Hebdo Attacks
Microsoft’s Digital Threat Analysis Center (DTAC) is attributing a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft calls this actor NEPTUNIUM, which has also been identified by the U.S. Department of Justice as Emennet Pasargad. In early January, a previously unheard-of online group calling itself “Holy Souls,” which we can now identify as NEPTUNIUM, claimed that it had obtained the personal information of more than 200,000 Charlie Hebdo customers after “gain[ing] access to a database.” As proof, Holy Souls released a sample of the data, which included a spreadsheet detailing the full names, telephone numbers, and home and email addresses of accounts that had subscribed to, or purchased merchandise from, the publication. This information, obtained by the Iranian actor, could put the magazine’s subscribers at risk of online or physical targeting by extremist organizations. Full Story
Source: Microsoft
02/04/2023
Suicide Helpline's Outage Was Caused By A Cyberattack, Feds Say
A cyberattack caused a nearly daylong outage of the nation's new 988 mental health helpline late last year, federal officials told The Associated Press Friday. “On Dec. 1, the voice calling functionality of the 988 Lifeline was rendered unavailable as a result of a cybersecurity incident,” Danielle Bennett, a spokeswoman for the Substance Abuse and Mental Health Services Administration, said in an email. The attack occurred on the network for Intrado, the company that provides telecommunications services for the helpline. The agency did not disclose details about who it believes launched the attack or what kind of cyberattack occurred. Intrado is working with a third-party assessor to investigate the incident and law enforcement agencies have been notified of the breach, SAMHSA said. Full Story
Source: NBC 5 Chicago
02/03/2023
Data Breach At Vice Media Involved SSNs, Financial Info
A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 people. In two separate filings over the past week, Vice Media said it was alerted in Mar. 2022 that there was a cyberattack on its network. The media company hired a cybersecurity firm to investigate the incident and found that hackers managed to break into an internal Vice e-mail account. The company said that the effort to figure out what personal information was involved and find up-to-date addresses for all victims lasted until Jan. 25, 2023. In the first filing, Vice Media said Social Security numbers were involved in the breach – which affected 1,724 people. In the second filing five days later, the company said the breach also involved financial account numbers, credit and debit card numbers as well as security codes, access codes, passwords and PINs for accounts. Full Story
Source: The Record
02/03/2023
Skyview Networks Suffers Security Incident
An unauthorized person or group gained access to internal systems used by Skyview Networks this week, disrupting the delivery of the CBS World News Roundup and other programming to radio affiliates on Jan. 30. The issue was confirmed in an email sent to Radio Ink by Steve Jones, the president and CEO of Skyview. Skyview activated its comprehensive incident response plan,” Jones affirmed. “We have initiated advanced monitoring and threat detection across our systems and data. We have also involved industry-leading forensic experts to help us contain and investigate the incident. These efforts are fully underway.” Stations were notified about the issue Monday morning when CBS News Radio sent a bulletin urging them to replace the slot where CBS World News Round would normally air with local programming. Full Story
Source: Radio Ink
02/03/2023
Former Ubiquiti Dev Pleads Guilty In Data Theft And Extortion Case
A former Ubiquiti Networks employee accused of hatching an elaborate plot to first steal nearly $2 million from his employer, extort more, then later orchestrating a smear campaign against the company pleaded guilty to multiple felony charges yesterday. Nickolas Sharp, 36, of Portland, Ore. now faces a maximum of 35 years in prison after pleading to one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of making false statements to the FBI. The bizarre story behind the Sharp case is the stuff of CISO nightmares. As The Register previously reported at the time, Sharp was charged in connection with the high-profile Ubiquiti data theft and ransom attempt in late 2021. Full Story
Source: The Register
02/03/2023
Cybersecurity Company Cyren On Verge Of Shut Down After Laying Off Entire Workforce
Israeli-founded cybersecurity company Cyren is on the verge of shutting down after announcing a plan to lay off its entire workforce of 121 employees, including 50 employees in Israel. The company, which provides inbox security and threat detection solutions, announced on Feb. 1 that, “in response to current market conditions and associated challenges with raising additional capital,” it has approved a plan to “reduce its workforce by approximately 121 employees, representing substantially all of the company's workforce.” Cyren added in its statement that “in the absence of additional sources of liquidity, management anticipates that the company's existing cash and projected cash flows from operations will not be sufficient to meet the company's working capital needs in the near term. Full Story
Source: CTech