The Sting DATE
Security Alert: Recent Data Breaches and Cyberattacks
03/11/2023
AT&T Vendor Data Breach Exposed 9 Million Customer Accounts
AT&T customer data was exposed in January through a third-party vendor that had been hacked, the carrier confirmed, affecting around 9 million customer accounts. This included basic personal information but no financial data or Social Security numbers. The data that AT&T had provided to the marketing vendor which had been exposed was "mostly related to device upgrade eligibility." It included basic personal information such as customer names, account numbers, phone numbers and email addresses, as well as the number of lines on the account, devices used and installment agreement information. This is the first time the carrier's customer data has been exposed in years as rival T-Mobile had just wrapped up paying out $350 million to subscribers affected by a 2021 cyberattack when it was hacked again back in January, exposing 37 million customers' data. Full Story
Source: CNET
03/09/2023
Data Breach Could Compromise Lawmakers’ Personal Information
The online health insurance marketplace for members of Congress and Washington, D.C., residents was subjected to a hack that compromised the personal identifying information of potentially thousands of lawmakers, their spouses, dependents and employees, according to a letter from House leaders informing their colleagues about the breach and a memo from the Senate’s top security official. The Capitol Police and the FBI informed Speaker Kevin McCarthy, Republican of California, and Representative Hakeem Jeffries, Democrat of New York and the minority leader, of the attack on the D.C. Health Link marketplace. Federal investigators had been able to purchase personal information about members of Congress and their families on the “dark web” because of the breach, the letter said. The online health insurance marketplace serves about 11,000 members of Congress and their staffs, and nearly 100,000 people overall. Full Story
Source: The New York Times
03/08/2023
Acer Breached, Hacker Selling Access To 160GB Of Stolen Data
Acer has been breached by a hacker who claims to have stolen confidential data from the PC maker, including files on the company’s products. The culprit is now selling access to the stolen files on a forum frequented by hackers. “The leak contains a total 160GB of 655 directories, and 2,869 files,” the attacker wrote in the post. Allegedly, the stolen data includes confidential presentations, product model documentation, and data about the BIOS system used on Acer computers. On the forum, the hacker also posted samples of some of the stolen files. Acer confirms it suffered a breach. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians" the company tells PCMag in a statement. The hacker also claims the stolen data includes details about Acer’s backend infrastructure. Full Story
Source: PCMag
03/06/2023
Hackers Steal ₦2.9 Billion From African Fintech Unicorn Flutterwave Accounts
According to documents seen by Techpoint Africa, ₦2,949,557,867 has been illegally transferred from the accounts of African fintech unicorn, Flutterwave. On Feb. 19, Flutterwave’s legal counsel, Albert Onimole, reported the case to the Deputy Commissioner of Police, State Criminal Intelligence Department, Panti, Yaba, Lagos. Per Onimole’s letter, the hack on Flutterwave’s accounts occurred about two weeks ago. It was said that the money was initially transferred to 28 accounts in 63 transactions. While the incident was reported to the police on Feb. 13, with the list of accounts that had received the money, the police could not freeze the funds. Questions about how hackers got past Flutterwave’s security and what this means for the unicorn’s customers remain unanswered. Full Story
Source: Techpoint Africa
Ransomware at Large: Current and Recent Incidents
03/11/2023
What Happens If You 'Cover Up' A Ransomware Infection? For Blackbaud, A $3M Charge
Charleston, S.C.-based Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of its customers. in May 2020, Blackbaud experienced a ransomware infection, quietly paid off the crooks, and didn't tell customers until Jul. 2020. When the software company did notify customers, it assured them that the "cybercriminal did not access…bank account information, or social security numbers". By the end of that month, the SEC claims that Blackbaud personnel discovered that the miscreants had accessed unencrypted donor bank account information and social security numbers. But the employees allegedly didn't tell senior management about the theft of sensitive customer data because Blackbaud "did not have policies or procedures in place designed to ensure they do so," the court documents say. Full Story
Source: The Register
03/10/2023
Cyberattack Shuts Down Pennsylvania School. Seven Other Districts Impacted.
One Pennsylvania school is closed and seven other school districts have been impacted by a cyberattack. Officials at the Wilkes-Barre Area Career and Technical Center told Eyewitness News they are working with law enforcement, including the FBI, to get some answers. “We are still looking at it. It does look like ransomware,” said Wilkes-Barre Area CTC Administrative Director Dr. Anthony Guariglia. WB CTC investigators and law enforcement are still trying to determine how the cybercriminals gained access to their computer systems. Students worked from home yesterday and and will do so again today so that every computer is verified to be clean. There are 930 students from the districts affected. Schools impacted by the attack include Wilkes-Barre, Nanticoke, Hanover, Pittston, Crestwood, Old Forge and Riverside. Full Story
Source: PAhomepage
03/10/2023
Spanish Amusement Park Giant Hit With Cyberattack
A Spanish amusement park company with businesses around the globe is investigating a cyberattack after a ransomware group claimed to have stolen sensitive information. Parques Reunidos Group runs more than 60 water and amusement parks, zoos, aquariums and entertainment centers across Europe, the U.S., the United Arab Emirates and Australia. The company brings in hundreds of millions of dollars each year and welcomes more than 22 million people to its parks annually. The BianLian ransomware group said on Mar. 3 it had launched the attack and stole employee information, including passport details, as well as information on the company's partners, data on park-related incidents, financial records, internal emails and legal documents. Parques Reunidos in a statement on its website admitted that they “have been subjected to an unauthorized external access” to its computer systems. Full Story
Source: The Record
03/09/2023
Doctors' Passports On The Street After Hack At Gelderland Elderly Care Home
Cybercriminals have leaked the passports of doctors, nurses and physiotherapists who work or used to work at Attent Care and Treatment, an institution for elderly care in Gelderland, a province of the Netherlands. The organization fell victim to a ransomware attack last month. The documents, along with other sensitive data, have been published by the criminals on the dark web. It concerns a total of 74 passport documents that have been leaked. According to the cybercriminals, this is just a foretaste: if Attent Care and Treatment refuses to pay, all stolen documents will be published, they threaten. The cybercriminals, who belong to the Qilin ransomware group, claim that they have stolen "hundreds of gigabytes of data". Attent Care and Treatment, which is active in Doesburg, Dieren, Rheden, Velp, Arnhem and the municipality of Overbetuwe, states that the attack was discovered on Feb. 17. A total of around 1450 employees and 500 volunteers work at organization. Full Story
Source: RTL Nieuws
03/09/2023
Group 1001 Restores Full Operations After Cyberattack, Does Not Pay Ransom
A notification from Group 1001, Inc. states "We would like to provide an update to our stakeholders concerning recent system interruptions experienced by certain Group 1001 Insurance member companies, including Delaware Life Insurance Company, Clear Spring Life and Annuity Company, Clear Spring Property and Casualty Company, and our Clear Spring Health business." An overview of the incident was provided. "Beginning on Feb. 9, 2023, we were alerted to the existence of sophisticated ransomware on our IT infrastructure. We launched an investigation, and a team of third-party forensic experts was engaged to assist. Based on our investigation to date, our forensic experts have confirmed that the ransomware code deployed in our environment has been contained and will not spread to any other internal or external systems. We did not pay a ransom. Incident Update
Source: Cybercrime Magazine
03/09/2023
Cyberattack Hits Canadian Engineering Giant With Contracts For Military Bases, Power Plants
Toronto-based Black & McDonald has been hit with a ransomware attack and has so far refused to publicly comment on it, while the Department of National Defence and other clients of the company have downplayed any impact or damage. "Black & McDonald notified OPG that they had experienced a ransomware attack which was unrelated to OPG operations and information," said an Ontario Power Generation spokesperson. Black & McDonald and its subsidiary Canadian Base Operators have several multimillion-dollar contracts with the Defence Department for the support of Canadian military bases, including one signed in 2020 and valued at $157 million over 10 years. The company, which has 5,500 employees across Canada and reported more than $1.5 billion in sales last year, also provides engineering and construction services for critical infrastructure projects, including nuclear power plants, airports and with the Toronto Transit Commission. Full Story
Source: CTV News
03/08/2023
Gang Leaks Lehigh Valley Health Network Cancer Patient Photos As Part Of Data Hack
A ransomware gang has posted photos of Lehigh Valley Health Network cancer patients on the dark web after the health network refused to pay a ransom last month following a cyberattack. “This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” the network said in a prepared statement. ALPHV, also known as BlackCat, is associated with Russia and known for similar cyberattacks in academia and healthcare sectors. The group posted a message on Mar. 4 saying it had stolen patient data including nude photos, passports, and questionnaires, and was ready to publish it. LVHN released a statement last month on the ransomware attack, saying it involved information and patient images for radiation oncology treatment from a single physician practice in Lackawanna County. Full Story
Source: Lehigh Valley Live
03/07/2023
Georgia Healthcare System Falls Victim To Cybersecurity Attack
Houston Healthcare, based in Warner Robins, Ga., was hit by a ransomware attack last week. On Mar. 3, a representative for HHC said they were using "back up processes" and "downtime procedures." When hospitals are involved (in a cyberattack) there's more to worry about than a data leak. Anything running on a computer can be affected, for instance an MRI machine. "HHC recently experienced a cybersecurity incident that is impacting some of our operations" states a cybersecurity incident notice on HHC's website. "We are working with third-party experts to investigate this incident and bring our systems back online as quickly and safely as possible, and in a way that prioritizes patient care." HHC's 7 entities have 282 beds and 2 fully accredited acute care medical facilities serving more than 300,000 patients a year. Full Story
Source: 13MAZ
03/07/2023
Cyberattack Hits Major Hospital In Spanish City Of Barcelona
A ransomware attack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of 150 non-urgent operations and up to 3,000 patient checkups. The attack Mar. 5 on the Hospital Clinic de Barcelona shut down computers at the facility's laboratories, emergency room and pharmacy at three main centers and several external clinics. “We can’t make any prediction as to when the system will be back up to normal,” hospital director Antoni Castells told a news conference yesterday. A Catalonia regional government statement said the region’s Cybersecurity Agency was working to restore the system. The agency said Monday the attack was orchestrated from outside of Spain by a group called “Ransom House.” Full Story
Source: ABC News
The Cryptocrime Scene: A Summary of recent incidents and developments
03/08/2023
DeFi Lender Tender.Fi Suffers Exploit, White Hat Hacker Returns Funds
An ethical hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, leading the service to halt borrowing while it attempts to recoup its assets. Web3-focused smart contract auditor CertiK, and blockchain analyst Lookonchain, flagged an exploit that saw crypto funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing “an unusual amount of borrows” through the protocol. A white hat hacker that carried out the exploit made contact with Tender.fi in the hours after the incident to open discussions about returning funds that were siphoned through the exploit. White hat hackers are also known as ethical hackers and typically look for and take advantage of security flaws in different protocols before returning funds. Full Story
Source: Cointelegraph
03/07/2023
Hong Kong’s Losses To Crypto Scams Doubled To $217M Last Year
Losses from crypto scams in Hong Kong amounted to 1.7 billion Hong Kong dollars ($216.6 million) last year — surging 106 percent from a year before — according to local police. The number of crypto-related scams reported in Hong Kong in 2022 equaled 2,336 cases, surging 67 percent from 1,397 cases recorded by police in 2021, the South China Morning Post reported. Hong Kong scams involving crypto accounted for more than 50 percent of the 3.2 billion HK$ ($407 million) stolen from city residents in technology crimes, according to the official data from the Hong Kong police CyberDefender website. In the previous four years, online scammers bagged a similar amount of money or about 3 billion HK$ annually. Full Story
Source: Cointelegraph
03/06/2023
Bitcoin ATM Firm Allegedly Profited From Crypto Scams Via Unlicensed Kiosks: Prosecutor
A Bitcoin technology firm and its executives have been indicted for allegedly operating unlicensed crypto kiosks in Ohio that knowingly benefited from victims of cryptocurrency scams. S&P Solutions, which operated as Bitcoin of America, along with three of its executives, are facing charges of money laundering, conspiracy and other crimes connected to the operation of more than 50 unlicensed crypto kiosks in the state. A Cuyahoga County grand jury returned the indictment on Mar. 1 against the firm, the owner and founder, Sonny Meraban, manager Reza Meraban, and company attorney William Suriano. The trio was arrested last week and search warrants were executed on their residences in Florida and Illinois. Full Story
Source: Cointelegraph
03/03/2023
Crypto Con Artists Leave Trail Of ‘Rip Deal’ Victims From Amsterdam To Rome
The crypto industry is rife with exploits, hacks and digital pump-and-dump schemes – some of them netting upwards of hundreds of millions of dollars in a matter of seconds, from a computer somewhere, the identity of the perpetrator typically obscured behind a fake online identity. So it would seem almost pulled straight from a Hollywood script that a crew of smooth-acting fraudsters would spend weeks or months courting blockchain-project executives, unspooling an elaborate investment narrative, then follow through with in-person, face-to-face meetings at a restaurant – only to ultimately abscond with cryptocurrencies in the single-digit-millions of dollars and never be seen or heard from again. And yet, based on interviews with victims and authorities, this exact scenario has played out multiple times in recent months in cities across Europe, including Rome, Barcelona, Amsterdam and Brussels. Full Story
Source: CoinDesk
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
03/11/2023
Former Navy Couple Pleads Guilty To Hacking Database Containing People’s Identities
Former Navy couple, Marquis Hooper, 32, and Natasha Chalk, 39, of Fresno County, Calif., pleaded guilty to a conspiracy where they hacked a database that contained personally identifiable information (PII) and sold it on the dark web for $160,000 in digital currency. Hooper also pleaded guilty to underlying wire fraud and aggravated identity theft charges. When Hooper was a chief petty officer and Chalk was a reservist in the Navy, Hooper opened an account with a private company that maintains a database containing PII for millions of people. The company restricts access to the database to businesses and government agencies that have a demonstrated, lawful need for the PII. Beginning in Aug. 2018, Hooper opened an online account with the company by falsely representing that the Navy needed him to perform background checks on sailors. After Hooper opened his account, he added Chalk. The couple used Hooper’s access to the company’s database to obtain the PII of over 9,000 people. They then sold the PII on the dark web for $160,000. News Release
Source: U.S. Department of Justice
03/10/2023
N.J. Police Captain Charged With Stealing Computers, IA Records From Department
Suspended Boonton police Capt. Stephen Jones, who last year filed a whistleblower lawsuit against the town, has been charged by the New Jersey Attorney General's Office with stealing computer towers from his department and tampering with public records. Jones, 42, also stole his own personnel and internal affairs files, AG Matthew Platkin said in a statement Mar. 8. The charges were filed after an investigation by the Corruption Bureau of the state Office of Public Integrity and Accountability. That investigation followed a conflict that began in 2020 as Jones, a 24-year veteran of the department, clashed with town administrators over several issues including software and hardware purchases to facilitate Boonton's switch to the Morris County dispatching system. The dispute eventually led to Jones' suspension with pay in April of last year. The investigation concluded three of the stolen computers contained police information, including internal affairs files. Full Story
Source: Daily Record
03/10/2023
People Were Unwittingly Implanted With Fake Devices In Medical Scam, FBI Alleges
Chronic pain patients were implanted with “dummy” pieces of plastic and told it would ease their pain, according to an indictment charging the former CEO of the firm that made the fake devices with fraud. Laura Perryman, the former CEO of Stimwave LLC, was arrested in Florida on Mar. 9. According to an FBI press release, Perryman was indicted “in connection with a scheme to create and sell a non-functioning dummy medical device for implantation into patients suffering from chronic pain, resulting in millions of dollars in losses to federal healthcare programs.” The Stimwave “Pink Stylet” system consisted of an implantable electrode array for stimulating the target nerve, a battery worn externally that powered it, and a separate, 9-inch long implantable receiver. When doctors told Stimwave that the long receiver was difficult to place in some patients, Perryman allegedly created the “White Stylet,” a receiver that doctors could cut to be smaller and easier to implant—but was actually just a piece of plastic that did nothing. Full Story
Source: Motherboard
03/10/2023
Federal Authorities Seize Internet Domain Selling Netwire RAT Malware
As part of an international law enforcement effort, federal authorities in Los Angeles this week seized an internet domain that was used to sell computer malware used by cybercriminals to take control of infected computers and steal a wide array of information. A seizure warrant approved by a U.S. Magistrate Judge on Mar. 3 and executed on Mar. 7 led to the seizure of worldwiredlabs.com, which offered the NetWire remote access trojan (RAT), a sophisticated program capable of targeting and infecting every major computer operating system. “A RAT is a type of malware that allows for covert surveillance, allowing a ‘backdoor’ for administrative control and unfettered and unauthorized remote access to a victim’s computer, without the victim’s knowledge or permission,” according to court documents filed in Los Angeles. News Release
Source: U.S. Department of Justice
03/07/2023
Police Arrest Suspected Members Of Prolific DoppelPaymer Ransomware Gang
An international law enforcement operation has led to the arrests of suspected core members of the prolific DoppelPaymer ransomware operation. German and Ukrainian police, working with law enforcement partners including Europol and the U.S. Federal Bureau of Investigation (FBI), said they took action last month against the notorious group blamed for numerous large-scale attacks since 2019. German police said they raided the house of a German national believed to have played a “major role” in the DoppelPaymer ransomware group. At the same time, Ukrainian police officers interrogated a Ukrainian national who is also believed to be a core member of the Russia-linked ransomware operation. The authorities say they are analyzing the equipment seized during the raids to determine the suspects’ exact role and links to other accomplices. Full Story
Source: TechCrunch
03/06/2023
Bitcoin ATM Firm Allegedly Profited From Crypto Scams Via Unlicensed Kiosks: Prosecutor
A Bitcoin technology firm and its executives have been indicted for allegedly operating unlicensed crypto kiosks in Ohio that knowingly benefited from victims of cryptocurrency scams. S&P Solutions, which operated as Bitcoin of America, along with three of its executives, are facing charges of money laundering, conspiracy and other crimes connected to the operation of more than 50 unlicensed crypto kiosks in the state. A Cuyahoga County grand jury returned the indictment on Mar. 1 against the firm, the owner and founder, Sonny Meraban, manager Reza Meraban, and company attorney William Suriano. The trio was arrested last week and search warrants were executed on their residences in Florida and Illinois. Full Story
Source: Cointelegraph
03/03/2023
Woman Charged For Alleged Cyberattack Against Australian Federal MP
An Australian woman has been charged with allegedly sending more than 32,000 emails over a 24-hour period to the office of a Federal Member of Parliament (MP). The volume of the emails impaired workers from operating IT systems and stopped members of the public from making contact with the office. The Werrington woman, 34, was arrested by the Australian Federal Police at her home on Mar. 1 and appeared before Penrith Local Court the next day, where she was granted bail with strict conditions to reappear on Apr. 11. The woman was charged with one count of committing unauthorised impairment of electronic communication. The maximum penalty for this offence is 10 years’ imprisonment. Further charges have not been ruled out as the investigation continues. Full Story
Source: Australian Federal Police
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
03/11/2023
Privacy Watchdog Probes Breach At Toronto Breast Milk Bank For Fragile Babies
Ontario's privacy watchdog is investigating a data breach at a breast milk bank that provides breast milk to medically fragile babies across the province. The breach happened at the Rogers Hixon Ontario Human Milk Bank, according to the Office of the Information and Privacy Commissioner of Ontario. The milk bank is part of Sinai Health, a hospital system in Toronto. The commissioner's office said in an email on Mar. 7 that Sinai Health told it about the breach on Feb. 10 and the office has opened a file. However, in an email to CBC Toronto, Sinai Health said its vendor, Timeless Medical Systems, a third party service provider, informed the milk bank on Dec. 21, 2022 that it was having "service issues." At that point, the milk bank stopped uploading documents to its servers and asked for regular updates on the situation. Then on Jan. 12, its vendor told Sinai Health that the service issues were related to a "cybersecurity event." Full Story
Source: CBC
03/11/2023
Mental Health Startup Exposes The Personal Data Of More Than 3 Million People
A mental health startup exposed the personal data of as many as 3.1 million people online. In some cases, possibly sensitive information on mental health treatment was leaked, according to a company statement and a Department of Health and Human services filing. Cerebral, a California-based firm that connects people suffering from anxiety and depression with mental health professionals via video calls, said it discovered the “inadvertent” data exposure more than three years after it started using “pixels” – a common method that companies and advertisers use to track user behavior for marketing purposes. The company determined in January that tracking pixels had been sharing client and user data to “third-party platforms” and “subcontractors” that it didn’t name, according to a privacy notice near the bottom of its website. Full Story
Source: CNN
03/11/2023
Former Navy Couple Pleads Guilty To Hacking Database Containing People’s Identities
Former Navy couple, Marquis Hooper, 32, and Natasha Chalk, 39, of Fresno County, Calif., pleaded guilty to a conspiracy where they hacked a database that contained personally identifiable information (PII) and sold it on the dark web for $160,000 in digital currency. Hooper also pleaded guilty to underlying wire fraud and aggravated identity theft charges. When Hooper was a chief petty officer and Chalk was a reservist in the Navy, Hooper opened an account with a private company that maintains a database containing PII for millions of people. The company restricts access to the database to businesses and government agencies that have a demonstrated, lawful need for the PII. Beginning in Aug. 2018, Hooper opened an online account with the company by falsely representing that the Navy needed him to perform background checks on sailors. After Hooper opened his account, he added Chalk. The couple used Hooper’s access to the company’s database to obtain the PII of over 9,000 people. They then sold the PII on the dark web for $160,000. News Release
Source: U.S. Department of Justice
03/11/2023
Cyberattack On Hawaii's Electronic Death Registry Affected About 3,400 Records
The Hawaii Department of Health is responding to a January cyberattack on the state's Electronic Death Registry System after investigators found about 3,400 death records might have been compromised. At the time of the breach, the department was notified by its cybersecurity vendor that login credentials for the EDRS were placed for sale on the dark web. After shutting down the EDRS account, the DOH said they began looking into the cause. After completing an investigation on Feb. 15, the department found the compromised login belonged to a medical certifier at a local hospital whose account was not deactivated after he left the position in Jun. 2021. The compromised records had a date of death ranging from 1998 to 2023, with 90 percent occurring in 2014 or earlier. Full Story
Source: Hawaii Public Radio
03/10/2023
Swiss Cybersecurity Company Acronis Admits To Data Leak As 12GB Trove Appears Online
The CISO of Swiss cybersecurity firm Acronis has acknowledged a breach of the company’s systems but stated the incident only impacted a single customer and that all other data remains safe. A post [PDF] yesterday to the notorious Breached Forums leak-mart brought news of the breach. In that post an attacker named kernelware - who also cracked Acer - claimed he/she had hacked and leaked certificate files, command logs, system configurations, system information logs, archives of their filesystem, python scrips for an Acronis database, backup configuration and oodles of screenshots of backup operations. Kernelware stated that although the $120 million company is in the data protection and infosec business, it had “dogshit security” and the reason for the breach was that the hacker was bored, so decided to “humiliate” them. The archive posted by kernelware held a total of 12.2 GBs worth of files. Full Story
Source: The Register
03/10/2023
Cyberattack Shuts Down Pennsylvania School. Seven Other Districts Impacted.
One Pennsylvania school is closed and seven other school districts have been impacted by a cyberattack. Officials at the Wilkes-Barre Area Career and Technical Center told Eyewitness News they are working with law enforcement, including the FBI, to get some answers. “We are still looking at it. It does look like ransomware,” said Wilkes-Barre Area CTC Administrative Director Dr. Anthony Guariglia. WB CTC investigators and law enforcement are still trying to determine how the cybercriminals gained access to their computer systems. Students worked from home yesterday and and will do so again today so that every computer is verified to be clean. There are 930 students from the districts affected. Schools impacted by the attack include Wilkes-Barre, Nanticoke, Hanover, Pittston, Crestwood, Old Forge and Riverside. Full Story
Source: PAhomepage
03/10/2023
People Were Unwittingly Implanted With Fake Devices In Medical Scam, FBI Alleges
Chronic pain patients were implanted with “dummy” pieces of plastic and told it would ease their pain, according to an indictment charging the former CEO of the firm that made the fake devices with fraud. Laura Perryman, the former CEO of Stimwave LLC, was arrested in Florida on Mar. 9. According to an FBI press release, Perryman was indicted “in connection with a scheme to create and sell a non-functioning dummy medical device for implantation into patients suffering from chronic pain, resulting in millions of dollars in losses to federal healthcare programs.” The Stimwave “Pink Stylet” system consisted of an implantable electrode array for stimulating the target nerve, a battery worn externally that powered it, and a separate, 9-inch long implantable receiver. When doctors told Stimwave that the long receiver was difficult to place in some patients, Perryman allegedly created the “White Stylet,” a receiver that doctors could cut to be smaller and easier to implant—but was actually just a piece of plastic that did nothing. Full Story
Source: Motherboard
03/10/2023
Federal Authorities Seize Internet Domain Selling Netwire RAT Malware
As part of an international law enforcement effort, federal authorities in Los Angeles this week seized an internet domain that was used to sell computer malware used by cybercriminals to take control of infected computers and steal a wide array of information. A seizure warrant approved by a U.S. Magistrate Judge on Mar. 3 and executed on Mar. 7 led to the seizure of worldwiredlabs.com, which offered the NetWire remote access trojan (RAT), a sophisticated program capable of targeting and infecting every major computer operating system. “A RAT is a type of malware that allows for covert surveillance, allowing a ‘backdoor’ for administrative control and unfettered and unauthorized remote access to a victim’s computer, without the victim’s knowledge or permission,” according to court documents filed in Los Angeles. News Release
Source: U.S. Department of Justice
03/09/2023
Hacker Leaks 73M Records From Indian HDFC Bank Subsidiary
A hacker using the alias Kernelware has leaked 7.5 GB of customer data belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank. Kernelware is the same hacker who breached Acer Inc. and leaked 160 GB worth of data on a hacker forum a few days ago. As for the HDFC’s breach, the data was posted on the hacker forum ‘Breached forum’ and contains over 72 million entries.The leaked data includes personal information such as full names, dates of birth, phone numbers, and email addresses. It also contains employment information, loan details, transaction methods, processing fees, bank names and branches, credit scores, and Experian scores. While HDFC Bank denies any data leak, analysis reveals that the data belongs to HDB Financial Services, and the leaked data was of HDB’s consumers who had applied for loans between May 2022 and Feb. 2023. Full Story
Source: Hack Read
03/09/2023
Hacking Group Defaces Faroe Islands Tourist Website
A hacking group defaced the tourist website for the Faroe Islands – a self-governing territory of the Kingdom of Denmark — and claimed it stole employee data and other sensitive information. The archipelago of 18 islands has a population of 54,000 and is situated between Norway, Iceland and Scotland’s Shetland Islands. An IT security specialist with Gjaldstovan – an arm of the island’s Ministry of Finance in charge of public IT, finance and digitalisation – told The Record that the company that runs the site was breached by the SeigedSec hacking group. On Telegram, SeigedSec claimed it breached “one of the main websites for the Faroe Islands” and stole personal data alongside the source code for the “Visit Faroe Islands” website. They shared screenshots of the website's backend and more. Full Story
Source: The Record
03/09/2023
Doctors' Passports On The Street After Hack At Gelderland Elderly Care Home
Cybercriminals have leaked the passports of doctors, nurses and physiotherapists who work or used to work at Attent Care and Treatment, an institution for elderly care in Gelderland, a province of the Netherlands. The organization fell victim to a ransomware attack last month. The documents, along with other sensitive data, have been published by the criminals on the dark web. It concerns a total of 74 passport documents that have been leaked. According to the cybercriminals, this is just a foretaste: if Attent Care and Treatment refuses to pay, all stolen documents will be published, they threaten. The cybercriminals, who belong to the Qilin ransomware group, claim that they have stolen "hundreds of gigabytes of data". Attent Care and Treatment, which is active in Doesburg, Dieren, Rheden, Velp, Arnhem and the municipality of Overbetuwe, states that the attack was discovered on Feb. 17. A total of around 1450 employees and 500 volunteers work at organization. Full Story
Source: RTL Nieuws
03/09/2023
Group 1001 Restores Full Operations After Cyberattack, Does Not Pay Ransom
A notification from Group 1001, Inc. states "We would like to provide an update to our stakeholders concerning recent system interruptions experienced by certain Group 1001 Insurance member companies, including Delaware Life Insurance Company, Clear Spring Life and Annuity Company, Clear Spring Property and Casualty Company, and our Clear Spring Health business." An overview of the incident was provided. "Beginning on Feb. 9, 2023, we were alerted to the existence of sophisticated ransomware on our IT infrastructure. We launched an investigation, and a team of third-party forensic experts was engaged to assist. Based on our investigation to date, our forensic experts have confirmed that the ransomware code deployed in our environment has been contained and will not spread to any other internal or external systems. We did not pay a ransom. Incident Update
Source: Cybercrime Magazine
03/09/2023
Cyberattack Hits Canadian Engineering Giant With Contracts For Military Bases, Power Plants
Toronto-based Black & McDonald has been hit with a ransomware attack and has so far refused to publicly comment on it, while the Department of National Defence and other clients of the company have downplayed any impact or damage. "Black & McDonald notified OPG that they had experienced a ransomware attack which was unrelated to OPG operations and information," said an Ontario Power Generation spokesperson. Black & McDonald and its subsidiary Canadian Base Operators have several multimillion-dollar contracts with the Defence Department for the support of Canadian military bases, including one signed in 2020 and valued at $157 million over 10 years. The company, which has 5,500 employees across Canada and reported more than $1.5 billion in sales last year, also provides engineering and construction services for critical infrastructure projects, including nuclear power plants, airports and with the Toronto Transit Commission. Full Story
Source: CTV News