The Sting Valentine's 2023 edition remembering the I love You Virus Edition
❤️Happy Valentine's Day!❤️ As we celebrate love and affection this holiday, let's not forget about the dark side of technology and the love that the infamous Melissa virus spread 24 years ago. As one of the first widely spread computer viruses, the "I Love You" virus wreaked havoc on computer systems and showed us the dangers of downloading attachments from unknown sources. In this edition of The Sting Newsletter, we'll be diving into some of the latest cybersecurity incidents, including the recent hacker attacks on various organizations. From the targeting of Bahrain Airport to the phishing attack on Highmark Health, we'll explore the incidents and offer insights into how they could have been prevented. So, sit back, grab a cup of coffee, and let's delve into the world of cybersecurity.
Security Alert: Recent Data Breaches and Cyberattacks
02/14/2023
Hackers Target Bahrain Airport, News Sites To Mark Uprising
Hackers said they had taken down the websites of Bahrain’s international airport and state news agency today to mark the 12-year anniversary of an Arab Spring uprising in the small Gulf country. A statement posted online by a group calling itself Al-Toufan, or “The Flood” in Arabic, claimed to have hacked the airport website, which was unavailable for at least a half hour in the middle of the day. It also claimed to have taken down the website of the state-run Bahrain News Agency, which was sporadically unavailable. The same group appears to have hacked and changed articles on the website of Akhbar Al Khaleej, a pro-government newspaper in Bahrain, hours earlier. The newspaper’s website was still down today at the time of reporting. Full Story
Source: Associated Press
02/13/2023
Several NATO Websites Suffer A Cyber Attack
Several NATO websites have suffered a computer attack on Sunday night, leaving the NATO Special Operations Headquarters website, among others, temporarily inoperative. "NATO cyber experts are actively dealing with an incident affecting some NATO websites. NATO deals with cyber incidents on a regular basis, and takes cyber security very seriously," an Atlantic Alliance official told DPA news agency. The comment has come after reports posted on social networks suggested that pro-Russian hackers had attacked the website of NATO's Special Operations Headquarters (NSHQ) and others, making it temporarily inaccessible. Among the possible attackers, the aforementioned reports detail, could be the Russian hacker group Killnet. Full Story
Source: Europa Press
02/13/2023
Pepsi Bottling Ventures Reports Security Incident To Law Enforcement
A security incident notification states "On Jan. 10, 2023, Pepsi Bottling Ventures learned that unauthorized activity was reported on certain of our internal IT systems." The letter is signed by Derek Hill, its president and CEO. "Based on our preliminary investigation, an unknown party accessed those systems on or around Dec. 23, 2022, installed malware, and downloaded certain information. The last known date of unauthorized IT system access was Jan. 19, 2023. We reported the incident to law enforcement. The impacted information varies by individual and may have included: first and last names; home address; email address; financial account information' state and government issued identification such as driver license numbers; ID cards; social security numbers and passport information; digital signatures; and information related to benefits and employment." Pepsi Bottling Ventures is the nation’s largest privately-held manufacturer, seller, and distributor of Pepsi-Cola beverages. Consumer Notification Letter
Source: Pepsi Bottling Ventures
02/13/2023
Highmark Health Suffers Phishing Attack, 300K Individuals Impacted
Highmark Health, national health and wellness organization as well as the second largest integrated delivery and financing system in the U.S., suffered a phishing attack that impacted 300,000 individuals. On Dec. 15, Highmark discovered that one of its employees was sent a malicious link that led to their email account being compromised for two days. The threat actor potentially accessed emails containing protected health information. The information contained in the email account included names, enrollment information, prescription and treatment information, financial information, addresses, and phone numbers. “The mailbox was immediately shut down, network blocking was implemented, passwords were reset, and the enterprise will continue to enhance email security controls. Additional training and education has been provided to employees” Highmark Health said. Full Story
Source: Health IT Security
02/11/2023
Digital Rights Defenders Infiltrate Alleged Mercenary Hacking Group
Cooper Quintin has been tracking the activities of a cyber mercenary group called Dark Caracal for years. On Jul. 28, 2022, he discovered traces of a new ongoing hacking campaign by the group in the Dominican Republic and Venezuela. While analyzing the domains that the hackers were using as command and control servers, he made a surprising discovery. “For more than four months, they hadn’t realized that they had forgotten to register one of the key domains listed in their malware,” Quintin, a senior security researcher at the digital rights group Electronic Frontier Foundation, told TechCrunch. Quintin realized that if he could register the domain and take control of it — a mechanism called sinkholing in cybersecurity lingo — he could get a real-time view into the hackers’ action and, their targets. He got the green light and effectively infiltrated Dark Caracal’s hacking operation. Full Story
Source: TechCrunch
02/11/2023
Maine Gov’t Says State Systems Were Not Breached Despite Hacking Group’s Claims
Maine government officials denied that a notorious hacking group breached their systems after the gang boasted of stealing information this week. The GhostSec hacking group posted to Telegram on Thursday claiming that they stole 40 GB of data from Maine’s government websites. The group provided a zip file of the data they stole. But Sharon Huntley, director of communications for Maine’s Department of Administrative and Financial Services, said their IT team confirmed that the group simply downloaded public-facing information that is available on Maine’s Department of Environmental Protection (DEP) website. Fictitious hacks of state-level agencies in the U.S. have become more and more common in the last few years as groups attempt to make a name for themselves with outlandish claims. Full Story
Source: The Record
02/11/2023
Kimmel Center, Philadelphia Orchestra Websites Hit By Cyberattack
A cyberattack yesterday crippled ticket sales and ticketing functions at the city’s largest arts presenter. Websites for the Kimmel Center and Philadelphia Orchestra were down, and patrons were left with scant information about the exact nature of the disruption. The attack comes as Philadelphia arts groups would be selling seats to spring shows. The cyber incident left the Philadelphia Orchestra, the Kimmel’s Broadway series, Philadelphia Ballet, Philadanco, and other groups unable to sell ticket sales or conduct other transactions. A cyberattack in December halted ticket sales at the Metropolitan Opera for nine days before operations could be restored. It is not clear when normal ticketing operations might resume. Full Story
Source: The Philadelphia Inquirer
02/11/2023
Indigo's 'Cybersecurity Incident' Stretches Into Weekend, Website Still Offline
Indigo Books & Music Inc. is dealing with what it calls a "cybersecurity incident" that has affected customer orders in-store and online. It started at the Toronto-based retailer this past Wed., Feb. 8. As of today, Indigo's website is still offline. "We are working with third-party experts to investigate and resolve the situation," the company said in a message posted on its website. "Our hope is to have our systems back online as soon as possible." Indigo says it can't process electronic payments, accept gift cards or deal with returns. The company is responding to concerned customers via social media channels, and saying it is trying to "understand if customer data has been accessed." Full Story
Source: CBC
Ransomware at Large: Current and Recent Incidents
02/14/2023
Regal Medical Group Ransomware Attack Affects 3.3 Million Patients
Regal Medical Group, a San Bernardino, Calif.-based affiliate of the Heritage Provider Network, announced that it was attacked with ransomware. On Dec. 2, 2022, employees experienced difficulty accessing data. Third-party cybersecurity experts were engaged to investigate and assist with the breach response and confirmed that malware had been used to encrypt files on some of its servers. The forensic investigation confirmed that the attackers exfiltrated files before the ransomware was deployed. The files contained the protected health information of patients of Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical. The information includes names, phone numbers, addresses, dates of birth, some medical history, health plan member numbers, and Social Security numbers. 3,300,638, individuals have been affected. Full Story
Source: HIPAA Journal
02/13/2023
Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin
The Israel Institute of Technology in Haifa said yesterday that its computer servers had been targeted by a cyberattack. Also known as the Technion, the institute's website went down and students were asked to log off. According to the Walla news site, the cyberattack was carried out by a group called Darkbit, which demanded 80 bitcoins from Technion, which is equivalent to $1,747,971. Technion, which is the flagship of scientific research in Israel and trains thousands of high-level engineers every year, apologized for the incident. "Technion was hacked. The hackers punished us for the 'apartheid' regime. All systems are not accessible and we have lost our data. Our most sincere apologies to all colleagues, partners and those who trust us," Technion said on its LinkedIn account. Full Story
Source: i24 News
02/11/2023
AmerisourceBergen Confirms Ransomware Attack On Its MWI Animal Health Subsidiary
Wholesale drug giant AmerisourceBergen confirmed a ransomware attack following its name being added to the Lorenz ransomware group’s extortion site. The healthcare and pharmaceutical company confirmed the attack stating that the systems of its subsidiary were compromised. Boise, Idaho-based MWI Animal Health was hacked by the Lorenz ransomware gang. The date of exfiltration mentioned on the extortion site of the Lorenz ransomware group’s post was Nov. 1, 2022, while the data was reportedly posted recently. It is speculated that a data leak notice on the Lorenz group’s extortion site could be a result of the denial of the ransom payment. MWI Animal Health is the cornerstone business of the AmerisourceBergen Animal Health collection of companies. Full Story
Source: The Cyber Express
The Cryptocrime Scene: A Summary of recent incidents and developments
02/14/2023
UK To Take Action Against Unregistered, Illegal Cryptocurrency ATMs
The United Kingdom’s financial regulator, Financial Conduct Authority, is coming for unregistered cryptocurrency automated teller machines. The FCA and the cyber team at West Yorkshire Police have taken action against several sites in and around Leeds city suspected of hosting illegally operated crypto ATMs. The FCA emphasized that no crypto ATM operators in the U.K. currency have FCA registration. The authority stated that all crypto exchange providers — including crypto ATM operators — must be registered with the FCA and comply with the U.K. money laundering regulations. “Unregistered crypto ATMs operating in the U.K. are doing so illegally,” FCA’s executive director of enforcement Mark Steward said, adding that the regulator will continue to disrupt unregistered crypto businesses in the country. Full Story
Source: Cointelegraph
02/13/2023
MetaMask Issues Scam Alert As Namecheap Hacker Sends Unauthorized Emails
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through Namecheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company Namecheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an “email gateway issue.“ In an alert, MetaMask reminded its million followers that it does not collect Know Your Customer (KYC) information and will never reach out over an email to discuss account details.The phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting a secret recovery phrase “to keep your wallet secure.” The wallet provider advised investors to refrain from sharing seed phrases, as it hands complete control of the user’s funds to the hacker. Full Story
Source: Cointelegraph
02/13/2023
Wormhole Hacker Moves $46 Million Of Stolen Funds
The stolen crypto from one of the industry’s largest exploits is on the move once more, with on-chain data revealing that another $46 million in stolen funds has just been transferred from the hacker’s wallet. Wormhole’s token bridge was exploited in February 2022, resulting in the third-largest crypto hack last year. Wrapped ETH (wETH) worth approximately $321 million was stolen in the attack. According to blockchain security firm PeckShield, the hacker’s associated wallet has again gotten active, transferring $46 million in cryptocurrency. This consisted of approximately 24,400 Lido Finance-wrapped Ethereum staking token (wstETH) worth around $41.4 million and 3,000 Rocket Pool Ethereum staking token (rETH) worth around $5 million that was transferred to MakerDAO. Full Story
Source: AMB Crypto
Cybercriminals Brought to Justice: Current and Recent Arrests and Convictions
02/14/2023
Russian Cryptocurrency Money Launderer Pleads Guilty
On Feb. 6, a Russian cryptocurrency money launderer previously extradited from the Netherlands to face charges in the U.S. pleaded guilty in federal court. Denis Mihaqlovic Dubnikov, 30, pleaded guilty to one count of conspiracy to commit money laundering. According to court documents, between at least Aug. 2018 and Aug. 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the U.S. and abroad. After receiving ransom payments, Ryuk actors, including Dubnikov and his co-conspirators, engaged in various financial transactions, including international financial transactions, to conceal the nature, source, location, ownership, and control of the ransom proceeds. Conspiracy to commit money laundering is punishable by up to 20 years in federal prison, three years’ supervised release, and a fine of $500,000. Dubnikov will be sentenced on Apr. 11. Full Story
Source: U.S. Department of Justice
02/10/2023
Digital Rights Activist Ola Bini Declared Innocent By Ecuadorian Court
Swedish software developer and digital rights activist Ola Bini was acquitted of charges of hacking a computer on Jan. 31 by a court in Quito, Ecuador. The activist was acquitted unanimously by a tribunal of three judges after delivering a nearly 4.5-hour-long statement. Bini has faced persecution from the Ecuadorian state since 2019, and the legal proceedings against him have been marred by irregularities. Bini was arrested in Quito on Apr.11, 2019, the same day his friend, WikiLeaks founder Julian Assange, was dragged out of the Ecuadorian Embassy in London and arrested. Bini was released after 70 days in prison. Bini was accused of participating in efforts to politically destabilise the Lenin Moreno government in Ecuador, presumably because of his close ties to Assange. Full Story
Source: Peoples Dispatch
The Cybercrime and Privacy Landscape: A Summary of Recent Developments and News
02/14/2023
Louisiana Legislative Auditor Finds Hacker Stole $64K From City Of Westlake
The Louisiana Legislative Auditor found in its independent audit of the City of Westlake that the city was the victim of an email hack in 2022. The audit says a hacker was able to access emails between the city’s accounting staff and a vendor and then used copies of unpaid invoices totaling $64,267.90 to request immediate payment of them. The city reportedly failed to verify that the email had come from a legitimate vendor before making the payment. An investigation into this incident was ongoing at the time the report was released. In addition to the email hack, the auditor also found that the city’s budgeting procedures were inadequate, with revenues being under budget by 5 percent and expenses being over budget by 5 percent. Full Story
Source: KPLC News 7
02/14/2023
Bridgewater-Raritan, New Jersey School District Reports Cyberattack
As hackers increasingly target schools in New Jersey and across the U.S., the employees of the Bridgewater-Raritan district are the latest victims. School officials confirm an "unauthorized actor" was able to gain access to employee's insurance enrollment information, including social security numbers. In a letter posted on the district website, school officials say suspicious activity was first detected on its computer network on Dec. 12. An external cybersecurity firm determined data containing the personal information of school employees, as well others enrolled in the health benefits plan, had been accessed. Letters did not go out to those potentially effected until over a month later, on Jan. 27. Full Story
Source: New Jersey 101.5
Don't forget to stay vigilant and cautious when it comes to emails and online activity. As we celebrate Valentine's Day and remember the infamous "I Love You" virus, it's crucial to be mindful of the links and attachments we click on. If you ever come across something suspicious or need assistance, our team is always here to help. Reach out to us for top-notch cybersecurity consultation services and keep your information safe from cyber threats. Stay protected! ❤️💻 #CybersecurityAwareness #StaySafeOnline #ValentinesDay