Weekly Cybersecurity Report | Week 25, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 25, 2024

Information security updates and events from the past week 

1 – The municipality of Arlington in Massachusetts reports that attackers managed to trick municipal employees while pretending to be a supplier and stole $445,000. 

According to the municipality, the attackers monitored the e-mail messages between the municipality and the provider for a period after breaking into several e-mail boxes. One day the supplier sent a message regarding the payment he should receive and then the attackers entered the picture. 

They used a domain very similar to that of the supplier and sent an email to the employee in the name of the supplier requesting to change the bank account details and from now on make bank transfers instead of the checks sent so far. For four months the municipality transferred payments to the attackers instead of the real supplier and only after the supplier complained that he did not receive the checks for the last few months did the municipality realize that they had fallen for a scam. 

2 – Japanese video sharing platform Niconico has been the victim of a cyber attack 

Japanese video sharing platform Niconico has suspended its services following a large-scale cyber-attack on June 8, 2024. 

“Due to the effects of a large-scale cyber-attack, Niconico has been unavailable since the early morning hours of June 8,” reads the incident notice released by the company. “We apologize for the inconvenience.” 

In response to the incident, the company suspended Niconico Family services such as Niconico Video, Niconico Live Broadcast, Niconico Channel, etc. The company also suspended Niconico account login on external services. 

3 – DDoS attacks targeting EU political parties as elections begin 

The activists carry out DDoS attacks on European political parties that represent and promote strategies contrary to their interests, 

European Parliament elections are already underway in the Netherlands and are set to begin in 26 other countries across the EU in the coming days, fueling politically motivated cyber-attacks. 

4 – The New York Times source code was stolen using an exposed GitHub token 

Internal source code and data belonging to the New York Times were leaked on 4chan after being stolen from the company’s GitHub repositories in January 2024. 

As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who torrented a 273GB archive containing the stolen data. 

“Essentially all the source code belonging to the New York Times Company, 270GB,” reads a post on the 4chan forum. 

https://www.bleepingcomputer.com/news/security/new-york-times-source-code-stolen-using-exposed-github-token/ 

5 – The Daixin attack group claims to have hacked into Dubai Municipality, encrypted thousands of servers and stolen information. 

The group posted Dubai Municipality on the leak site, threatening to release the stolen information if the ransom was not paid. 

According to the group, they managed to encrypt thousands of servers and a large part of the municipality’s backups and steal 60-80GB of information (“The information was stolen even though the Dubai Municipality invested a lot of resources in products to prevent information leakage…”) 

In addition to this, several other cyber incidents occurred around the world: 

🔺 The Japanese company Niconico, which provides a platform for sharing videos, reports that its computing services have been shut down due to a cyber-attack. It is one of Japan’s largest video sharing companies with 89 million active users. 

🔺 The national postal service in Vietnam was shut down for several days due to a ransomware attack. 

🔺 The LendingTree company reports that information was leaked following the “hack” to the Snowflake company (we will see quite a few more such messages soon). 

🔺 The crypto project UwU Lend reports the theft of digital currencies worth about 20 million dollars. Claims to have repaired all the customers whose money was stolen. 

🔺 Two citizens in Great Britain were arrested after they set up a pirate antenna through which they sent thousands of phishing messages while evading the filtering of the country’s communications providers. 

🔺 The chain of medical centers Special Health Resources reports disruptions in the current activity due to “technical problems”. This is a ransomware attack carried out by the Blacksuit group. 

The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.