As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 47, 2024
Information security updates and events from the past week
1 – A Chinese attack group called SilkSpecter has set up a cybersecurity attack of thousands of phishing sites impersonating well-known brands to steal your credit card.
The Chinese group has set up around 5,000 malicious sites impersonating the sites of major brands but adding the words Blackfriday to the domain to make users think that this is a site dedicated to November sales.
If a user makes a purchase on such a site, they lose the purchase amount, which goes to the attackers, but in addition, the attackers also steal the credit card number with all the associated details.
Please note – it is likely that these sites will also be promoted by the attackers on Google, Facebook, etc.
2 – A threat actor using the alias ‘nears’ claimed to have attacked multiple healthcare facilities in France, claiming to have access to the patient records of over 1,500,000 people.
The hacker claims they hacked MediBoard by Software Medical Group, a company that offers electronic patient record (EPR) solutions across Europe.
Softway Medical Group confirmed that the hackers had hacked the MediBoard account. However, they noted that this was not the result of software vulnerability or misconfiguration on their part, but rather using stolen credentials used by the hospital.
3 – One of the world’s largest food retailers, Ahold Delhaize, is facing a cyberattack
The company that operates several supermarkets, pharmacies and e-commerce sites in the US, including Food Lion, Giant Food, Hannaford, Stop & Shop and The Giant Company is facing a ransomware attack and cannot deliver goods to parking lots
The company serves more than 63 million customers each week, who report empty shelves and have nothing to buy, just days before Thanksgiving
4 – Financial technology company Finastra is investigating a large-scale data theft from its internal file transfer platform.
The company, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after the attacker began selling more than 400 gigabytes of data stolen from the company.
5 – Ford has launched an investigation after hackers claimed to have stolen customer information.
The well-known hacker the infamous IntelBroker and a hacker named EnergyWeaponUser made the claims in a post on the BreachForums forum on November 17.
They claim to have targeted Ford this month and have allegedly obtained 44,000 customer records, including names, physical addresses and product purchase information.
A sample of data released by the hackers suggests that “customers” may not refer to end users, but rather to dealerships that sell Ford vehicles. The sample shows the addresses of various car dealerships from countries around the world.
While the information – based on its format – appears to have come from an internal database, it does not appear to be sensitive because dealer addresses are public information. It is unclear whether the attackers have more sensitive data.
https://www.securityweek.com/ford-investigating-potential-breach-after-hackers-claim-data-theft/
6 – Hackers have breached US satellite manufacturer Maxar Space Systems and accessed personal data belonging to its employees, the company said in a statement to those affected.
Maxar Space Systems says the attacker likely had access to a system that contained the following employee information – name, home address, social security number, business contact information, gender, employment status, employee number, job description, start/end and start dates.
The company clarified that no bank account details were exposed in the cybersecurity incident.
7- Great Plains Regional Medical Center in Oklahoma is notifying more than 133,000 people that their personal information was compromised in a cybersecurity ransomware attack.
The public health system discovered the attack on September 8, 2024, when ransomware was deployed, but the attackers had access to its systems for at least three days prior.
According to the medical center, the attackers accessed and encrypted certain files between September 5 and September 8, extracting information from its systems.
“We learned that the attacker copied some of these files. We quickly restored our systems and returned to normal operations, but we also determined that a limited amount of patient information was irrecoverable,” Great Plains Medical Center said in an incident statement.
The information that was compromised, the hospital explained, included names, driver’s license numbers, social security numbers, demographic information, health insurance information, and diagnostic and medication information.
8 – T-Mobile confirms it was hacked in latest wave of media hacks by China
T-Mobile confirms it was hacked in a recent wave of reported telecom breaches by Chinese threat actors to gain access to private communications, call records and law enforcement information requests.
“T-Mobile is closely monitoring this attack, and at this time, T-Mobile systems and data have not been materially impacted, and we have no evidence of any impact to customer information,” T-Mobile told the Wall Street Journal, which first reported the breach.
“We will continue to monitor this closely, working with industry peers and relevant authorities.”
9 – 122 million people’s data leaked from DemandScience
It has been confirmed that the business contact information of 122 million people who moved since February 2024 was stolen from the B2B platform.
The data comes from DemandScience (formerly Pure Incubation), a B2B data aggregation company.
Data aggregation is the process of collecting and organizing data from public sources to create a comprehensive dataset that is valuable to digital marketers and advertisers in creating rich “profiles” used for lead generation or marketing information.
In the case of DemandScience, the firm collected business data from public sources and third parties, including full names, physical addresses, email addresses, phone numbers, job titles and functions, and social media links.
In February 2024, a threat actor named ‘KryptonZambie’ began selling 132.8 million pieces of data on BreachForums, claiming it was stolen from an exposed system belonging to Pure Incubation.
The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
