As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a comprehensive overview of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 49, 2023
1 – Iranian attack group which attacks using Wiper-type malware
The National Cyber Array has identified the activity of an Iranian attack group which attacks using Wiper-type malware, wiping out servers and workstations.
To identify the attack in your organization and prevent it:
2 – Home Center in an alarming message to customers: “Under a terrorist cyber attack”
Home Center informed its customers: “Dear customers, unfortunately, the chain’s website is under a cyber terrorist attack. The branches are open for you, we would be happy for you to come and enjoy various leading products and promotions, thank you for your support and sacrifices.”
https://www.ice.co.il/digital-140/news/article/988628
3 – Denmark experienced the largest cyber attack in its history
Hackers potentially linked to Russia’s GRU chief intelligence directorate have carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the country’s biggest cyber incident.
The SektorCERT, a non-profit cybersecurity center for critical sectors in Denmark, reported that attackers gained access to the systems of 22 companies that monitor various components of the Danish energy infrastructure in May. The report published on Sunday said the hackers exploited zero-day vulnerabilities in Zyxel firewalls, which many Danish critical infrastructure operators use to protect their networks.
The firewall vulnerabilities, first reported in April and tracked as CVE-2023-28771, allow attackers to gain remote access to industrial control systems without authentication. SektorCERT described the cyberattack as “miraculous” due to its meticulous planning and coordination and said the threat actors had demonstrated an ability to identify companies with vulnerable devices and simultaneously plan a campaign against the targeted companies.
https://www.bankinfosecurity.com/denmark-hit-largest-cyberattack-on-record-a-23584
4 – Hackers breached Booking.com, one of the world’s largest online hotel booking sites, by impersonating hotel staff to steal credit card details from travelers making reservations.
Booking.com headquarters in the Netherlands admitted that the damage was happening on a global scale.
After learning that the stolen card information could have been used to make illegal purchases, the company said, “it is working to return the money for the affected customers.”
The Booking.com website and app require hotels and travelers to use their IDs and passwords for access.
According to the company, as well as reports from several local hotels, the phishing scam began after someone posing as a traveler sent an email written in English to the hotels.
The email contained a link that, when clicked, caused a virus infection, allowing the hacker to fraudulently obtain hotel IDs and passwords when accessing Booking.com.
The hackers then used these credentials to gain unauthorized access to Booking.com and send messages to travelers posing as hotel employees.
The messages falsely claim that “prepayment is required,” and then force travelers to enter their credit card number and other details on a fake Booking.com – like website to steal the information.
https://www.asahi.com/sp/ajw/articles/15055042
5 – Australia locks down ports after “nationally significant” cyber attack.
Australia says it is responding to an ongoing cyber attack targeting major ports, prompting operator DP World to limit network access on Saturday temporarily.
The operator closed four ports in Sydney, Melbourne, Brisbane, and Fremantle after detecting a cyber security incident late on Friday night. DP World is responsible for 40% of Australia’s ocean freight.
https://au.news.yahoo.com/australia-locks-down-ports-nationally-095725266.html
6 – The group of Russian hackers Sandworm causes a power outage in Ukraine due to missile strikes
The Russian hackers known as Sandworm attacked an electrical substation in Ukraine last year, causing a brief blackout in October 2022.
The findings come from Google’s Mandiant, which described the hack as a “multi-event cyberattack” leveraging a new technique to affect industrial control systems (ICS).
The actor first used OT-level living-out-of-earth (LotL) techniques to trip the victim’s circuit breakers, causing an unplanned power outage that coincided with mass missile strikes on critical infrastructure across Ukraine,” the company said.
https://thehackernews.com/2023/11/russian-hackers-sandworm-cause-power.html?m=1
7 – The Industrial and Commercial Bank of China was hit by a ransomware attack
The Industrial and Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the US Treasury market, causing stock clearing problems.
As first reported in the Financial Times, members of the Securities Industry and Financial Markets Association were notified of the incident on Thursday.
Because of the attack’s impact on its systems, the Chinese commercial bank could not settle US Treasury transactions for other market participants.
8 – Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it has detected unauthorized access to some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing vehicle financing to its customers.
Earlier today, the Medusa ransomware gang listed TFS as its data leak site on the dark web and demanded a payment of $8,000,000 to delete data allegedly stolen from the Japanese company.
9 – Hackers claim serious data breach at smart Wi-Fi provider Plume
Smart Wi-Fi service provider Plume has fallen victim to a data breach. The perpetrators, who took responsibility for the incident, published their message in the well-known infringement forums.
This is the same forum where, in the last few days, we watched the data leak of a database of LinkedIn users, which includes 35 million entries and two databases from Chess.com.
Palo Alto, Calif.-based Plume is a SaaS (software-as-a-company) platform that offers users artificial intelligence security, smart Wi-Fi services, and cloud management, and has footprints in more than 45 countries, covering 55 million homes and small businesses. business
The attackers now claim to have stolen over 20GB of the company’s Wi-Fi database with over 15 million rows of information. Plume, however, did not confirm the news, stating that it is aware of the attackers’ claims and has launched an investigation to verify these claims.
https://www.hackread.com/hackers-smart-wi-fi-provider-plume-data-breach/#google_vignette
The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.