Weekly Cybersecurity Report | Week 6, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 6, 2024

1 – Mercedes-Benz accidentally disclosed sensitive data, including source code

RedHunt Labs researchers discovered that Mercedes-Benz inadvertently left a private key accessible on the Internet, exposing internal data, including the company’s source code. It is unclear whether the data leak exposed customer data.

RedHunt Labs shared its findings and notified the automaker. The security firm discovered that an authentication token belonging to a Mercedes employee was left exposed in a public GitHub repository. The discovery was made during a routine Internet scan in January.

https://securityaffairs.com/158306/data-breach/mercedes-benz-data-leak.html

2 – The Lockbit group broke into a children’s hospital in Chicago and demands a ransom.

Basically, it goes against the rules that Lockbit published in the past – so, it claimed, that it does not attack hospitals… Today it claims that if they have money for computers then they have money to pay a ransom.

3 – Schneider Electric Corporation suffers from a ransomware attack carried out by the Cactus attack group

Schneider Electric is an international corporation for products in the field of production, transmission and control of power supply system’s originating and centered in France. As of 2019, the company had revenues of approximately 27 billion euros and employs approximately 155,000 people worldwide.

Some of the company’s systems are disabled and according to various reports it seems that the attackers stole a lot of organizational information.

The Cactus Group has not yet published Schneider on the leak site, which apparently indicates ongoing negotiations between the parties.

4 – Football Australia data leak exposes player contracts and fans’ personal details

Passports, player contracts and more have been available online for almost two years due to a Football Australia (FA) data breach that cyber security researchers say includes information on every Australian fan and customer of the governing body.

The leak was discovered when keys to the FA’s storage server were hardcoded into an HTML page of the FA website.

They had access to 127 “buckets” of FA data on Amazon Web Services, which included data such as players’ personally identifiable information, ticket purchases and details and code about the FA’s digital infrastructure.

https://www.theguardian.com/sport/2024/feb/01/football-australia-data-leak-breach-exposes-players-contracts-fans-personal-details

5 – The Malaysian telecom provider Aminia was hit by a pro-Israeli cyber attack

The pro-Israeli hacktivist group, R00TK1T ISC Cyber Team, turned to Malaysian entities, marking their first cyber-attack on Aminia.

The group claims to have compromised the portals of Aminia’s managed WiFi and billing services, suggesting a potential data breach. The attack followed the group’s threat to damage the internet infrastructure in Malaysia.

The hacktivist group posted a message on the affected portal, warning Aminia of the coming hit and exposing vulnerabilities within the company.

The telecom provider Aminia provides diverse services and systems for effective analysis by artificial intelligence. In cooperation with world leaders, Aminia offers GPON, FiberLan, Wi-Fi and more.

https://thecyberexpress.com/cyberattack-on-aminia-cybersecurity-incident/amp/

6 – DDoS attacks on Tekken 8 game

Since its last launch, the game has faced an unexpected adversary – DDoS attacks.

Unfortunately, this is not an isolated case; More recently, other notable games such as Diablo 4 and Destiny 2 have faced similar challenges, highlighting the pervasive nature of this cyber threat.

In the context of Tekken 8, players and streamers have reported instances where their gameplay or live streams have been abruptly stopped due to these attacks.

https://dataconomy.com/2001/24/29/tekken-8-ddos-attacks/

7 – 314,000 patients were affected by a cyber-attack on the CompleteCare Health network

A health system serving patients in southern New Jersey, CompleteCare Health Network, recently confirmed that the protected health information of 313,973 patients may have been compromised in a ransomware attack in October 2023.

An unauthorized third party gained access to certain CompleteCare Health Network computer systems and attempted to use ransomware to encrypt files.

CompleteCare Health Network said it was a sophisticated ransomware attack that was detected and stopped on or around October 12, 2023.

Third-party cybersecurity experts were hired to investigate the attack and determine the nature of any unauthorized activity, and whether any patient data was involved.

https://www.hipaajournal.com/completecare-health-network-data-breach/

8 – King Charles hires expert on £75,000 salary to prevent cyber-attacks on royal family

King Charles is hiring a £75,000-a-year technology expert to protect Buckingham Palace’s computer systems from cyber-attacks.

The successful candidate will head a team that will ensure cyber security for the royal family, and they will work closely with agents at the government’s National Cyber Security Center.

As part of the job, they will also have to encourage all 800 staff at the royal residence to be aware of the threat. They will have to be “calm under pressure”, good at identifying risks, and provide good and cheap options to solve them.

The specialist will work 37 and a half hours per week along with 25 vacation days per year and benefits such as an allowance of 15% employer contribution. The selected candidate will also receive free entry to all Royal Palaces and a 20% discount at Royal Collection Trust stores.

https://www.mirror.co.uk/news/royals/king-charles-hiring-75000-year-31990587

9 – New leaks reveal a network of Iranian intelligence and cyber companies

New evidence shows that Iran’s intelligence and military services are linked to cyber activity targeting Western countries through their network of contractor companies.

A series of long-running leaks and doxxing efforts led by anti-Iranian activists and dissident networks exposed a complex network of entities linked to the Islamic Revolutionary Guard Corps (IRGC) involved in cyberattacks and information manipulation campaigns.

Cyber threat intelligence provider Recorded Future discusses some of the findings in a new report, published on January 25, 2024.

It was found that at least four intelligence and military organizations associated with the Revolutionary Guards communicate with most of the parties in the cyber field.

https://www.infosecurity-magazine.com/news/leaks-iran-intelligence-cyber/

10 – Websites of President, Mtavari TV, Formula TV and SovLab were affected by cyber attacks

On January 25 and 26, the websites of Mtavari TV and Formula TV, as well as the website of the Georgian president, were reportedly attacked.

Earlier on January 23, the Soviet Historical Research Laboratory (SovLab), a civilian organization investigating Georgia’s Soviet past, also reported a “coordinated” cyber-attack from Russia.

According to the RFE/RL-Georgian Service, upon entering the president’s website, a message appeared that read “hacked by COZY BEAR, glory to Russia.” The caption has been removed from the president’s website; however, it remains inactive as of 12:30 p.m., January 26, 2024.

According to estimates, the Russian hacker group “Cozy Bear” is connected to Russian intelligence.

https://civil.ge/archives/579092

11 – The Ukrainian energy giant, postal services, and transportation agencies were affected by cyber attacks

Several Ukrainian state-owned critical infrastructure companies reported cyber-attacks on their systems on Thursday.

Among the victims is the largest oil and gas company in Ukraine, Naftogaz. According to its statement, hackers attacked a data center. As of the time of writing, the Naftogaz website and call centers are not active.

Ukraine’s Cyber Security Agency said it was investigating the incident but did not provide further details. A Naftogaz spokesman said in a statement that the company’s experts are currently working to resolve the incident and will provide comments on the attack later.

https://therecord.media/ukraine-cyberattacks-energy-postal-transportation

12 – Sweden’s Riksbank appeals to the police following a cyber-attack that harms the IT company

Sweden’s central bank filed a police report after some of its IT systems were rendered inaccessible by a ransomware attack that has crippled customers of Finnish software firm Tietoevry Oyj since late last week.

The Riksbank’s HR and payroll systems were still down on Thursday following the attack, according to the spokesman. Numerous government agencies and private companies in Sweden were affected, including the country’s parliament and its largest cinema chain.

https://www.bloomberg.com/news/articles/2024-01-25/sweden-riksbank-turns-to-police-after-ransomware-hits-tietoevry

 

The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.