As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 7, 2024
1 – Attackers managed to steal 25 million dollars from an international company after a video meeting faked using Deep Fake
An employee of the international company, based in Hong Kong (the company’s name was not published), received a phishing email from the finance director where he was told that a money transfer needed to be made, the employee feared that it was a malicious email but saw that there was also a summons to a video call with all the relevant people and decided to come up to talk.
The employee went to the video meeting where, except for him, all the other employees were faked using Deep Fake, including the finance manager.
During the meeting, the fake finance manager instructed the employee where and how to make the transfers and the employee did make 15 different transfers amounting to $25 million.
It took several days for the employee to realize that he had been defrauded, after he asked other company officials about the transfer.
2 – Ransom and communication – The Medusa group advertises the Digital company that provides cellular services in Venezuela.
According to Medusa, Digitel has 5 million customers, the ransom is $5 million.
3 – The Trigona Group advertises the Claro communications company that provides cellular services in 18 countries in South America.
The company reports that following the attack it is forced to disable and isolate some of the systems.
4 – The AlphV group announced this week that it hacked the Technica company that provides IT services to US government entities, including the FBI.
The group claimed that it has 300GB of information, including sensitive government information that it will publish soon.
5 – Hackers broke into AnyDesk servers and stole source code and keys
Effects of the attack is access to sensitive customer information, counterfeiting of AnyDesk software.
The company’s recommendation is to reset user passwords and update software and increased vigilance
Uncracked versions:
* 7.0.13 and above.
* 6.15.5 or higher (32-bit).
* 5.11.4 or higher (64-bit).
6 – Chinese hackers hid in the US infrastructure network for 5 years
China’s Volt Typhoon cyber espionage group penetrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI and partner Five Eyes agencies.
Volt Typhoon hackers are known to widely use “life off the ground” (LOTL) techniques as part of their attacks on critical infrastructure organizations.
They also use stolen accounts and leverage strong operational security, which allows them to avoid detection and maintain long-term persistence on compromised systems.
7 – 3 million smart toothbrushes were used in a DDoS attack.
It sounds more like science fiction than reality, but Swiss newspaper Aargauer Zeitung reports that around three million smart toothbrushes have been hijacked by hackers to launch a distributed denial of service (DDoS) attack. The innocent gadgets that became soldiers in the botnet army – knocked out a Swiss company for a few hours and caused damages of millions of euros.
While details are scarce, it is known that the affected toothbrushes ran Java, a popular language for Internet of Things (IoT) devices. Once infected, a global network of malicious toothbrushes launched their successful attack.
The toothbrushes achieved this by flooding the Swiss site with fake traffic, effectively knocking out services, disabling them and causing widespread disruption.
8 – Verizon internal data breach affects more than 63,000 employees
Verizon Communications warns that an internal data breach is affecting nearly half of its workforce, exposing sensitive employee information.
A data breach notification shared with the Maine Attorney General’s Office reveals that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.
The company discovered the breach on December 12, 2023, nearly three months later, and determined it contained sensitive information of 63,206 employees.
9 – Cameroon’s electricity company suffers from a cyber attack
Cameroon’s electricity company, Eneo, has warned that it is suffering from a cyber attack that occurred on January 29 and significantly destroyed its computer system.
The company did not provide details about the intrusion, but did say that some apps were disabled as a precaution and to enable measures to secure their system. Prepaid and warranty operations were significantly affected.
Learn more here: https://itweb.africa/content/8OKdWqDXArbqbznQ
10 – A Chicago hospital reports a cyber security incident this week
Saint Anthony Hospital in West Chicago confirmed that hackers gained access to the hospital’s computer network in December. The hospital stated that some patient files were copied.
Investigators were still working to discover the full extent of the security breach as of Friday.
Last month, an investigation involving law enforcement and cybersecurity experts confirmed that some patient information files were copied on December 18.
The hospital says that it is working to “examine existing policies and procedures and implement additional ones as needed.”
Learn more here: https://www.cbsnews.com/chicago/news/chicago-hospital-cybersecurity/
11 – The popular Australian health brand Elite Supplements falls victim to a cyber attack
Customers of a popular supplement brand have been warned that their personal information has been compromised after the company was hacked.
Elite Supplements notified its customers in an email that the company was under a cyberattack, which caused “one or more unknown parties to gain access” to some online customer data.
The company first became aware of the possible breach on January 30 and ‘took the breach very seriously’ before notifying its customers shortly after 6pm on Saturday.
However, customers were assured that no credit card, sensitive payment data or passwords were compromised.
Instead, the hackers gained access to the names, shipping addresses, email addresses and phone numbers of online customers.
12 – Hackers reveal a vulnerability in the Airbus EFB application, which compromises aircraft data
Cyber security researchers at penetration testing company Pen Test Partners have been testing the security of various electronic flight bags (EFB), IoT and vehicles for several years. Due to their extensive research, a fault in the Flysmart+ Manager package from Airbus was identified and addressed 19 months after the initial exposure.
Airbus-owned IT services provider NAVBLUE has developed the Flysmart+ Manager app for iPad, which synchronizes and installs airline data in other apps, including EFBs.
According to a report by Pentestpartners, this app has security controls disabled, allowing it to communicate with servers using insecure methods, which could allow an attacker to change aircraft performance data or adjust airport information.
The attacks highlighted in this report aren’t just incidents; they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.