The one group of people who never settle is cyber attackers. The list of attacks on organizations and individuals is only expanding, and the holiday season is the bonus these malicious actors await. The following are some of the latest updates from the cybersecurity realm
Data Breach Hits Ho Mobile
The threat intelligence analyst @Bank_Security (Twitter) has identified a database on the dark web that belongs to Ho Mobile. Since SIM swapping attacks are rampant in Italian underground communities, Bank Security notified users of the breach at Ho Mobile – the Italian mobile service provider from Vodafone Enabler Italia. The leaked Ho Mobile database contains the PII of 2,500,000 customers and other related data which can be used for SIM swapping attacks.
The adversaries have shared a sample with data belonging to 10 Ho Mobile customers. Although the attacker hasn’t disclosed the price yet, the whole database is up for sale, and interested buyers can bid for it. The threat actor further added that only the phone number and ICCID are needed for sim swapping attacks. Unless the network operator provides new SIM cards to all 2,500,000 customers, cybersecurity tools remain ineffectual.
However, the official statement from Ho Mobile rejects the possibility of such a data breach. It says that there is no evidence to prove the unauthorized access of its IT infrastructure. But customers are advised to resort to email protection despite Ho Mobile’s reassuring statement.
Four APT Groups Use Pegasus To Target iMessage In iPhone
Four nation-state-backed APT (Advanced Persistent Threat) groups have used the spyware Pegasus to exploit a zero-day vulnerability in the iMessage feature for iPhones. These APT groups are believed to be associated with Middle Eastern countries. The attack dates back to July and August when the malware was used to compromise 36 Al Jazeera journalists’ phones.
The threat actors employed an invisible zero-click exploit called KISMET to compromise the FaceTime or iMessage notifications or messages. Four servers were used in the attack – Sneaky Kestrel, Monarchy, Center-1, and Center-2. Experts advise organizations and individuals to take ransomware protection seriously and implement 2FA.
Prolonged Breach At Kawasaki Heavy Now Under Control
A data breach was recently detected at Kawasaki Heavy Industries Ltd. Cyber adversaries from Japan illegally accessed the company server of Kawasaki Heavy (which produces aircraft and submarines for the Defense Ministry). A system audit at Kawasaki Heavy’s Thailand base revealed the unauthorized server access, which may have compromised its administrator identification and password.
What’s surprising is that third parties were accessing Kawasaki Heavy servers since September 2019. Company bases in the United States, Indonesia, and the Philippines, channeled the prolonged breach, which now is claimed to be resolved by the company. Kawasaki Heavy has taken necessary cybersecurity measures to mitigate the attack and deeply regret the data loss.
Nefilim Ransomware Gang Attacks Whirlpool
The notorious ransomware Nefilim attacked the home appliances giant Whirlpool in early December. Like all ransomware attacks of recent times, the threat actors stole files from Whirlpool’s database before encrypting their devices. And now, the attackers have published these stolen files on the dark web. The compromised details include records of accommodation requests, employee benefits, medical information requests, background checks, etc.
Soon after, Whirlpool confirmed the attack and notified its ransomware protection measures. They reassured the importance of data privacy in their organization and informed that their systems had been fully restored.
Time To Uninstall Flash Player
The New Year has begun, and letting bygones be bygones is the best way to ensure cybersecurity. This holds for Flash Player as well, which reached its end of life on 1st January 2020. Adobe is now notifying all Windows users to uninstall Flash Player lest cybersecurity tools fail to protect their system from the risks associated with Flash Player.
Experts say that if an individual isn’t using Flash content, then there is no point delaying Flash Player’s uninstallation. Although Adobe facilitates disabling the reminders to uninstall Flash via its EOLUninstallDisable, the setting shall become in-operational once Flash content stops working on 12th January.
GetSchooled Exposes 930k Children’s Records
The Bill & Melinda Gates Foundation and Viacom owned NPO – GetSchooled was recently found compromising the records of an estimated 930k children aged 10-16 years. Cybersecurity firm TurgenSec discovered the incident where GetSchooled had left a database unprotected online, which could be accessed and misused by anyone on the internet. TurgenSec had approached GetSchooled on 18th November but didn’t hear back from them.
Over a month, the security firm contacted and notified the NCSC, the Bill & Melinda Gates Foundation, and Viacom about the breach. The breach was at last fixed by GetSchooled on 21st December. The compromised PII included the names, addresses, schools, phone numbers, email addresses, age, genders, graduation details, etc., of children. However, GetSchooled has presented differing figures on the number of affected children. No financial details were exposed in the breach, which is some good news at least!
New Live-Stream Swatting Attacks In Town
The swatting incidents that created much havoc a few years ago are back with an online version where attackers hack US residents’ smart devices to live-stream swatting incidents. They hijack the audio and video home surveillance devices of residents who either reuse passwords leaked in a previous attack or use weak and easily decryptable passwords.
The US Federal Bureau of Investigation (FBI) warns of the adversaries’ method: they report a fake crime at the victim’s residence to law enforcement. While law enforcement reacts to the incident, the pranksters live-stream it on online community platforms.