FBI Recovers Decryption Keys, Chrome Reduces Cookies, Penguin Fans Breach – Cybersecurity News [June 03, 2024]

by DuoCircle

 

Here’s the latest scoop on cybersecurity news around the world with the FBI’s new LockBit decryptor, the new cookie storage update by Google for Chrome users, how Club Penguin users breached a Disney server, the New v3B phishing kit, and the hijacking of Microsoft India’s X account. Let’s dive in!

 

FBI Recovers 7,000 Lockbit Decryption Keys, Advises Ransomware Victims to Seek Assistance

The FBI is urging all victims of LockBit ransomware attacks to contact them after they obtained 7000 decryption keys that can be used to recover encrypted data.

The FBI officials have been disrupting the LockBit ransomware gang for quite a while and will now help victims get their online data with the help of over 7000 decryption keys that they have found. FBI started taking down the gang’s infrastructure in February this year with Operation Cronos, where they seized 34 servers that had the decryption keys- using which they have created a free LockBit 3.0 Black Ransomware decryptor that the victims of the gang can use to get their data for free.

The ransomware gang made away with over $1 billion in ransomware in 7000 attacks on organizations. And that too, between June 2022 and February of this year. The FBI’s operation was a huge win, but LockBit is still active and has switched to a new server and dark web portals. Ensuring ransomware protection is crucial to prevent such incidents in the future.

The US State Department and FBI have arrested and charged many members of the gang and also offers $10 million for any information that could lead to LockBit leadership members and $5 million for tips that lead to arrest of the gang’s affiliates. You can find all the information in the FBI’s keynote.

 

cyberattack

 

 

Google Chrome Minimizes Cookie Requests to Boost Performance

This week, Google shared details of a new Chrome feature that will change the way of requesting cookies and increase the performance of the search engine.

Single-process browsers managed cookies easily because all data is kept in the memory. But as new ones came, they focused on performance and security. As of early 2024, Chrome ran a new process for every window, so the method that handled the cookies had to deal with multiple queries, slowing things down. Google shared a blog post highlighting how they found this issue and also discovered that 87% of their cookies are redundant.

To fix this, they’ve come up with a new system, which they’re calling Shared Memory Versioning, so Chrome keeps a local copy of the cookie data and its version number instead of checking it again and again with the network service. Without the repeated requests, Chrome works faster.

The cookie access has sped up by 60%, and Google has seen a spike of 5% in the early tests.

 

Club Penguin Enthusiasts Breach Disney Confluence Server, Steal 2.5GB of Data

Fans of Club Penguin hacked a Disney Confluence server this week to steal information about the game but instead found 2.5 GB of internal corporate data.

Club Penguin was a multiplayer game with a virtual world that was available from 2005 to 2018. It was officially shut down in 2017, but the game continued to live on private servers and independent developers, even if the operators were arrested.

Now, a person posted a link to Internal PDFs on the 4Chan message board of the game. The link leads to a 415 MB archive that has 137 PDF files full of old internal information like emails, designs, documents, and character sheets. The data is about 7 years old and is mostly useful for fans of the game. However, this link with the data is only a small part of the original and bigger data set that has documentation for businesses, software, and IT projects that are used internally by Disney.

 


Breach Disney

 

The threat actors who breached Disney’s servers actually stole the organization’s corporate strategies, ad plans, Disney +, internal tools, business projects, and infrastructure data.

The Club Penguin data might be old, but the rest of the stolen information is new. Disney has not issued any statement regarding the news.

 

New V3B Phishing Kit Targets Customers of 54 European Banks

Threat actors are distributing a new phishing kit called V3B on Telegram.

The phishing kit is priced between $130-$450 per month and comes with a lot of features, localization options, live chat, evasion, and OTP/TAN/2FA support. Many cybercriminals are already using it to target customers of major financial institutions in multiple countries. It was discovered by Resecurity’s researchers, who also shared that over 1250 people are already members of the Telegram channel where the PhaaS (Phishing as a Service) tool is distributed.

V3B uses JavaScript code on top of a custom CMS (Content Management System) that can evade detection. The interface comes with support for Finnish, French, Italian, Polish, and German languages and allows threat actors to run multi-country campaigns.

They can use the kit on both mobile and desktops and can also intercept financial information, credentials, and credit cards. The admin panel also allows threat actors to interact with the victims in real-time so they can obtain OTPs via custom notifications and social engineering. There is also a QR code hijacking feature that the threat actors can use to distribute phishing pages via QR codes.

Phishing kits can allow low-level cybercriminals to launch highly sophisticated campaigns. It’s crucial to implement phishing protection by being vigilant about unsolicited emails and communication and verifying everything from official resources before you share any personal information, credentials, OTPs, or financial information.

 

Microsoft India’s X Account Compromised in Roaring Kitty Cryptocurrency Scam

The official Microsoft India account on X, which has over 200,000 followers, was hijacked this week when crypto scammers used it to impersonate Roaring Kitty.

This official account has a gold check that confirms it as an officially verified organization on the platform, which made the scam more effective. The threat actors used the account to reply to tweets, luring all followers to a malicious website that would allow them to buy GameStop crypto as part of a fake presale.

 

crypto scammers

 

However, they would steal the assets of anyone who connected their crypto wallet to the site and authorized transactions. There are tons of bot accounts that are also retweeting the scamming tweet to increase its reach and trap more people. This isn’t the only case involving X because, in recent months, the users of the platform have become targets of many account hijacks, with the threat actors promoting crypto scams and wallet drainers via these accounts.

If you do spot the tweet, do not fall victim and avoid interacting with it. It’s best not to follow links on X and verify everything from official websites.

Pin It on Pinterest

Share This