With global headlines and the top cybersecurity news, the weekly cybersecurity bulletin brings Meta’s data protection failure fine, Twitter user data on hacking forums, Cincinnati State College ransomware attack, Google’s eighth zero day of 2022, Interpol’s $130 million recovery, and altered VPNs for spyware. Let us take a look.
$275.5 million fine for Meta for data protection failure
The DPC (Irish Data Protection Commission) has fined Meta $275.5 million for the 2021 data leak that exposed the Facebook information of millions worldwide.
The fine is justified with Meta potentially violating the GDPR (General Data Protection Regulation) and the records of 533 million Facebook users being published on hacking forums. The customer data exposed included personal information, contact numbers, Facebook IDs, genders, relationship status, names, occupations, dates of birth, email, and locations. They were shared on a hacking forum where threat actors could use them for malicious purposes.
Facebook claimed that the threat actors got the data by exploiting a “Contact Importer” flaw that allowed them to associate Facebook IDs with phone numbers and scrape user data to build the user’s profile. This flaw was fixed in 2019. Scraping is against online platform policies but enforcing such rules is challenging, as documented in TikTok and WeChat cases.
As the head of GDPR compliance, the DPC’s decision for Meta’s “Data Scraping” inquiry will certainly cause a ruckus in the tech community and force data controllers to rethink anti-scraping mechanisms.
Twitter Data Leak, 5.4 million accounts affected
Nearly 5.4 million Twitter accounts were shared on a free hacker forum in a significant data dump. The data of the accounts consist of private phone numbers, email addresses, and scraped public information.
A threat actor posted the private information of 5.4 million accounts for purchase for $30,000 in July 2022. The data consisted of public information, names, locations, phone numbers, and email addresses, which was collected in 2021 by exploiting a Twitter API (Application Programming Interface) vulnerability. Pompompurin claimed responsibility for exploiting the bug after a threat actor called “Devil” shared the Twitter vulnerability with them and stated that there are more than 1.4 million Twitter accounts whose information was collected.
The data of 5,485,635 Twitter accounts was posted for sale in August but was leaked online for free recently, allowing any cybercriminal to use it for malicious purposes. With valid phone numbers and names, the account holders could be targeted with scams and impersonation.
The Twitter record data could easily be utilized for spear phishing campaigns. It would be best to steer clear of weird or unsolicited emails that you receive from Twitter, especially those that direct you to login portals on non-Twitter domains.
Ransomware attack on Cincinnati State College
A cybercriminal group known as the Vice Society has claimed responsibility for a ransomware attack. The ransomware attack targeted the Cincinnati State Technical and Community College, and threat actors leaked the stolen data.
The threat actors published documents on a Tor data leak website, claiming the information in the documents was stolen from Cincinnati State College. If the hackers have posted the stolen documents, it indicates that no ransom was paid. The documents published by the threat actors contain records from years ago till 24 November, and the threat actors have made the data freely accessible, even the PII (Personally Identifiable Information) contained in those emails.
The college discovered the attack a few days ago and informed its staff of 1000 and 10,000 students about the incident. The college announced the restoration of its networks, emails, classroom computers, and partial internet access but has still not restored its voicemail, network and intranet shared drives, VPN (Virtual Private Network) access, or registration portals.
The cyberattack has been significant for the college, which has posted FAQs for students and the workforce for administrative guidelines and carrying out all operations. Vice Society has previously targeted other educational institutions as well, including the LAUSD (Los Angeles Unified), US’s second-largest school district.
Google’s 8th Zero Day of 2022, Pushing Emergency Fix
Tech giant Google released an emergency security update for its web browser. The desktop version of Google Chrome was patched following the 8th zero day vulnerability of the browser this year.
Tracked as CVE-2022-4135, the exploit was a heap buffer overflow in the GPU (Graphics Processing Unit). Buffer overflow flaws are memory vulnerabilities that allow threat actors to write data in forbidden locations without any checks. These also allow threat actors to manipulate the execution path, access restricted information, and execute arbitrary code.
Google has clarified that the zero-day exploit details will be kept under wraps until most of its users have downloaded and installed the security patch. The organization would retain the restrictions if the bug were found in third-party libraries that have not yet been fixed. You can easily update your desktop Google Chrome browser by going to the browser’s Settings > About Chrome and waiting until Google automatically updates.
Google has been on the radar of threat actors and has fixed 8 zero day vulnerabilities this year. Threat actors may use zero day vulnerabilities for malicious activities, and individuals worldwide should update their web browsers soon to keep them secure.
$130 Million Seized From Threat Actors by Interpol
Interpol has announced that they have seized $130 million in funds and virtual assets from cybercriminals. With its operation code-named “HAECHI III,” Interpol also arrested nearly a thousand cybercriminals.
The operation lasted from late June 2022 to November 2022, during which period Interpol arrested 975 individuals and solved over 1600 cybercriminal and money laundering operations. Furthermore, Interpol has also blocked 2800 bank accounts and crypto accounts associated with illicit activities and financial crimes.
From romance scams, voice phishing, investment frauds, money laundering, illegal gambling, and sextortion, Interpol released an official announcement, generating 95 notices, and has also brought 16 cybercrime trends to help worldwide law enforcement agencies take better action.
Some of the most significant arrests that Interpol made included the arrest of two Koreans residing in Greece and Italy, responsible for embezzling $29,100,000 from nearly 2000 Koreans, and the arrest of an Indian cybercriminal gang that impersonated Interpol officers and tricked victims out of $159,000 in crypto.
Interpol’s efforts and its ARRP (Anti-money laundering Rapid Response Protocol) have proven effective, helped recover $120,000,000 in cybercriminal proceeds, and have threat actors running scared.
Threat actors altering OpenVPN to Include Spyware
Threat actors have been luring victims using fake VPN software on Android phones for a highly targeted campaign to deploy Spyware and steal valuable information.
The threat actor has been employing Trojan versions of SoftVPN and OpenVPN since 2017 to steal contact information, call records, geographical locations, and communication from multiple applications. The threat actor tracked as Bahamut is a mercenary group that repackages authentic VPN services. These modified applications provide VPN services to avoid raising any alarms and exfiltrating information from the victim’s devices.
With a fake website and the same name, the threat actors dupe their victims and steal data from various messaging applications such as Signal, Whatsapp, Telegram, Facebook Messenger, and Viber. The campaign is targeted and sophisticated; the applications were deployed via Google Play Store and employed phishing emails and social media channels for initial distribution.
Bahamut is believed to be linked to Windshift and Urpage threat actor groups and was also linked to espionage activity on human rights activists in the Middle East. It would be best to download applications from authentic sources, and Android users using these applications should remove them immediately.