The week was full of thrilling and chilling cybersecurity news and updates. From ransomware hitting Kansas Courts to Bloomberg Crypto phishing campaign, here’s the scoop on the latest in cybersecurity this week.
Kansas Courts Verify Data Theft and Ransom Demand Following Cyberattack
The Judicial Branch of Kansas shared an update on the cybersecurity attack that the organization suffered last month.
Kansas Courts confirmed that the threat actors made away with sensitive files containing confidential information. The security incident took place in mid-October 2023, when multiple systems of the organization were impacted, including its eFiling system used for submission of documents, electronic payments, and case management systems.
The system has not changed, but many of the portals remain offline. The Kansas Judicial Branch newsroom posted an update explaining that the impact on said systems is temporary and also confirmed news of a data breach.
The report outlined that the stolen information included files from the Office of Judicial Administration and district court case records, among other data. The attack exhibits core elements of ransomware since the system outage was caused by file encryptions. However, the authorities have not specified it directly in the press release.
No ransomware gangs have taken responsibility for the attack as of now. Kansas Courts eFiling, Order Portal, District Court Public Access, Case Inquiry System, eCourt Case Management, Attorney Registration, online marriage license application, and central payment center remain offline.
U.S. Nuclear Research Lab Breached by Hacktivists, Employee Data Stolen
The Idaho National Laboratory (INL) confirmed that the organization was the victim of a cyberattack. The news came after hacktivists “SiegedSec” leaked stolen H.R. data online.
INL falls under the U.S. Department of Energy and employs nearly 5,700 specialists in nuclear and integrated energy. The INL focuses on research and development of next-generation nuclear plants, water reactors, advanced vehicles, bioenergy, robotics, and similar studies.
The hacktivist gang SiegedSec later shared that they had gained access to INL data. They highlighted that said data also contained information of “hundreds of thousands” of citizens and users. Just like the previous NATO and Atlassian breaches, the threat actors leaked the stolen data on hacker forums without any ransom demands.
Furthermore, they posted proof of the breach via screenshots on their Telegram channel. INL has not made any public statements, but a spokesperson confirmed the news to media outlets, sharing that law enforcement agencies are involved.
The full names, birth dates, emails, phone numbers, Social Security Numbers (SSNs), employment, and residential information of thousands have been leaked.
Microsoft’s New Defender Bounty Program, Offering $20,000 in Rewards
Microsoft has launched a new bug bounty initiative for its Defender platform.
People who identify and report new flaws can receive rewards ranging from $500 to $20,000. You should know that these rewards may exceed $20,000. The final amount will be determined by Microsoft based on factors like the flaw’s severity, impact, and the quality of the submission.
As of now, the Microsoft Defender Bounty Program will only focus on Defender for Endpoint Application Programming Interfaces (APIs) but will expand to other products with time. The bounties will be awarded for initial submissions if multiple individuals file multiple bug reports on the same issue.
Microsoft has paid nearly $58.9 million in bug bounty programs to 1147 security experts around the world who reported 446 vulnerabilities. The organization also announced an AI bounty program last month that focuses on its AI-driven Bing search and offers rewards of up to $15000.
Discord Phishing Attacks as a Result of Bloomberg Crypto X Account Mishap
Bloomberg’s Official Crypto Twitter account was used earlier this week to post a phishing link redirecting victims to a website that stole Discord credentials.
ZachXBT, a crypto fraud investigator, spotted the phishing attack and shared all the details. The link was to a Telegram channel with over 14,000 members that pushed all visitors to a fake Bloomberg Discord server that showed 33,968 members. Bloomberg had a Telegram channel, @BloombergNewsCrypto, which was updated to @BloombergCrypto in October 2023.
However, a scam artist was able to seize the old username during the transition and use it as a part of an elaborate phishing campaign. Once a victim clicked on the link, they were redirected to a fake Discord server where a bot prompted them to use AltDentifier, which is a genuine Discord bot, for verification.
However, it presented a link to a deceptive page to an altered domain “altidentifiers{.}com” instead of the authentic “altidentifier.com.” The users were given 30 minutes to visit this link and complete the verification process, where they were required to verify with Discord.
Upon verification, the users were allowed to participate in the server, but their Discord credentials were stolen. Bloomberg has not shared any official statement regarding the incident that took place.
This incident underlines the significance of staying informed about the latest approaches to phishing and underscores the crucial role of phishing awareness training. The training also includes the key aspect of phishing protection which is essential to defend against these security threats.