Public Data Breach, Ransomware Disables Security, Hacker Fakes Death –Cybersecurity News [August 19, 2024]
We’re back with the latest cybersecurity scoop of the week where we’ll take a look at the data breach that occurred at National Public Data, the new malware that disables security software, how a man was sentenced for hacking into the stage registry to fake his death, the $14 million holograph crypto hackers’ arrest, and the charges against Karakurt extortion gang’s member. Stay tuned for more!
National Public Data Reports Breach Exposing Social Security Numbers
The National Public Data confirmed a data breach this week where the threat actors leaked a stolen database of the background check service that had tons of personal information and social security numbers.
The organization shared a report of the security incident highlighting that the information leaked contains names, emails, phone numbers, and social security numbers. They also shared that they are cooperating with law enforcement agencies and are investigating the incident. All the impacted individuals will be notified if any significant developments come to light. Meanwhile, they did share that the data breach is most likely the work of a threat actor who was trying to hack into the database back in December last year. A threat actor using the moniker USDoD was offering the 2.9 billion records stolen from the organization for $3.5 million back in April. Another threat actor named Fenice shared 2.7 billion records on a hacking forum as well.
Many analysts have confirmed that the data is indeed accurate and also contains details about the family members of the affected individuals. If your data was leaked during the breach, it’s best to stay alert against scams and phishing attempts via emails and phone numbers.
Ransomware Group Uses New Malware to Disable Security Software
The threat actors behind the RansomHub ransomware deployed a new malware that can turn off EDR (Endpoint Detection and Response) software.
The new malware was discovered by researchers at Sophos Security in May 2024 and was named EDRKillShifter. It deploys an authentic, vulnerable driver on the victim devices that allows the threat actors to escalate privileges and take control of the system. The tool might already be used by other threat actors, and Sophos found two samples of the malware on GitHub—the first one exploits the RentDrv2 driver, and the other one exploits ThreatFireMonitor. The malware has the capability to deliver multiple driver payloads as needed for the attack and works in three steps. EDRKillShifter is launched in the binary, where it decrypts and executes a password-protected BIN resource in the memory. After that, it executes the final payload on the victim devices.
If you want to stay safe against this novel malware, you should enable tamper protection in your endpoint security products so the threat actors are unable to load any of these vulnerable drivers. It would also be best to keep all systems updated with the latest software and patches.
Man Sentenced for Hacking State Registry to Stage His Own Death
The U.S. Department of Justice issued a press release this week, sharing details of Jesse Kipf, a 39-year-old man from Kentucky who used stolen credentials to breach the Hawaii Death Registry System and registered himself as deceased.
The man took the step to avoid paying child support obligations and has been sentenced to 81 months in federal prison. Kipf did this back in January 2024, when he created the State of Hawaii Death Certificate Worksheet for himself and even added the digital signature of the doctor to it. Other than this, Kipf also accessed multiple corporate and government systems using the stolen credentials and also offered said credentials on dark web forums. The man was also found guilty of using a false social security number to apply for financial accounts. Till now, the damage caused by these actions is estimated to be close to $200,000.
Out of his sentence, he will have to spend 69 months, after which he will be placed under supervision for three years.
Hackers Tied to $14M Holograph Crypto Theft Arrested in Italy
Italy’s national police released an announcement that they’ve arrested the suspected hackers behind the $14 million Holograph crypto heist.
Holograph is a crypto exchange and WEB 3.0 platform based out of the Cayman Islands. There was news of hackers exploiting a smart contract functionality on the exchange that allowed them to mint 1 billion HLG tokens, which they withdrew at a valuation of $14 million—the value of the tokens decreased nearly 80% after a few hours of the incident. The organization confirmed at the time that the hack was done by a former operator and developer who had internal information. This week, law enforcement agencies tracked down a group of people who were suspected of being hackers because of their lavish lifestyle. Out of four in the group, two have been arrested and await extradition to France. The police also seized crypto wallet keys, ledgers, codes, and multiple devices in the possession of the hackers that are being used as evidence for the case.
The cybercriminals spent much funds but the ones remaining will be returned to Holograph. Just after the news, the HLG token price regained about 28% of its value and has gained 59.4% over the last few days.
U.S. Files Charges Against Karakurt Extortion Gang’s “Cold Case” Negotiator
The U.S. also filed charges against a member of the Karakurt ransomware gang for laundering money and wire fraud.
Deniss Zolotarjovs, a 33-year-old member of the Russian Karakurt gang, was already being investigated by the FBI for compromising organizational systems, stealing data, and demanding ransoms from the victims. The man was living in Moscow but was originally a Latvian national. Law enforcement agencies arrested him in Georgia in December 2023, and he was recently extradited to the U.S. The U.S. DoJ issued a press release but did not establish any connection between Zolotarjovs and the Karakurt ransomware gang. However, it was evident from the court documents that he was linked to multiple cases of extortion involving U.S. organizations and operated under the name “Sforza_cesarini.” His special role was for cold case extortions where the victims stopped communicating with the gang and did not succumb to the ransom demands.
Zolotarjovs is the first gang member who has been arrested and is facing up to 20 years in prison, along with fines.