Antwerp laboratory latest victim of cyber attack, Ransomware targets COVID-19 vaccine research, and more

Originally published at: Antwerp laboratory latest victim of cyber attack, Ransomware targets COVID-19 vaccine research, and more - CloudSEK Cyber Bulletin

Round Up of Major Breaches and Scams

UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

It’s been almost a year since an international sting took down WeLeakInfo, a site that marketed stolen personal data, but its alleged customers are still drawing the attention of law enforcement. The U.K.’s National Crime Agency says that 21 people have been arrested across the country recently for using data purchased on WeLeakInfo for criminal activity, including hacking and fraud.

Antwerp laboratory becomes latest victim of cyber-attack

Alan Hope reports a ransomware attack on a laboratory that “handles about 3,000 Covid-19 tests a day, or about 5% of the national total. As such, it is the largest private lab in the country dealing with the Covid-19 crisis.” The attack took place on the General Medical Laboratory (AML) in the Antwerp district of Hoboken. Hackers installed ransomware on the lab’s website, bringing it to a standstill. As is typical in a case of a ransomware attack, the hackers are demanding a ransom before they release the site from captivity.

Kawasaki discloses security breach, potential data leak

Japan’s Kawasaki Heavy Industries announced a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries is a Japanese multinational corporation with over 35,000 employees, active in the heavy equipment, rolling stock, automotive, aerospace, and defense industries. “As a result of a thorough investigation, the company has discovered that some information from overseas offices may have been leaked to external parties,” Kawasaki said in a statement published on Monday.

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank. Also included in the list is an Indian banking firm ICICI Bank.

Freedom Finance’s customer data got leaked after employee fell for phishing attack

The system was hacked to blackmail the company with media publicity and extort money. Broker Freedom Finance admitted the fact of hacking its internal network and stealing data leaks about 16,000 clients of the company for 2018. The founder and CEO of the company Timur Turlov announced this on Instagram. He called the incident “an extremely unpleasant and shameful incident in information security”, which occurred on December 24, and admitted: “We screwed up.”

Round Up of Major Malware and Ransomware Incidents

US Treasury warns of ransomware targeting COVID-19 vaccine research

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warned financial institutions of ransomware actively targeting vaccine research organizations. “FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines,” the US Treasury Department bureau warned.

Mac Attackers Remain Focused Mainly on Adware, Fooling Users

Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware – including ransomware. The year 2020 kicked off with reports that Mac cyber threats had taken off, with machines encountering twice as many threats as Windows systems. But as the year came to a close, the average user of the Mac OS continued to see fewer malware and ransomware threats than Windows users, security experts say.

Conti Ransomware Gang Takes Down Sangoma Technologies

Sangoma Technologies has reported a data breach due to a targeted ransomware attack on one of its servers. Reportedly, 26GB of its confidential data was posted online by the notorious Conti ransomware gang who perpetrated the attack. On Christmas eve, Sangoma Technologies, a provider of Unified Communications as a Service (UCaaS), disclosed a data breach that compromised one of the company’s internal servers. The compromise took place during a targeted ransomware attack by the infamous Conti ransomware gang.

Round Up of Major Vulnerabilities and Patches

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google’s Vulnerability Reward Program. Many of Google’s products, including Google Docs, come with a “Send feedback” or “Help Docs improve” option that allows users to send feedback along with an option to include a screenshot.

1 Like