SAN MATEO, CA, December 30, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
iOS devices exposed to phishing attacks more than Android
Lookout’s Q3 2024 Mobile Threat Landscape Report reveals that iOS devices are “more exposed to phishing attacks” than Android devices, with the report’s data indicating that Apple’s products were “targeted by threat actors more often, 18.4%… than Android devices at just 11.4%.” Part of this increase is likely because iOS devices were twice as prevalent among those studied by Lookout. The company, however, says that 19% of enterprise iOS devices had been exposed to one or more mobile phasing attacks in the first three quarters of 2024, whereas enterprise Android devices stood at 10.9%. Lookout’s study was informed by “an AI-powered mobile dataset of 220 million devices and 360 million apps, as well as ‘billions of web items'” and also lists common vulnerabilities in mobile web browsers and apps. Read more.
Cyberattack on Japan Airlines disrupts holiday flight operations
Japan Airlines (JAL) reported a major cyberattack that resulted in disruptions to domestic and international flights during one of the busiest travel times of the year, taking to X to say “We have been under cyberattack on our internal and external network devices, causing problems with the systems that communicate with external systems.” The attack “targeted the airline’s internal and external network equipment, leading to system malfunctions that have impacted communication and operational processes.” Flight delays are expected to continue, although a JAL spokesperson has declined to comment on the full impact of the attack. Also currently unknown is the nature of the attack and who may be responsible. JAL has stated that they are working closely with law enforcement and cybersecurity experts to fix the issue. Read more.
Brazilian hacker charged for extortion after breach
Junior Barros De Oliveira, a 29-year-old Brazilian citizen, has been charged in the U.S. with “four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications” after breaching the subsidiary of a New Jersey-based company and stealing customer information from 300,000 people. De Oliveira is said to have then attempted to extort the company’s CEO, threatening to sell the data unless a payment of 300 Bitcoin was made. De Oliveira later contacted the CEO again, offering to help the company solve its “security flaw” in exchange for 75 Bitcoin. “Each of the four counts of extortionate threats carries a maximum prison term of 5 years and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater. Likewise, each of the four counts of threatening communications carries a maximum prison term of 2 years and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.” Read more.
Attack on American Addiction Centers exposes data of almost half a million people
American Addiction Centers (AAC) suffered a ransomware attack in September, exposing healthcare information belonging to over 400,000 people. American Addiction Centers, made up of a network of rehab centers across the U.S., has not made comments about the nature of the attack although the Rhysida ransomware gang, known for attacking the healthcare sector, has taken credit for it. Among the data stolen were Social Security numbers, addresses, phone numbers, and health insurance information. AAC has offered identity theft protection services to those affected. Read more.
Shadow AI usage major data privacy risk
Shadow IT, a term for when employees turn to software platforms or systems outside of those approved for work, can result in breaches, leaks, hacks, and other security incidents that are out of a network administrator’s control. With people now engaging with AI platforms and models that are unsanctioned, “Shadow AI” is increasing the danger. Research indicates that 50 to 75% of employees are using AI tools that are not approved for company use, many of them being smaller applications that assist with image generation, voice transcription, note-taking, and other tasks. The employment of these tools, especially when used to transcribe or otherwise process legal documentation, financial data, or other sensitive information, could open organizations to data theft, compliance violations, legal risks, and cyberattacks. Read more.
Consumers sell biometric data willingly in farming operation
A dark web biometric farming operation has been uncovered by iProov, prompting security experts to recommend that customer-facing businesses bolster their identification verification process. The campaign has collected identity documents and photographs of peoples’ faces to get past Know Your Customer (KYC) verification checks used to confirm customer identities. iProov has also reported that people could have submitted some, if not all, of the material in exchange for money. “What’s particularly alarming about this discovery is not just the sophisticated nature of the operation, but the fact that individuals are willingly compromising their identities for short-term financial gain,†said Andrew Newell, chief scientific officer at iProov. Read more.
Judge rules against NSO Group in WhatsApp trial
Spyware maker NSO Group has been dealt its first major legal blow. Northern California District Court Judge Phyllis Hamilton ruled in favor of WhatsApp over allegations that NSO Group hacked the chat platform. The federal judge determined that NSO Group “violated U.S. and California anti-hacking laws and had failed to obey court orders to produce evidence, especially the Pegasus spyware source code.” “This is a historic judgment and a first major court victory against NSO Group in the world, finding them liable for compromising the digital security infrastructure that millions of people rely on,†said Natalia Krapiva, senior tech-legal counsel at the Access Now digital rights group. “While the trial will continue on how much damages NSO should pay, the partial summary judgment is a major win for WhatsApp, civil society, and Pegasus victims around the world.†NSO Group has yet to comment on the outcome. Read more.
$308 million crypto theft linked to North Korean hackers
North Korean state-sponsored hacker groups are proving once more to be adept at stealing crypto to enrich Pyongyang with an attack on Japanese exchange DMM Bitcoin that saw them make off with $308 million. According to the FBI, the attack was carried out by a group called TraderTraitor, also known as Jade Sleet, UNC4899, and Slow Pisces. The heist, which took place in May of 2024, “forced the platform to restrict account registration, cryptocurrency withdrawals, and trading until the completion of the investigations.” The FBI’s announcement goes on to say that an attacker from the group pretended to be a recruiter on LinkedIn, contacted an employee of Japanese crypto wallet software company Ginco, and sent them malicious Python code that “compromised the computer and allowed TraderTraitor to infiltrate Ginco and then move laterally to DMM.” Read more.
Thousands of malware variants generated with LLMs
A new analysis from Palo Alto Networks Unit 42 researchers indicates that LLMs allow threat actors to generate thousands of malware variants at scale, making their detection more difficult. The researchers used LLMs to rewrite existing malware samples into 10,000 variants, aiming to sidestep detection by machine learning models without altering the malware’s primary functionality. “The final output is a new variant of the malicious JavaScript that maintains the same behavior of the original script, while almost always having a much lower malicious score,” said the company’s report. The rewritten results from their experiment also appear more natural than alternative variant-creation methods, making them more challenging to detect reliably. Read more.
LockBit developer arrested in Israel awaiting extradition
51-year-old Rostislav Panev was arrested in Israel in August 2024 per a request from the United States, according to unsealed documents from the U.S. Department of Justice. Panev, who has dual citizenship in both Russia and Israel, is accused of working as a developer for the LockBit ransomware operation from 2019 until February 2024. The DOJ says that Panev confessed to the charges in Israel, saying that he completed the “development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network. Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.” LockBit’s main administrator, LockBitSupp, who is believed to be Russian National Dmitry Yuryevich, remains at large. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
