SAN MATEO, CA, June 20, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- More data-stealing apps discovered on Google Play
- As travel industry rebounds, so has related cybercrime
- Millions fall victim to Facebook phishing scam
- Ransomware gang creates new way to pressure extortion victims
- New Canadian law would make cyberattack reporting mandatory
- Human error to blame for 90% of cyberattacks
- 700,000 Social Security numbers leaked in hospital ransomware attack
- FBI encourages ag industry to bolster defenses
- HelloXD ransomware targeting Linux and Windows systems
More data-stealing apps discovered on Google Play
Researchers from Dr. Web have reported a number of apps downloadable from the Google Play store that contain adware and data stealing malware. The apps discovered include one posing as a camera while another claims to be a horoscope and fortune telling service. Some of these apps actually change their name after being installed and a handful of them have been downloaded hundreds of thousands of times. Read more.
As travel industry rebounds, so does related cybercrime
As the travel industry begins to recover after having slowed in the midst of the COVID-19 pandemic, so too have travel-related hacks and scams related to flyer miles and fraudulent requests for login credentials. Travel-related databases are full of personal information that is valuable on the black market and to those looking to engage in identity theft. Read more.
Millions fall victim to Facebook phishing scam
A phishing scam circulating via Facebook Messenger is estimated to have fooled more than 10 million people into handing over their login credentials to what researchers believe to be a single perpetrator. The individual claims to be making $150 for every thousand successful clicks on the fraudulent links. If true, they would have made around $59 million since the scam’s inception. Read more.
Ransomware gang creates new way to pressure extortion victims
The AlphV/BlackCat ransomware gang, believed to be a rebrand of Darkside/BlackMatter, has created a website in which customers and employees of targeted companies can see what personal data of theirs was stolen in the attack. The gang has even gone so far as to create personalized packs for each person that detail what information they contain. The effort is intended to put more pressure on victims to pay ransom demands, as the gang is expecting affected individuals to demand that the target does so. Read more.
New Canadian law would make cyberattack reporting mandatory
Canadian law makers have introduced new legislation that would require industries in critical infrastructure sectors to report any incidents of hacking or cybercrime to the federal government. The proposal is said to also give the country’s Prime Minister greater control over protecting the country from cybercrime. The new law has not yet been debated or passed. Read more.
Human error to blame for 90% of cyberattacks
According to the K-riptography and Information Security for Open Networks, 90% of cyberattacks take place due to human error. The data shows that, in spite of increasingly capable cybersecurity technology, a lack of awareness with regard to the techniques used by hackers and the existence of known vulnerabilities is the leading factor when it comes to breaches and attacks. Read more.
700,000 Social Security numbers leaked in hospital ransomware attack
Arizona’s Yuma Regional Medical Center has reported that the Social Security numbers of more than 700,000 patients were leaked in an April ransomware attack. No gang has taken credit for the attack and the hospital is offering free credit monitoring services to those who were affected by the breach. Read more.
FBI encourages ag industry to bolster defenses
A series of cyberattacks launched against agricultural organizations in the midst of the spring planting seasons has prompted the FBI to encourage the industry to fortify its cyber defenses and be on alert for any suspicious activity. Agricultural companies and cooperatives make lucrative targets for criminals, as the industry revolves around time sensitive growing and harvesting schedules. Read more.
HelloXD ransomware targeting Linux and Windows systems
A ransomware variant called HelloXD, based off of code that was leaked from Babuk, is actively targeting and infecting systems running Windows or Linux. This ransomware does not have a centralized site. Those using it instead preferring to negotiate via Tax chat and onion-based messaging services. HelloXD is believed to have been created by a Russian developer. Read more.