Sunday, December 4, 2022
HomeCybersecurity NewsCybersecurity news weekly roundup April 25, 2022 ~ NetworkTigers

Cybersecurity news weekly roundup April 25, 2022 ~ NetworkTigers

SAN MATEO, CA, APRIL 25, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.

Lapsus$ hacks T-Mobile

T-Mobile joins the list of major companies hacked by extortion gang Lapsus$ in the company’s seventh breach in the last four years. Lapsus$, in typical form, stole source code from the company using compromised user accounts to gain access to their system. It is not known if the credentials they used were purchased or gained via social engineering. T-Mobile has stated that no customer or government information was accessed by the hackers. Read more.

Costa Rican government reeling after Conti ransomware attack

Russian ransomware gang Conti has claimed credit for an attack against the Costa Rican government that has crippled the country’s imports and exports and left citizens concerned that they may have their finances and personal information stolen. Many sectors of the Costa Rican government are struggling to get back on track, sometimes reverting to pencil and paper documents. The government has refused to pay any ransom. Read more.

REvil’s TOR site comes back to life

REvil’s TOR site, after months of inactivity following the group having been surrendered to US authorities by Russia, appears to have come back to life, now redirecting to a new ransomware-as-a-service purveyor. It is currently unclear if the new site is being operated by scammers, law enforcement looking to crack down on cybercrime or individuals who were connected to REvil originally. Read more.

CISA issues warning about North Korea crypto hacks

CISA has sent out an advisory warning users of the blockchain that state-sponsored North Korea hackers are targeting crypto marketplaces and exchange platforms. Lazarus Group, a North Korean hacking gang, was specifically named and the report details the tactics that the group is using to steal cryptocurrency from unsuspecting victims. Read more.

Lapsus$ breach of Okta less severe than originally thought

Okta has concluded its investigation into a data breach that was initiated by the Lapsus$ hacking group. The forensic report states that the breach lasted 25 minutes, not the 5 days reported earlier. During that time, Lapsus$ was not able to access customer accounts or make configuration changes that would have allowed them to penetrate deeper into the company’s network. Read more.

Ukraine flooded with new malware variants courtesy of Russian hackers

As the war in Ukraine continues, new malware variants are being launched against the country from Russian hackers. Slight variations in the code being used against Ukraine help malware avoid redundancy and increase the possibility of it being able to avoid being blocked. The attacks are reportedly coming from Russian state-backed hacking group Gamaredon. Read more.

Puerto Rico toll collection system hacked

A cyberattack has taken Puerto Rico’s toll collection system offline, with the FBI currently investigating the situation. Professional Account Management, the private company that runs the tolling system, has yet to make a statement regarding when they system will be back online. No personal information appears to have been breached in the hack. Read more.

Ohio healthcare system accidentally compromised

Cleveland, Ohio’s MetroHealth System has disclosed a data breach that has affected 1,700 patients. The breach is said to have occurred accidentally while the organization was upgrading its electronic medical records system. Patient names, care providers and appointment details were exposed, but no health related data or personal financial information was compromised. Read more. 

LinkedIn most commonly imitated company in phishing attacks

More than half of all phishing attempts that create fake, or “spoofed,” emails that purport to originate from a reputable source use LinkedIn as their template. Phishing attempts using LinkedIn’s logo and format contain a link for users to click that alleges to connect them to a company or account. The link, however, leads to malicious code or asks for sensitive information. Read more.

“Fakecalls” targets bank accounts by posing as banking app

A clever piece of malware called Fakecalls is hiding in Android devices disguised as apps from reputable banks. The malware hijacks actual calls to a victim’s bank and then allows a criminal to pick up on the other end where they can then ask the caller for sensitive account info, posing as a customer service agent. Read more. 

Conti and Karakurt cybercrime gangs connected

Security researchers have discovered that Russian ransomware gang Conti and Russian extortion gang Katakurt are connected. Karakurt, it would seem, is a “side project” of Conti that they turn to when encryption fails and they are unable to leverage a ransomware attack. The stolen data is then passed to Karakurt who will mount an extortion attempt. Read more.

More cybersecurity news

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com

Cybersecurity News

NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.

Derek Walborn
Derek Walborn
Derek Walborn is a freelance research-based technical writer. He has worked as a content QA analyst for AT&T and Pernod Ricard.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News

Share it with your friends:

Cybersecurity news weekly roundup April 25, 2022 ~ NetworkTigers