SAN MATEO, CA, APRIL 25, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Lapsus$ hacks T-Mobile
- Costa Rican government reeling after Conti ransomware attack
- REvil’s TOR site comes back to life
- CISA issues warning about North Korea crypto hacks
- Lapsus$ breach of Okta less severe than originally thought
- Ukraine flooded with new malware variants courtesy of Russian hackers
- Puerto Rico toll collection system hacked
- Ohio healthcare system accidentally compromised
- LinkedIn most commonly imitated company in phishing attacks
- “Fakecalls” targets bank accounts by posing as banking app
- Conti and Karakurt cybercrime gangs connected
Lapsus$ hacks T-Mobile
T-Mobile joins the list of major companies hacked by extortion gang Lapsus$ in the company’s seventh breach in the last four years. Lapsus$, in typical form, stole source code from the company using compromised user accounts to gain access to their system. It is not known if the credentials they used were purchased or gained via social engineering. T-Mobile has stated that no customer or government information was accessed by the hackers. Read more.
Costa Rican government reeling after Conti ransomware attack
Russian ransomware gang Conti has claimed credit for an attack against the Costa Rican government that has crippled the country’s imports and exports and left citizens concerned that they may have their finances and personal information stolen. Many sectors of the Costa Rican government are struggling to get back on track, sometimes reverting to pencil and paper documents. The government has refused to pay any ransom. Read more.
REvil’s TOR site comes back to life
REvil’s TOR site, after months of inactivity following the group having been surrendered to US authorities by Russia, appears to have come back to life, now redirecting to a new ransomware-as-a-service purveyor. It is currently unclear if the new site is being operated by scammers, law enforcement looking to crack down on cybercrime or individuals who were connected to REvil originally. Read more.
CISA issues warning about North Korea crypto hacks
CISA has sent out an advisory warning users of the blockchain that state-sponsored North Korea hackers are targeting crypto marketplaces and exchange platforms. Lazarus Group, a North Korean hacking gang, was specifically named and the report details the tactics that the group is using to steal cryptocurrency from unsuspecting victims. Read more.
Lapsus$ breach of Okta less severe than originally thought
Okta has concluded its investigation into a data breach that was initiated by the Lapsus$ hacking group. The forensic report states that the breach lasted 25 minutes, not the 5 days reported earlier. During that time, Lapsus$ was not able to access customer accounts or make configuration changes that would have allowed them to penetrate deeper into the company’s network. Read more.
Ukraine flooded with new malware variants courtesy of Russian hackers
As the war in Ukraine continues, new malware variants are being launched against the country from Russian hackers. Slight variations in the code being used against Ukraine help malware avoid redundancy and increase the possibility of it being able to avoid being blocked. The attacks are reportedly coming from Russian state-backed hacking group Gamaredon. Read more.
Puerto Rico toll collection system hacked
A cyberattack has taken Puerto Rico’s toll collection system offline, with the FBI currently investigating the situation. Professional Account Management, the private company that runs the tolling system, has yet to make a statement regarding when they system will be back online. No personal information appears to have been breached in the hack. Read more.
Ohio healthcare system accidentally compromised
Cleveland, Ohio’s MetroHealth System has disclosed a data breach that has affected 1,700 patients. The breach is said to have occurred accidentally while the organization was upgrading its electronic medical records system. Patient names, care providers and appointment details were exposed, but no health related data or personal financial information was compromised. Read more.
LinkedIn most commonly imitated company in phishing attacks
More than half of all phishing attempts that create fake, or “spoofed,” emails that purport to originate from a reputable source use LinkedIn as their template. Phishing attempts using LinkedIn’s logo and format contain a link for users to click that alleges to connect them to a company or account. The link, however, leads to malicious code or asks for sensitive information. Read more.
“Fakecalls” targets bank accounts by posing as banking app
A clever piece of malware called Fakecalls is hiding in Android devices disguised as apps from reputable banks. The malware hijacks actual calls to a victim’s bank and then allows a criminal to pick up on the other end where they can then ask the caller for sensitive account info, posing as a customer service agent. Read more.
Conti and Karakurt cybercrime gangs connected
Security researchers have discovered that Russian ransomware gang Conti and Russian extortion gang Katakurt are connected. Karakurt, it would seem, is a “side project” of Conti that they turn to when encryption fails and they are unable to leverage a ransomware attack. The stolen data is then passed to Karakurt who will mount an extortion attempt. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.