SAN MATEO, CA, September 5, 2022 — Cybersecurity news weekly roundup: stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- New ransomware gang picking up steam
- Samsung discloses breach
- FBI investigates massive infrastructure cyberattack in Montenegro
- FBI issues warning about hackers and crypto platforms
- Russian news site hacked
- Authy 2FA app hacked
- Hack exposes 2.5 million student loan accounts
- Ransomware attacks rebound after a brief decline
- Spyware firm looks to compete with Pegasus
New ransomware gang picking up steam
Researchers have observed that the new ransomware gang BianLian has tripled its infrastructure in the last month. The gang uses double-extortion tactics and has thus far targeted American, Australian, and British companies. The gang uses the open-source Go coding language to operate, which most threat researchers may not be very familiar with. This has made the gang difficult to track and their techniques hard to reverse engineer. Read more.
Samsung discloses breach
According to the electronics maker, some of Samsung’s US systems were breached to steal customer data. The hack, which took place in late July, saw exfiltrated data, including names, product registration information, and contact info. Samsung is notifying affected customers and has stated that no Social Security numbers or payment data had been leaked. Read more.
FBI investigates massive infrastructure cyberattack in Montenegro
An ongoing cyberattack targeting the country of Montenegro’s water supply, transportation, and online government services has drawn the attention of the nation’s NATO allies, with the FBI deploying a cyber team to the country. Montenegro officials are blaming the attack on Russian retaliation for their joining of NATO and their support of sanctions placed on the country in response to the invasion of Ukraine. Read more.
FBI issues warning about hackers and crypto platforms
In a public service announcement, the FBI issued a warning about the increasing frequency with which DeFi platforms are falling victim to hackers looking to steal crypto. Most hacks are carried out via security exploits and vulnerabilities within the platforms. In 2021, around 25% of all stolen crypto was eventually recovered. Thus far in 2022, however, no stolen funds have been returned. Read more.
Russian news site hacked.
Tass, a state-operated Russian news outlet, was hacked with anti-war messages appearing to those who visited the website. The text, which includes the phrase “Putin makes us lie,” implies that it originated from Tass workers and writers, but this is likely not the case. Additionally, an Anonymous logo appears under the statement. Anonymous has been publicly opposed to Russia’s ongoing war in Ukraine and has taken credit for several disruptive hacks carried out against Russian news organizations. Read more.
Authy 2FA app hacked.
Authy, one of the most popular and highly recommended 2FA apps, has been hacked following a successful phishing attack on the company’s employees. Only a small number of Authy customers were affected by the hack, with the criminals using their access to register unauthorized devices to only 93 accounts. It would appear that the accounts were highly targeted. Read more.
Hack exposes 2.5 million student loan accounts.
Oklahoma Student Loan Authority (OSLA) and EdFinancial have suffered a breach that has exposed the personal data of 2.5 million people. The breach appears to have resulted from a hack that targeted Nelnet Servicing, a third-party technology services provider. The data exposed includes names, addresses, Social Security numbers, and phone numbers. The hackers reportedly had access to Nelnet’s system from some time in June up until July 22. Read more.
Ransomware attacks rebound after a brief decline.
A report released by NCC Group reveals that ransomware attacks are on the rise again after a short decline. It is believed that the ebb and flow is related to the US government’s crackdown on cybercrime and the Conti ransomware gang. It would seem that the regression took place as ransomware purveyors reevaluated their tactics and regrouped in the face of increased pressure. LockBit has proven to be the most prevalent gang in this new surge, with HiveLeaks and BlackBasta, both offshoots of Conti, also hard at work. Read more.
Spyware firm looks to compete with Pegasus.
Intellexa, a little-known Europe-based spyware firm, appears to be positioning itself as an alternative to NSO Group’s Pegasus. For a fee of $8 million, Intellexa is offering to hack Android and iOS devices. Ten infections are up for grabs, and the firm claims to have a “magazine of 100 successful infections.” Read more.