Cybersecurity news provided by NetworkTigers on Monday, 27 December 2021.
SAN MATEO, CA — 2020 hack of Mitsubishi may have leaked Japan defense data, Crypto credentials stolen via Telegram, users attempting to download “Spider-Man” end up installing crypto miner, Cox Communications hacker impersonated support agent, PYSA is November 2021’s biggest ransomware actor, 2021 worst year for healthcare data breaches in US history, gamers’ crypto stolen from NFT startup via Discord scam, ransomware gang publishes stolen police data, Conti ransomware gang leverages Log4Shell, Apache releases new patch for new Log4j vulnerability, Belgian defense ministry hacked.
2020 hack of Mitsubishi may have leaked Japan defense data
The 2020 hack of tech giant Mitsubishi may have led to the breach of military information, according to Japan’s Defense Ministry. 59 documents related to the country’s national defense were reportedly accessed in the hack. Mitsubishi has stated that it will tighten its security as it now comes under pressure from Japan’s federal authorities. Read more.
Crypto credentials stolen via Telegram
The Echelon infostealer malware is being leveraged by criminals through Telegram to pilfer crypto wallet credentials that can then be used to steal currency. Using the name “Smokes Night,” the malware was distributed haphazardly on a Telegram channel that focused on crypto discussion with no clear indication that a specific target was intended. While other users did not engage with Smokes Night or complain about the posted link, it is assumed that some may have clicked the file and downloaded Echelon. Read more.
Users attempting to download “Spider-Man” end up installing crypto miner
A torrent download masquerading as “Spider-Man: No Way Home” is actually a crypto miner, according to ReasonLabs. Once downloaded, the miner can run undetected and put a drain on the processing power of the affected computer. According to researchers, the crypto miner in question is a newer version of a previously identified one that has a history of being disguised as other popular apps. Read more.
Cox Communications hacker impersonated support agent
The October hack of Cox Communications was reportedly initiated by someone who gained access to private customer data by impersonating a support agent. Cox has not stated how exactly the perpetrator was able to imitate a company support agent. The company has also not yet disclosed whether or not customer payment information or passwords were breached in the incident. Cox Communications is the third largest cable television provider in the US. Read more.
PYSA is November 2021’s biggest ransomware actor
PYSA, also known as Mespinoza, has outrun Conti as November 2021’s most prolific and effective ransomware gang. Using double extortion tactics, PYSA has experienced a 400% increase in attacks on government systems in the month of November. Experts expect Conti to retake the throne in December, however, as they have successfully integrated LogShell vulnerability exploits into their attack methodology. Read more.
2021 worst year for healthcare data breaches in US history
Reports of healthcare data breaches has been exponentially increasing in the final months of 2021, according to data from the Department of Health and Human Services’ Office for Civil Rights. As the year comes to a close, it is becoming clear that 2021 has been the worst year for healthcare breaches in history, fueled by the COVID-19 pandemic. The states of New York and California have reportedly been on the receiving end of most of the breaches. Read more.
Gamers’ crypto stolen from NFT startup via Discord scam
Fractal, an in-game NFT marketplace startup spearheaded by Twitter co-founder Justin Kan, has had some of its members scammed. A link sent through the project’s official Discord channel was set up by criminals looking to steal cryptocurrency from those interested in purchasing NFTs. Users who clicked the link found that their crypto wallets had been emptied. The NFT market, because of its volatile nature, is becoming increasingly targeted by criminals looking to prey upon peoples’ desire to quickly purchase rare items. Read more.
Ransomware gang publishes stolen police data
Ransomware gang Clop has reportedly published data stolen from UK police on the dark web. It is not currently known if the group has more information that it will continue to release or if the drop included the totality of their data. Clop is responsible for many high profile, noteworthy hacks in recent months with victims including Shell, the University of California and Swire Pacific Offshore. Read more.
Conti ransomware gang leverages Log4Shell
Russia-based ransomware gang Conti has developed a workflow that encompasses the Log4Shell vulnerability, acting quickly to adapt their attack strategy to one that fully utilizes the flaw. Conti is a sophisticated and active ransomware group, with Palo Alto Networks labeling them as “one of the most ruthless” large scale operations. It is believed that Conti pulled in over $150 million in only the last six months. Read more.
Apache releases new patch for new Log4j vulnerability
Although Apache was quick to release a patch to help mitigate damage caused from hackers using the vulnerability present in Log4j, another means by which to exploit the flaw has been discovered. Apache has released another patch to fix a workaround that can allow hackers even more access to unpatched systems and machines without direct access to the network itself. Read more.
Belgian defense ministry hacked
Instances of government level hacking utilizing the recently discovered Log4j vulnerability continue to rise, with Belgium’s defense ministry having reportedly come under attack. A portion of the ministry’s network has been shut down as a result. While the perpetrator of the attack has not yet been publicized, many suspect that state-sponsored hackers are to blame. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com