Cybersecurity news provided by NetworkTigers on Monday, 7 March 2022.
SAN MATEO, CA — Malware posing as Android antivirus in Google Play store, scammers capitalize on Ukraine support, Lapsus$ extortion group hacks Samsung, Anonymous claims to have hacked more than 2,500 Russian targets, France suffers internet outage in suspected Russian attack, personal data from 2021 T-Mobile breach appearing on the dark web, Nvidia hack resulted in major data theft, threat actors targeting refugee-assisting NATO members, Log4Shell utilized for DDoS attacks and cryptominers, Russian EV charging stations hacked, Toyota auto production disrupted due to cyberattack, Conti ransomware gang info leaked after announcing support of Russia, cyberattack slows Ukrainian refugees at Romanian border.
Malware posing as Android antivirus in Google Play store
SharkBot, a type of banking malware, is present in a Google Play app masquerading as an antivirus tool. SharkBot’s most troubling feature is its ability to transfer money between accounts by simulating clicks and touches on infected devices. The malware can also steal credentials and allow an unauthorized user remote control of a victim’s device. Read more.
Scammers capitalize on Ukraine support
As Ukraine’s battle with Russia continues to garner support from organizations, governments and private enterprise the world over, criminals have capitalized on the opportunity to initiate phishing attempts and other scams posing as means by which to assist Ukraine or manage shipping and supply chain disruptions as a result of the conflict. The two most popular scams result in victims downloading malware or Trojans onto their system after clicking malicious links. Read more.
Lapsus$ extortion group hacks Samsung
Lapsus$, the extortion gang that recently carried out a major cyberattack against Nvidia, has claimed to have done the same to electronics manufacturer Samsung, as they posted 190GB of source code allegedly stolen from the company. Lapsus$ is claiming that upcoming leaks will contain even more data from the company. It is not yet clear if Lapsus$ has demanded a ransom from Samsung. Read more.
Anonymous claims to have hacked more than 2,500 Russian targets
In the week since declaring “cyber war” on Russia, hacktivist collective Anonymous claims to have successfully hacked more than 2,500 targets. The group is also reportedly leaking military communications and internal data related to Russia-based ransomware gangs. Anonymous is also encouraging less tech savvy people to use pro-Russia hashtags on Twitter posts that share news from outside the country about the aggression in Ukraine. Read more.
France suffers internet outage in suspected Russian attack
Viasat, supplier of satellite broadband internet, was subject to a cyberattack shortly after Russia’s invasion of Ukraine affecting thousands of people in both Ukraine as well as France. The attack, combined with the global chip shortage, has made resetting affected hardware difficult if not impossible. Viasat does not believe that any user data was compromised in the attack, which it is referring to as a “cyber blast.” Read more.
Personal data from 2021 T-Mobile breach appearing on the dark web
WDTV, a West Virginia news affiliate, has reported that information related to more than 68,000 West Virgianians has been found for sale on the dark web. The data is said to have sprung from the massive T-Mobile data breach that took place in August of 2021. The stolen data includes Social Security numbers, driver’s licenses and more. Read more.
Nvidia hack resulted in major data theft
Hacked last week by extortion group Lapsus$, Nvidia has reportedly had data stolen in the attack that includes proprietary technology and passwords. Lapsus$ has begun to leak the stolen information and is attempting to extort Nvidia in order to persuade the company to remove a limitation in their hardware that makes it challenging to mine for crypto. There is currently no evidence connecting the attack to the conflict in Ukraine. Read more.
Threat actors targeting refugee-assisting NATO members
The Belarus-based disinformation group Ghostwriter is believed to be responsible for a phishing campaign that has been launched against NATO members who are assisting in the management of Ukrainian refugees. The attacks and fraudulent information are believed to be crafted in order to spread distrust or discontent with regard to the acceptance and movement of refugees in Europe. Read more.
Log4Shell utilized for DDoS attacks and cryptominers
Last year’s Log4Shell exploit is, as predicted by researchers, still being utilized by threat actors in spite of a general decline. The vulnerability is primarily being used to launch DDoS botnet attacks or cryptominers on older systems and not being leveraged by major ransomware gangs as previously expected, as their favored targets are largely protected thanks to security updates. Read more.
Russian EV charging stations hacked
EV charging stations around Moscow have been reportedly hacked. Many of the stations are offline, displaying pro-Ukraine and anti-Putin text on their screens. Hackers the world over have been taking aim at the country in response to its aggression against Ukraine, looking to inform the Russian people of current events and create nonviolent disruption within the country’s borders. Read more.
Toyota auto production disrupted due to cyberattack
Japanese vehicle maker Toyota has had to stop and then restart production after Kojima Industries, a third party supplier of auto components, suffered a cyberattack. It is currently unknown if the attack is in any way related to the conflict between Russia and Ukraine, although the country’s industry leaders have been on high alert as such attacks are expected to increase in frequency. Read more.
Conti ransomware gang info leaked after announcing support of Russia
Conti, after publicly announcing its support of Russia in its invasion of Ukraine, has experienced a huge leak of internal chats and data. Information leaked includes the names of previously unreported victims, bitcoin addresses and discussions related to plans and operations. Conti is one of many ransomware gangs who have decided to choose a side in the conflict between Russia and Ukraine. Read more.
Cyberattack slows Ukrainian refugees at Romanian border
A data wiper cyberattack launched against Ukrainian border control has slowed refugees as they escape the country into Romania. Documentation is being done via pencil and paper, leaving many people stuck. Ukrainian agents at the border describe the wiper as the exact same that was used to attack the country’s ministries the lead up to invasion. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.