Cybersecurity news provided by NetworkTigers on Monday, 11 April 2022.
SAN MATEO, CA — TrustFord in Northern Ireland hit by ransomware attack, Snap-on tool company attacked by Conti ransomware gang, Microsoft takes down domains being used by Russian hackers to lob attacks on Ukraine, hackers using WhatsApp for phishing campaign, attack on Ukrainian telecoms used employee credentials, FBI said to have foiled Russian hacking efforts, high profile artists have YouTube accounts hacked, Finland hit with cyberattack as Ukrainian president speaks, CashApp suffers data breach, World’s largest darknet market taken down by German authorities, hackers use Mailchimp to phish crypto holders, Lapsus$ Group appears to be mostly composed of teenagers, China accused of cyberattacks against Ukraine.
TrustFord in Northern Ireland hit by ransomware attack
TrustFord branches across the UK have reportedly been hit with a ransomware attack that has disabled internet access and phone services in affected businesses. The attack has not compromised customer data or caused TrustFord to initiate any closings and is believed to have been carried out by the Conti ransomware group. Read more.
Snap-on tool company attacked by Conti ransomware gang
Snap-on, the leading producer of automotive tools in America, reports that it suffered a data breach. Internet researchers have determined that the Conti ransomware gang took credit for the breach and began leaking data online, only to quickly cease and remove the stolen info. This action leads people to believe that Snap-on may have paid whatever ransom that Conti was asking in order to put an end to the data leak, which contained Social Security numbers, dates of birth and more. Read more.
Microsoft takes down domains being used by Russian hackers to lob attacks on Ukraine
Microsoft has disrupted a campaign being carried out by Russian hacker group Fancy Bear by taking down domains that were being used by the hackers as cyberattack infrastructure as they wage war against Ukraine. The domains taken down were also used in attacks that were carried out against US and UK victims. Read more.
Hackers using WhatsApp for phishing campaign
Popular messaging app WhatsApp is being spoofed by hackers in an effort to nab data. The phishing campaign is using a legitimate domain in order to infect victims with data stealing malware after sending them a message via the platform that tells them they have a new private message. So far, researchers have determined that the phishing campaign has hit around 27,660 mailboxes. Read more.
Attack on Ukrainian telecoms used employee credentials
A Russian cyberattack launched on Ukrtelecom that crippled Ukraine’s internet stability last week is said to have been carried out thanks to compromised employee credentials. The company acted quickly and was able to fully restore service within 15 hours. The attack is believed to possibly signify an increase in the number of cyberattacks launched against Ukraine that target critical infrastructure. Read more.
FBI said to have foiled Russian hacking efforts
US officials have stated that the FBI has retaken control of thousands of firewall devices and routers that Russian military hackers were amassing in order to create a botnet. The FBI was able to remove the CyclopsBlink malware that was installed on the devices before the hackers were able to launch any attacks. UK and US officials have attributed CyclopsBlink to Sandworm, a Russian hacker group that is allegedly working with Moscow to initiate attacks on political enemies. Read more.
High profile artists have YouTube accounts hacked
Artists including Justin Beiber, Eminem and Taylor Swift had their YouTube accounts hacked with an unknown person uploading bizarre videos to their channels. A common theme shared by a number of the videos is a reference to Paco Sanz, a Spanish criminal who faked a terminal illness to perform fraud. Sanz is in prison and it is currently not know who carried out the YouTube hacks. Read more.
Finland hit with cyberattack as Ukrainian president speaks
Finland suffered a cyberattack that occurred during a speech in which Ukrainian President Volodymyr Zelensky was addressing the country’s Parliament. The attack disabled Finland’s Ministry of Defense website and immediately followed what authorities think may be a violation of the country’s airspace by a Russian aircraft. Read more.
CashApp suffers data breach
CashApp has recently suffered a data breach in which a former employee had unauthorized access to reports that included US customer information. The company is notifying around 8.2 million US users about the breach, which exposed sensitive banking information. Block, CashApp’s parent company, is also working with law enforcement with regard to the person involved in the exposure. Read more.
World’s largest darknet market taken down by German authorities
Hydra Market, an online space for buying and selling illegal goods and money laundering, has been taken down by German authorities who have seized the platform’s servers. Over $25 million in Bitcoin has been seized as well. Researchers believe that the information on the servers is likely to incriminate a large number of buyers and sellers, meaning that more arrests and investigations will surely result. Read more.
Hackers use Mailchimp to phish crypto holders
Email marketing platform Mailchimp has had its data stolen by hackers who then used it to mount a phishing campaign targeting crypto users. The campaign was sophisticated, with the criminals creating a cloned version of the Trezor Suite desktop app used to manage funds that had realistic, highly detailed functionality. Read more.
Lapsus$ Group appears to be mostly composed of teenagers
Authorities in the UK have charged two teenagers with assisting the Lapsus$ extortion gang commit cybercrime. Released on bail, the people charged are two of a total of seven arrested in the UK for alleged connection to the gang. The oldest of the group is 21 years old and their activities online seem to be mostly in pursuit of notoriety as opposed to financial gain. Read more.
China accused of cyberattacks against Ukraine
The UK and US have been investigating claims by Ukraine that, just prior to Russia’s invasion of the country, China had initiated thousands of cyberattacks against Ukrainian websites. Researchers have concluded thus far that Ukraine’s claims seem to be credible, as the attacks cited carry the hallmarks of Chinese hacking and many seem to have originated from the country. Putin and Xi Jinping met recently at the Beijing Olympics and released a joint statement pertaining to the two countries’ alliance. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.