Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Stolen. Show all posts
Seattle Port
Airport Cyber Attacks Data Stolen Ransomware Rhysida Seattle Port

Port of Seattle Battles Ransomware Attack, Refuses to Pay

 



The Port of Seattle and Seattle-Tacoma International Airport have corroborated that the major system outages which took place late August were caused by a ransomware attack. On August 24, a cyberattack partially disrupted the critical operations at the airport with websites, emails, and phone services down and even affected some services at the airport. The attack was immediately detected and in response, the IT team decided to shut the entire system in order to prevent further damage.

Ransomware attack, by the criminal group, Rhysida, into the computer systems at the airport accessed unauthorised and encrypted some parts of their data. The spokesperson to the airport, Perry Cooper said that IT noticed some malicious activities in the system on the day of the attack and took immediate actions to stop the spread of malware. The Port of Seattle said the measures by its staff, including forensic experts and law enforcement, were effective in thwarting the attack since no further unauthorised activity was detected following the breach.

Operational Disruptions

Even with these measures being put into place, the attack had a great impact on the day-to-day running of Sea-Tac Airport. Passengers were denied the luxury of getting information on arrival and departure flight schedules from the reader boards for the past several days. The airlines at the airport could not use the digital systems and had to revert back to the old method of pen and paper for marking baggage. In addition to the others, critical services such as check-in kiosks, lost and found, Wi-Fi, and reserved parking were affected too, leaving many of both airline customers and employees greatly inconvenienced.

Its official website, portofseattle.org, is still unavailable, leaving travellers to rely on an alternate website, washingtonports.org, for information and updates. These services have been returning to normal gradually, but the attack affected a number of different parts of airport and port operations across the board.

Port of Seattle Refuses to Pay Ransom

Even at this advanced stage, the Port of Seattle has categorically rejected the ransom demands from the attackers. The executive director of the Port Steve Metruck stated in a public statement that to grant the ransom demand would go against the very purpose of the values of the Port and add nothing to its responsibility to protect the money that the taxpayer entrusts to the Port. The Port is alert to the fact that Rhysida may upload all the stolen data on the dark web in the name of retaliation, but it has been faithfully committed to not paying any ransom to criminals.

Although the nature and extent of the stolen data remain unknown, the Port has vowed to inform any employee or passenger whose personal data may have been compromised that their data was stolen.

Securing a Brighter Tomorrow

Over the past few months, other than trying to regain its systems following an attack, the Port of Seattle is also fortifying its defences against future attacks. On its part, the organisation has taken further actions to fortify its cybersecurity to prevent a future version of such attacks. Metruck says, "This has been a learning experience for us and lessons derived from this attack will be instrumental in building on a more resilient IT infrastructure." Apart from that, Port is working with partners to secure business and critical infrastructure.

Despite the hold-up caused by the attack, Port of Seattle officials assured the public that it is still safe to travel from Sea-Tac Airport and to make use of its maritime facilities. This shows commitment to maintaining the safety and the efficiency of its operations, including response and continued recovery.




Read more »
Ransomware attack
brain cipher Cyber Attacks data security Data Stolen Data Theft Financial Security Olympics Ransomware attack

Ransomware Group Brain Cipher Targets French Museums During Olympics

 

The ransomware group Brain Cipher has claimed responsibility for a cyberattack on several French National Museums that took place during the Olympic Games earlier this month. The attack, which targeted institutions managed by the Réunion des Musées Nationaux – Grand Palais (RMN-GP), allegedly compromised 300 GB of data from a system used to centralize financial information. 

Despite the group’s threat to leak the stolen data, they have not yet revealed the nature of the information. The French Cybersecurity Agency (ANSSI) confirmed it was alerted to the attacks and promptly provided assistance to RMN-GP. ANSSI assured the public that the incident did not affect any systems related to the Olympic Games. Events like taekwondo and fencing, hosted by the RMN-GP, continued without disruption. RMN-GP also confirmed that there were no operational impacts, encrypted systems, or extracted data detected in connection with the attack. 

Nevertheless, the situation remains closely monitored as the countdown to the data leak continues on Brain Cipher’s blog, set to occur at 20:00 UTC. Brain Cipher is a relatively new ransomware group that first emerged in June 2023. Since then, the group has been linked to various cyberattacks targeting different sectors, including medical, educational, and manufacturing organizations, along with Indonesian government servers. Despite their activities, the group has attempted to maintain a controversial public image. 

In one case, they apologized for a cyberattack on Indonesian government servers, claiming they were acting as penetration testers rather than criminals. They even released a decryptor to restore the locked files without being pressured by the government, presenting themselves as ethical hackers or white-hat operators, although their actions and motives remain dubious. The data allegedly stolen from RMN-GP is believed to involve sensitive financial information, but no further details have been disclosed by Brain Cipher. 

The threat of releasing such a large volume of data has sparked concerns over potential exposure of confidential details, which could affect both the organization and the individuals associated with it. As the clock ticks down to the group’s proposed leak, questions are raised about the nature of the stolen data and the potential fallout from its exposure. Cyberattacks like this highlight the growing threat posed by ransomware groups to both public and private institutions worldwide. 

The incident also underscores the importance of robust cybersecurity measures, particularly during high-profile events such as the Olympic Games. Although there has been no impact on the Olympic-related systems, the attack serves as a reminder of the constant vigilance required to protect critical infrastructure and data.
Read more »
OnStar Smart Driver
Automobile Car Data Cyber Security Data Brokers data misuse Data Privacy Data Safety Data Stolen EFF GPS OnStar Smart Driver

The Hidden Cost of Connected Cars: Your Driving Data and Insurance

 

Driving to a weekend getaway or a doctor's appointment leaves more than just a memory; it leaves a data trail. Modern cars equipped with internet capabilities, GPS tracking, or services like OnStar, capture your driving history. This data is not just stored—it can be sold to your insurance company. A recent report highlighted how ordinary driving activities generate a data footprint that can be sold to insurers. These data collections often occur through "safe driving" programs installed in your vehicle or connected car apps. Real-time tracking usually begins when you download an app or agree to terms on your car's dashboard screen. 

Car technology has evolved significantly since General Motors introduced OnStar in 1996. From mobile data enhancing navigation to telematics in the 2010s, today’s cars are more connected than ever. This connectivity offers benefits like emergency alerts, maintenance notifications, and software updates. By 2030, it's predicted that over 95% of new cars will have some form of internet connectivity. Manufacturers like General Motors, Kia, Subaru, and Mitsubishi offer services that collect and share your driving data with insurance companies. Insurers purchase this data to analyze your driving habits, influencing your "risk score" and potentially increasing your premiums. 

One example is the OnStar Smart Driver program, which collects data and sends it to manufacturers who then sell it to data brokers. These brokers resell the data to various buyers, including insurance companies. Following a critical report, General Motors announced it would stop sharing data with these brokers. Consumers often unknowingly consent to this data collection. Salespeople at dealerships may enroll customers without clear consent, motivated by bonuses. The lengthy and complex “terms and conditions” disclosures further obscure the process, making it hard for consumers to understand what they're agreeing to. Even diligent readers struggle to grasp the full extent of data collection. 

This situation leaves consumers under constant surveillance, with their driving data monetized without their explicit consent. This extends beyond driving, impacting various aspects of daily life. To address these privacy concerns, the Electronic Frontier Foundation (EFF) advocates for comprehensive data privacy legislation with strong data minimization rules and clear, opt-in consent requirements. Such legislation would ensure that only necessary data is collected to provide requested services. For example, while location data might be needed for emergency assistance, additional data should not be collected or sold. 

Consumers need to be aware of how their data is processed and have control over it. Opt-in consent rules are crucial, requiring companies to obtain informed and voluntary permission before processing any data. This consent must be clear and not hidden in lengthy, jargon-filled terms. Currently, consumers often do not control or even know who accesses their data. This lack of transparency and control highlights the need for stronger privacy protections. By enforcing opt-in consent and data minimization, we can better safeguard personal data and maintain privacy.
Read more »
Singapore
Cyber Crime Cyber Safety CyberCriminal data security Data Stolen Data Theft Database Breach Hacker attack KYC Singapore

Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

 

A financially motivated criminal hacking group, self-identified as GhostR, has claimed responsibility for the theft of a confidential database containing millions of records from the renowned World-Check screening database. The stolen data, totaling 5.3 million records, includes sensitive information used by companies for screening potential customers and assessing their links to sanctions and financial crime.
 
World-Check, a vital tool for conducting "know your customer" (KYC) checks, enables companies to identify high-risk individuals with potential ties to money laundering, government sanctions, or other illicit activities. The hackers disclosed that they obtained the data from a Singapore-based firm with access to the World-Check database, though the specific company remains unnamed. 

A portion of the stolen data encompasses individuals sanctioned as recently as this year. The compromised records include details of current and former government officials, diplomats, politically exposed persons (PEPs), individuals associated with organized crime, suspected terrorists, intelligence operatives, and even a European spyware vendor. These individuals are deemed high-risk for involvement in corruption, bribery, or other illicit activities. 

The stolen data comprises a wealth of sensitive information, including names, passport numbers, Social Security numbers, online cryptocurrency account identifiers, bank account numbers, and more. Such a breach poses significant risks, as it could potentially expose innocent individuals to unwarranted scrutiny and financial harm. 

Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees World-Check, clarified that the breach did not originate from LSEG's systems but involved a third party's data set. While LSEG did not disclose the identity of the third-party company, they emphasized their commitment to collaborating with the affected party to safeguard data integrity and notify relevant authorities. 

Privately operated databases like World-Check are not immune to errors, raising concerns about the accuracy and fairness of their content. Past incidents, such as the 2016 leak of an older World-Check database, underscore the potential repercussions of erroneous data, including wrongful accusations and financial repercussions for innocent individuals. 

The breach highlights the critical need for enhanced cybersecurity measures and regulatory oversight to protect sensitive personal information and mitigate the risks associated with data breaches. As investigations into the incident continue, stakeholders must prioritize transparency, accountability, and proactive measures to prevent future breaches and safeguard consumer data privacy.
Read more »
Ransomware attack
Data Breach Data Stolen Data Theft Motel One Ransomware attack

Motel One Says Ransomware Gang Stole Customer Credit Card Information

Motel One, a prominent hotel chain in Europe, recently experienced a ransomware attack, resulting in unauthorized access to customer data. The hotel is recognized for its budget-friendly accommodations and operates a network of 90 hotels across Europe and the United States. The hotel has assured that the impact of the attack was kept to a bare minimum. 

Nevertheless, it has been confirmed that the attackers were able to access specific sensitive customer credentials, including address details and the information associated with 150 credit cards. Prior to the hotel's official statement concerning the attack, the company's name appeared on the dark web leak site associated with the ALPHV ransomware gang. 

The group has stated that they successfully obtained several terabytes of data from the company, notably encompassing portions of customer information. Additionally, TechCrunch company has gained access to a segment of this data, as claimed by the ransomware gang, which is purported to contain details of both employees and specific customers. 

What measures we can take against ransomware attacks? 

1. Extensive research underlines that a significant portion of cyberattacks find their roots in phishing emails. However, through ongoing education and training in social engineering tactics, we have the power to effectively decrease the likelihood of a data breach by as much as 70%. 

2. Insufficient software updates significantly contribute to cybersecurity breaches. It is imperative to uphold a thorough system inventory, conduct comprehensive vulnerability assessments, and apply patches promptly and consistently. 

3. Promote a practice of not reusing passwords and encourage regular password changes among employees. Employing browser-based password managers can be a beneficial tool. The implementation of MFA provides an additional level of user validation and authorization. 

4. Incorporating backups into your risk management and contingency strategies is paramount. Regularly testing and keeping backups isolated from the primary network are critical measures. It's worth noting that while backups are invaluable, they may not always provide complete protection against extortion attempts in the event of a ransomware attack. 

5. Being prepared for unexpected events is essential. A thoroughly rehearsed incident response plan, when coupled with the deployment of endpoint detection and response (EDR) tools, empowers businesses to adeptly handle cyberattacks, lessen the repercussions of a security incident, and accelerate recovery initiatives. 

Additionally, in the event of a ransomware attack, it's crucial not to give in to the extortionists' demands. Instead, we strongly advise reaching out to your local cybersecurity authority, Cyber Watch officers, or the Internet Crime Complaint Center. Remember, paying the ransom will only embolden further ransomware criminal activity.
Read more »
ScarCruft
Data Breach Data Stolen lazarus Mashinostroyeniya Data Breach Missile Program North Korea Hackers NPO Mash ScarCruft

North Korean Hackers Breach Russia’s Top Missile Maker’s Data


Reuters reported on Tuesday about a North Korea-based elite hacker group that is in a bid to steal technology by covertly breaching the computer networks of a Russian missile developer giant. Apparently, the hackers have been running the campaign for nearly five months in 2022. 

The North Korean cyberespionage group has targeted Mashinostroyeniya, a rocket design based in Reutov, Moscow. The hackers group, code-named ScarCruft and Lazarus installed covert digital backdoors into the system at NPO Mashinostroyeniya and was located by Reuters’ James Pearson and Christopher Bing.

However, it has not been made clear as to what data was acquired in the breach. In the following month, the digital break-in Pyongyang introduced several new developments in its banned ballistic missile program, while is not clear if this was in any regards to the breach.

Moreover, no official confirmation has been provided of the espionage by NPO Mashinostroyeniya officials.

About the Targeted Company

The company, commonly known as NPO Mash, specialized in developing hypersonic missiles, satellite technologies and new-generation ballistic armaments. The company was prominent in the Cold War as a premier satellite maker for Russia's space program and as a provider of cruise missiles.

According to experts, the hackers garnered interest in the company after it underlined its mission to develop an Intercontinental Ballistic Missile (ICBM), capable of bringing catastrophe to the mainland United States.

Apparently, the hackers acquired access to the company’s documents and leaked them between 2021, and May 2022. Following this, the IT engineers detected the cybercrime activities, the news agency reported. 

Hackers Read Email Traffic, Jumped Between Networks and Extracted Data from the Company 

According to Tom Hegel, a security researcher with U.S. cybersecurity firm SentinelOne, following the hack, the hackers gained access to the company’s IT environment, which enabled them to read email traffic, jump between networks, and extract data. "These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims," Hegel said.

Digging further into the findings, Hegel’s team of security analysts discovered that one of the NPO Mash IT employees unintentionally exposed his company's internal communications while attempting to investigate the North Korean attack by uploading evidence to a secret portal used by cybersecurity researchers worldwide.

Experts speculate that the data stolen by the hacker group is of great importance, however, it will take a lot more information, effort and expertise for them to actually develop a missile. 

"That's movie stuff[…]Getting plans won't help you much in building these things, there is a lot more to it than some drawings," Hegel further added.

Read more »
Zoom Security
Acoustic Attack CoatNet Cyber Attacks Data Stolen Keyboard security Keystrokes side-channel attacks Zoom Security

With 95% Accuracy, New Acoustic Attack can Steal from Keystrokes


UK universities’ researchers have recently developed a deep learning model, designed to extract information from keyboard keystrokes collected using a microphone, with 95% accuracy. 

The prediction accuracy decreased to 93% when Zoom was used to train the sound classification algorithm, still exceedingly good and a record for that medium.

Such an attack has a significantly adverse impact on the users’ data security since it is capable of exposing users' passwords, conversations, messages, and other sensitive information to nefarious outsiders.

When compared to the other side attacks that need specific circumstances and are susceptible to data rate and distance restrictions, these acoustic attacks are easier to operate because of the popularity of devices that are now equipped with high-end microphones. 

This makes sound-based side-channel attacks achievable and far more hazardous than previously thought, especially given the rapid advances in machine learning.

Listening to Keystrokes

The attack is initiated in order to acquire keystrokes on the victim’s keyboard, since the data is required for the prediction algorithm to work. This can be done via a nearby microphone or by accessing the microphone on the target's phone, which may have been compromised by malware.

Additionally, keystrokes can also be recorded via Zoom call, in which, rogue meeting attendee compares the messages entered by the target with the auditory recording of that person.

The researchers acquired training data by pressing 36 keys on a modern MacBook Pro, 25 times each, further recording the sounds produced on each press. 

The spectrogram images were used to train the image classifier "CoAtNet," and it took some trials and errors with the epoch, learning rate, and data splitting parameters to get the best prediction accuracy outcomes.

The same laptop, whose keyboard has been present in all Apple laptops over the past two years, an iPhone 13 mini positioned 17 cm from the target, and Zoom were utilized in the researchers' tests.

The CoatNet classifier gained 95% accuracy in the smartphone recordings and 93% from the content captured via Zoom. Skype, on the other, produced comparatively lower accuracy, i.e. 91.7%.

Possible Security Measures

In order to protect oneself from side-channel attacks, users are advised to try “altering typing styles,” or generating passwords with randomized keys. 

Another safety measure includes utilizing software in order to generate keystroke sounds, white noise, or software-based keystroke audio filters. 

Moreover, since the attack model proved highly efficient even against a very silent keyboard, installing sound dampeners to mechanical keyboards or shifting to membrane-based keyboards is unlikely to help in any way. 

Finally, using password managers to avoid manually entering sensitive information and using biometric authentication whenever possible also serve as mitigating factors.

Read more »
unauthorised access
Cyber Attacks cybercrime gang Data Stolen Dragos Dragos cybersecurity Dragos hacked Hacked SharePoint cloud platform unauthorised access

Dragos Hacked: Cybersecurity Firm Reveals “Cybersecurity Event”, Extortion Attempt


Industrial cybersecurity company Dragos  recently revealed a “cybersecurity event,” where a notorious cybercrime gang attempted to breach Dragos' defenses and access the internal network to encrypt devices.

The firm disclosed the incident on its blog on May 10, alleging that it took place on May 8 where hackers acquired access to SharePoint and the Dragos contract management system by compromising a new sales employee's personal email address before the employee's start date. The hacker then impersonated the employee to complete the first steps of Dragos' employee-onboarding procedure using the stolen personal information from the hack.

After infiltrating Dragos’ SharePoint cloud platform, the hackers apparently downloaded “general use data” and access 25 intel reports, generally only made available to the customers.

“Dragos' swift response prevented the threat group from achieving its objective — the deployment of ransomware — or to engage in further activity, such as lateral movement, escalating privileges, establishing persistent access, or making changes to any Dragos infrastructure[…]No Dragos systems were breached, including anything related to the Dragos Platform,” the company noted. 

Due to role-based access control (RBAC) regulations, the threat actors were unable to access several Dragos systems during the 16 hours they had access to the employee's account, including its messaging, IT helpdesk, finance, request for proposal (RFP), employee recognition, and marketing systems.

Eleven hours into the attack, after failing to break into the company's internal network, they sent an email of extortion to Dragos executives. Because the message was sent after business hours, it was read five hours later.

Five minutes into reading the extortion message, Dragos disabled the compromised user account, terminated all open sessions, and prevented the hackers' infrastructure from accessing company resources.

The cybercriminal group also attempted to extort the firm by threatening to make the issue public in emails sent to CEOs, senior employees, and family members of Dragos who have public contacts.

One of the IP addresses specified in the IOCs is 144.202.42[.]216, earlier discovered hosting SystemBC malware and Cobalt Strike, both frequently used by ransomware gangs for remote access to compromised systems.

"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," Dragos said.   

Read more »
Subscribe to: Posts (Atom)