Category: data breach

Orange España, the second-largest mobile operator in Spain, fell victim to a cyber-attack earlier this month, resulting in a disruption of mobile services lasting over three hours. Subsequent investigations by a group of security researchers unveiled that the assailants, identified as the hacking group “Snow,” successfully breached Orange España’s RIPE Network Coordination Centre. This intrusion led to configuration errors in the public key infrastructure and border gateway protocol.

In the aftermath, a study conducted by Resecurity uncovered that the cyber-attack also resulted in the compromise of credentials for more than 1572 computer networks. Among the affected entities were a Kenya-based IT firm, a sizable IT firm in Azerbaijan, and a multinational data center in Africa.

The attackers executed a password theft campaign by deploying data-stealing malware such as Lumma, Azorult, Vidar, Redline, and Taurus within the organizational networks. These malicious programs targeted credentials used by data center administrators, ISP engineers, telecom administrators, network engineers, IT managers, and technology outsourcing companies.

Such network compromises often pave the way for ransomware attacks and the unauthorized extraction of intellectual property.

Typically, threat actors either sell the pilfered data for $10 each or collaborate with other cybercriminals to profit from activities like phishing attacks. Notably, Orange España had previously disclosed details of the Aadhaar data breach affecting over 850 million Indian citizens in October 2023.

In response to these escalating cybersecurity challenges, Resecurity has initiated a partnership with Cybercrime Atlas to combat global cybercrime networks. This collaboration, announced at the World Economic Forum’s Center, involves expertise from more than 40 public and private entities working together to provide technical support for this groundbreaking project.

The post Orange Espana data breach leads to more ransomware attacks appeared first on Cybersecurity Insiders.

This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain's motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC Technology Editor Zoe Kleinman.

Yesterday, the security team at Cybernews announced what will likely prove to be the largest data breach of all time. In joint effort with security researcher Bob Dyachenko, the Cybernews team found an open instance on the web containing billions of exposed records. This breach, amounting to an incredible 12 terabytes of information and 26 billion records, is being dubbed as the Mother of All Breaches—MOAB for short. 

From Twitter and LinkedIn to Adobe and Wattpad and many more, leaked data from these major online brand names were found included in the MOAB instance. Tencent, the Chinese messaging app, was the one with the largest number of exposed records—1.4 billion alone. Additionally, records from global governmental organizations were also found.  

Greg Day, SVP and global field CISO at Cybereason, commented that: “As we head towards 6 years of GDPR, it’s clear that numerous businesses face challenges in promptly detecting increasingly intricate cyber-attacks, with the average response time often extending to hundreds of days.” 

As a result, the combined records of all these consumers are now exposed to anyone on the web. And, while a lot of this information likely originated from previous breaches, there is undoubtedly some as-of-yet unseen data in the mix too.  

The person—or persons—behind the MOAB is one of the questions that remains. It could be a threat actor or an access broker. In short, it is likely someone with an interest in having easy access to so many billions of records.  

Even though the MOAB might contain duplicated data in some cases, it hardly diminishes the impact. The consequences facing consumers following this breach cannot be understated. For hackers, this treasure trove of a data-mine will become an incredibly easy way to source PII (Personally Identifiable Information) on their targets. 

According to Paul Bischoff, Consumer Privacy Advocate at Comparitech, “With a single query, a hacker could find out everything about you that’s been leaked online, from old passwords to your hobbies and interests. These databases will only get more complete as time goes on, making it harder for victims to fend off fraud and other crimes.” 

And this information could be used maliciously for phishing, credential-stuffing, and personal identity theft. 

The implications of this could prove to be immense. Indeed, considering many consumers reuse usernames and passwords across multiple online platforms, the fallout of this MOAB could be even more far-reaching than it already is. 

Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, agrees, explaining that, “The potential consumer impact of the MOAB is unprecedented, with the researchers highlighting the risk of a tsunami of credential-stuffing attacks. This threat is particularly potent due to the widespread practice of username and password reuse.” 

So, what can be done in response to this? Can anything be done?  

According to Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, the lack of data privacy is almost a given at this point. “I think most people in this world now correctly think that at least some portion of their personal information is available on the Internet. It’s a sad fact of life and I wonder how it impacts younger people and society overall to grow up in a world where our private information is no longer private.” 

But that doesn’t mean it’s hopeless.  

Chris Hauk, Consumer Privacy Champion at Pixel Privacy, suggests some integral ways that users can protect themselves. “I have long urged all internet users to act as if their personal data is available somewhere on the web. This means users should double check their login information for every site… Users should also stay alert for phishing emails, text messages, and phone calls from parties using the data in the database.” 

 

It’s also important that concerned individuals check whether their personal information is involved in the breach. This can be done with the handy personal data check tool on the Cybernews site. By inputting an email or phone number, consumers may find out if any of their related PII is exposed online.  

 

Tamara Kirchleitner, Senior Intelligence Operations Analyst at Centripetal, adds that it isn’t just individuals that need to be on guard, but organisations too.  “It’s crucial for organizations to prioritize data protection and invest in comprehensive cybersecurity strategies. This includes awareness training, secure password managers, security audits, robust encryption, and incident response plans.” 

 

Tom Gaffney, a Cybersecurity expert at F-Secure: “A case like this emphasises the need for individuals to be proactive in safeguarding their data and understanding how to reduce their risk. Research that we recently conducted found that almost a third of Brits (29%) don’t know what action they can take to mitigate the risks of their data being compromised.” 

The outlook following the Mother of All Breaches is, admittedly, dire. But only time will tell how it all unfolds. In the meantime, if at-risk consumers and organizations take the appropriate steps today, there may be a chance for us all, collectively, to come out unscathed.  

 

The post ‘Mother of all breaches’ uncovered after 26 billion records leaked first appeared on IT Security Guru.

The post ‘Mother of all breaches’ uncovered after 26 billion records leaked appeared first on IT Security Guru.

Has the British Prime Minister been caught secretly profiting from a cryptocurrency app? Were 23andMe right to blame their users after a data breach? And Indian men have hard feelings after falling for a money-for-sex scam. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.
Hackers are believed to have successfully accessed several weeks' worth of sensitive video and audio recordings of court hearings, including one made at a children's court where the identities of minors are supposed to be particularly critical to protect. Read more in my article on the Hot for Security blog.

Recently, the court systems of Victoria State in Australia fell victim to a cyberattack, and suspicions point towards a Russian ransomware gang. The IT staff of the court systems reported a fraudulent infiltration on December 21, 2023, revealing that audio and video recordings related to sensitive cases were pilfered by hackers.

While the full extent of the impact is yet to be disclosed pending an ongoing investigation, it has been confirmed that the hackers accessed details concerning transcription and recording services spanning from November 1 to December 21, 2023.

Initially, the focus was on a Russian ransomware gang known as BlackCat/ALPHV as the possible culprits. However, law enforcement is also exploring the motive behind the cybercriminals’ specific interest in stealing audio and transcription data, excluding other information like staff salary details.

Louis Anderson, the CEO of Court Services Victoria, assured the public that more information will be shared with the media once the investigation by law enforcement concludes. As of now, there is no information regarding any ransom demands, and the motive behind the attack remains unclear.

Typically, hackers employing file-encrypting malware seize data and encrypt entire databases, demanding a ransom for decryption. They often threaten to sell the stolen data to the highest bidder. However, in this case, the cybercriminals focused on extracting a specific dataset generated within a designated timeframe.

Given Australia’s support for Ukraine through financial and essential aid, there is speculation that the Russian government may have orchestrated the attack to pressure the Albanese-led Australian government to cease its support for the government led by Volodymyr Zelensky. Despite this setback, court proceedings are expected to resume normally in January 2024, as the affected systems have been isolated to prevent the spread of malware.

The post Australia Victoria State Court System data breach by Russia appeared first on Cybersecurity Insiders.

The Telegram messaging app has emerged as a hub for criminal activities, serving as a platform for data exchange among various illicit networks. Criminals, ranging from drug and child traffickers to cybercriminals, are increasingly utilizing Telegram to facilitate their nefarious operations.

One recent instance of cybercrime involves the distribution of hacked intimate CCTV videos, which are being sold on the platform. These videos, featuring content from bedrooms, are in high demand, with a dedicated Telegram channel named Vnexpress offering them for sale. The videos are priced at $3 per clip, and subscription options for quarterly, half-yearly, and annual plans are available at a cost-effective rate of $29.

Particularly disturbing is the demand for videos containing intimate moments from bedrooms, shedding light on the perverse interests of those purchasing such content. The Vnexpress channel, operating out of Russia, specializes in selling these compromising videos, exposing the private lives of families and businesses in Vietnam.

Notably, certain videos showcase bedroom footage of couples from countries like Canada, the United States, Australia, and Britain. The content is allegedly hacked from CCTV cameras installed in hotels and resorts, commanding prices ranging from $16 to $19 per clip.

Hackread.com, an online news resource, has highlighted that surveillance camera footage from homes in Vietnam is contributing to the content available to these criminal groups. The public is urged to refrain from installing CCTV cameras in sensitive areas like changing rooms, trial rooms, bedrooms, and bathrooms, as this footage becomes a valuable resource for criminals. Despite global prohibitions on the installation of cameras in such private spaces due to privacy concerns, it seems that individuals continue to neglect these regulations.

In light of these developments, there is a growing call for Telegram to implement stringent measures to monitor and control illicit activities on its platform. Major social media platforms such as Facebook, Twitter, and Google employ AI technology to combat the spread of various crimes, and it is hoped that Telegram will follow suit to effectively curb criminal activities within its user base.

The post Vietnam hacked CCTV videos selling like hotcakes on Telegram appeared first on Cybersecurity Insiders.

BSNL, or Bharat Sanchar Nigam Limited, a government-funded telecommunications service provider operating nationwide in India, has recently fallen victim to a cyber attack resulting in the exposure of records belonging to more than 2.9 million users. The alleged perpetrator, a threat actor known as “Perell,” has claimed responsibility for the incident, stating that additional information will be leaked onto the dark web due to the company’s failure to meet their demands promptly.

Despite the severity of the situation, the central public sector undertaking has not officially confirmed the attack on its servers. The organization has assured the public that it will provide further details after a thorough investigation conducted by the Government of India.

Initial reports on the BSNL data breach suggested a ransomware attack, but Perell clarified on social media that the incident involved data siphoning and selling on the dark web rather than a ransomware infection.

This is not the first time BSNL has faced cybersecurity challenges. In 2012, an Indian hacker targeted the Madhya Pradesh BSNL website, gaining access to the national network with disruptive intentions. A more serious incident occurred in July 2017, when malware was introduced into the central repository through the Karnataka telecom website. The malware aimed to disrupt modem operations nationwide, successfully affecting over 60,000 modems and causing weeks-long internet outages. Subsequent investigations led to a government probe, and BSNL issued advisories urging users to change default passwords on modems to prevent similar incidents.

Technically struggling, BSNL finds itself teetering on the edge of closure and currently relies on funding from the BJP-led Narendra Modi Government to sustain its operations. The company’s inability to keep pace with private telecommunication competitors like Airtel, Jio/Reliance, and V! is attributed to slow adoption of 4G and 5G technology trends. Additionally, BSNL’s services have been criticized for their subpar quality across all states in the Indian Subcontinent, further contributing to its market decline.

The post India BSNL data breach exposes 2.9 million user records to hackers appeared first on Cybersecurity Insiders.