Cyber Weekly Digest - 2022 Week #35

Updated: Sep 9


In this week’s Cyber Weekly Digest we take a look into more ransomware attacks on government agencies and the online pet gaming website that threat actors had access to for 18 months before being detected. Keep reading to stay up to date on all the latest cyber security news.


1. The LockBit Ransomware gang is now utilising aggressive “Triple Extortion” tactics against victims.

The most-prevalent ransomware threat to businesses has upped their efforts in blackmailing their victims by introducing a new “Triple Extortion” tactic, using DDoS attacks. The Public-facing figure of the LockBit ransomware operation announced that the group is back in business with a larger infrastructure to give access to leaks unfazed by DDoS attacks. The DDoS attack last weekend put a temporary stop to leaking Entrust data and was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBit promised to share 300GB of data stolen from Entrust in a torrent so “the whole world will know your secrets”. LockBit has listed over 700 victims and Entrust is one of them, with data for the company leaked on August 27.


2. Ukraine takes down cybercrime group hitting crypto fraud victims.

The National Police of Ukraine has taken down a network of fraudulent call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds. The fraudsters behind the illegal call centers were also allegedly involved in scamming Ukrainian citizens interested in cryptocurrencies, securities, gold, and oil investments. The scammers used VoIP (Voice over IP) phone numbers to spoof their actual location whilst scamming thousands of foreign investors. The FBI states that more than $80 million were lost to cryptocurrency investment scams, according to roughly 7000 reports received since October 2020.


3. New Ransomware hits Windows, Linux servers of Chile govt agency.

Chile’s national computer security incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on August 25th and targeted Microsoft and VMware ESXi servers operated by the agency, the hackers stopped all running virtual machines and encrypted their files, appending “.crypt” filename extension. According to CSIRT, the malware was also capable of stealing credentials from web-browsers, listing removable devices for encryption, and evade antivirus detection and mitigation using execution timeouts. Chile Officials have updated their services and recovered from the attack. The ransomware attacker does not seem to have a data-leak site for double extortion yet.


4. Thousands of iOS apps found exposing hardcoded AWS credentials.

Security researchers are raising the alarm about mobile app developers relying on insecure practices that expose Amazon Web Services (AWS) credentials, making the supply chain vulnerable. Threat actors could take advantage of this to access private databases, which could lead to data breaches and the exposure of sensitive customer data. Symantec found 1859 applications containing hard-coded AWS credentials, most of them being iOS apps and just 37 for Android. One key example is a Business-to-business company providing intranet and communication services to over 15000 medium-to-large companies. The SDK (Software development kit) within the app had the AWS credentials and keys, exposing all private customer data stored on the platform. App developers need to have more responsibility when publishing their apps, otherwise everyone’s data who uses the app could be exposed to a malicious actor.


5. Neopets says attackers had access to its systems for 18 months unnoticed.

Neopets released details about the recently disclosed data breach incident that exposed personal information of more than 69 million members, findings of this investigation revealed that attackers had access to Neopets IT systems from January 3, 2021 until July 19, 2022. The company learned about the breach only after a hacker offered to sell a Neopets database for 4 BTC (Bitcoin) where the attackers claimed that the database contained 490 MB of source code and sensitive personal information of 69 million members. The data leak was later found to have included, email addresses, usernames, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player’s pet, gameplay, and other information provided to Neopets. Neopets is now looking into multi-factor authentication and enhanced network monitoring to prevent an attack like this from happening again.


18 views