Cyber Weekly Digest - Week #7
In this week's digest we look at how a hacker attempted to poison the water supply of a town in Florida and a ransomware attack on the Cyberpunk 2077 videogame developer. Keep reading to find out about the biggest cybersecurity stories from around the world this week.
Most talked about this week was the HelloKitty ransomware attack on CD Projekt Red. When CD Projekt announced the attack, they stated that they would not be giving in to the ransom demand and are restoring from backups. Threat actors are now auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they stole in the ransomware attack. The starting price for this auction is $1 million with bid increments of $500,000 and a 'blitz' or buy now cost of $7 million.
The attackers used their access to victims' phone numbers to takeover various accounts linked to their mobile devices and change the passwords. This allowed attackers to post on social media, send messages masquerading as the victims, and steal money from bank and Bitcoin accounts and personal information, including synced contacts. In this campaign, those arrested are suspected of targeting "well-known influencers, sports stars, musicians and their families.".
Cybercriminals have been found using a novel approach to exfiltrate data by directly injecting malicious Google Chrome extensions onto victims' Windows machines via the abuse of Google's cloud syncing function. The malicious add-on is disguised as a "Forcepoint Endpoint Chrome Extension for Windows," with the attackers using the security company's logo to appear legitimate. Attackers were able to steal information from users' internal extensions by setting up a behind-the-scenes "chat" between the malicious extension and other web apps.
At the beginning of the week, Hacktivists poisoned the DNS records of several Sri Lankan websites and redirected users to a web page highlighting social issues in the local area. Most of the affected domains were websites for local businesses and news sites, two high-profile domains for Google.lk and Oracle.lk, were also impacted. The webpage users were redirected to highlights issues with the local tea-growing industry, freedom of the press, the alleged corrupt political class and judicial system, racial, minority, and religious issues.
The most talked-about story this week was how an attacker hacked into the computer system of a water treatment facility in Oldsmar, Fla., and tried to poison the town's water supply by raising the levels of sodium hydroxide, or lye, in the water supply. The attack happened just two days before NFL's Super Bowl LV was held nearby in Tampa Bay. The attack is a reminder of the impact a breach can have on public services.