Cyber Weekly Digest - Week #7

In this week's digest we look at how a hacker attempted to poison the water supply of a town in Florida and a ransomware attack on the Cyberpunk 2077 videogame developer. Keep reading to find out about the biggest cybersecurity stories from around the world this week.

1. Videogame developer CD Projekt Red suffered a ransomware attack

Most talked about this week was the HelloKitty ransomware attack on CD Projekt Red. When CD Projekt announced the attack, they stated that they would not be giving in to the ransom demand and are restoring from backups. Threat actors are now auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they stole in the ransomware attack. The starting price for this auction is $1 million with bid increments of $500,000 and a 'blitz' or buy now cost of $7 million.

2. Ten men were arrested for their involvement in a series of SIM swapping attacks which targeted celebrities.

The attackers used their access to victims' phone numbers to takeover various accounts linked to their mobile devices and change the passwords. This allowed attackers to post on social media, send messages masquerading as the victims, and steal money from bank and Bitcoin accounts and personal information, including synced contacts. In this campaign, those arrested are suspected of targeting "well-known influencers, sports stars, musicians and their families.".

3. Cybercriminals have used a fake 'Forcepoint' Google Chrome extension to hack users.

Cybercriminals have been found using a novel approach to exfiltrate data by directly injecting malicious Google Chrome extensions onto victims' Windows machines via the abuse of Google's cloud syncing function. The malicious add-on is disguised as a "Forcepoint Endpoint Chrome Extension for Windows," with the attackers using the security company's logo to appear legitimate. Attackers were able to steal information from users' internal extensions by setting up a behind-the-scenes "chat" between the malicious extension and other web apps.