Cyber Weekly Digest - Week #15
In this week's digest read about the latest cyber security stories, including how 533 million Facebook users' personal information was posted on a hacker forum, and attackers exploiting unpatched Fortinet devices with a new ransomware strain named Cring. Keep reading to get all the information you need.
Perhaps the biggest story of 2021 is Facebook's data leak of 533 million Facebook users on a hacker forum. The data leaked is now accessible to anyone for under $3, or essentially free, and includes Facebook user mobile phone numbers, Facebook ID, name and gender information. Facebook has since released a public statement confirming what they believe to be the cause of the incident; the company states that the leak resulted from the bulk scraping of profiles using a large set of phone numbers linked to these profiles, rather than hacking the platform. Facebook still faces an investigation by some regulators in the European Union and could face fines over the incident. Ireland's Data Protection Commission (IDPC) is the first watchdog group to say it's looking into the matter because of its possible infringement of GDPR. It states that companies must disclose data breaches within a certain period of time or face penalties.
Researchers have found a fraudulent app that promises global "unlimited entertainment" and two months of a premium Netflix subscription for free due to the pandemic. According to the researchers, the malware can propagate further via malicious links, steal WhatsApp conversation data, and spread false information or harmful content through the messaging service when installed on Android devices. Approximately 500 victims were claimed by FlixOnline before detection, over a period of roughly two months, and it is likely the malware will appear again.
Researchers say the attackers exploit an unpatched path-reversal flaw, tracked as CVE-2018-13379, in Fortinet's FortiOS. The goal is to gain access to victims enterprise networks and ultimately deliver ransomware. Industrial enterprises in Europe are the campaign's target, which forced a shutdown of industrial processes in at least one of its victims' networks. Cring is relatively new to the ransomware threat landscape; it is unique. It uses two forms of encryption and destroys backup files to antagonise victims and prevent them from retrieving backup files without paying the ransom.
Researchers warn LinkedIn users to beware of unsolicited job offers after revealing a new spear-phishing campaign designed to install Trojan malware on their devices. Individuals are being targeted with customised files named the same as their current role. Once the fake job offer has been opened, a stealthy installation of the fileless backdoor "more_eggs" is initiated. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim's computer. The threat group behind more_eggs, Golden Chickens, sell the backdoor under a malware-as-a-service arrangement to other cyber-criminals.
This week a European Commission spokesperson confirmed an "IT security incident" had impacted multiple EU institutions, bodies, or agencies' IT infrastructure. No "major information breach" was detected so far, but the incident is still being investigated. There is no information currently on the threat actor behind the attack. This attack is not surprising as other EU organisations have been attacked recently, including the European Banking Authority's attack last month.