Organizations across various industries and sizes are facing an uptick in cyber threats that can have severe consequences for both individuals and businesses due to the increasing amount of sensitive information stored online. Here are this week’s top headlines to keep you informed of the latest security incidents and data breaches.
Cyberattack Cripples Ticket Sales at the Philadelphia Orchestra And Kimmel Center
The threat actors targeted the websites of the Philadelphia Orchestra, including its home venue, which remained down days after they issued a notice saying they suffered a cyberattack. Recently, the Kimmel Center said ticket sales were affected by the cyberattack without providing further details. Philadelphia Orchestra’s spokesperson did not respond to requests for comment.
“As we work to resolve the issue, we assure patrons that all Campus [at the Kimmel Center] performances will proceed as planned, and our security personnel are working as intended to safeguard sensitive data,” the organizations wrote.
The Orchestra created a temporary portal to facilitate ticket sales, and people confirmed that tickets were available in person. Arts venues like the Kimmel Center also hold the Philadelphia Ballet and the Broadway shows and are ripe targets for cybercriminals eager to hold critical systems like ticketing hostage.
Chinese Hackers Target And Infiltrate South American Diplomatic Networks
Microsoft’s security teams spotted DEV-0147 (a Chinese state-sponsored threat actor) targeting South American diplomatic entities with PoisonPlug, or the ShadowPad remote access Trojan (RAT).
Microsoft shared its findings on Twitter, saying the cybercriminals’ new campaign signifies a notable expansion in the group’s data exfiltration operations. The DEV-0147 group previously targeted think tanks and government agencies in Asia and Europe.
From a technical standpoint, Microsoft said it observed DEV-0147 deploy ShadowPad (a RAT linked to other China-based actors) for persistence and QuasarLoader (a webpack loader) to download and execute additional malware.
“DEV-0147’s attacks on South American entities included post-exploitation activity involving the group abusing the on-premises identity infrastructure for lateral movement and recon. Threat actors also used Cobalt Strike for data exfiltration and command and control,” reads one of the Twitter posts.
Tonga – The Latest Pacific Island Nation To Become A Ransomware Target
On Monday, Tonga’s state-owned telecommunications firm warned its customers that it was hit with ransomware. Tonga Communications Corporation (TCC) published a notice on Facebook stating the attack may slow down its administrative operations.
“We have confirmed a ransomware attack to encrypt and lock access to part of TCC’s system. It does not affect the voice and internet service delivery to our customers. Still, it can slow down the bills delivery process, connecting new customers, and managing customers’ inquiries,” the firm said.
The Polynesian country comprises 171 islands with a 100,000 population. TCC has a majority (70%) market share of dial-up and broadband internet and controls all of the country’s fixed telephone lines. With over 300 employees, it offers the UCall service to manage most mobile phone services.
In an advisory last year, the CISA had warned that Medusa group operates as a Ransomware-as-a-Service (RaaS) model and gives its affiliates 60% of ransoms while keeping the rest.
Over 500 Cricket Stars Hit in a Passport Breach, from Wasim Akram To Ian Bell
Some all-time greats and current cricket superstars had their passport information exposed after a cybersecurity expert said he discovered a batch of the players’ personal data online. West Indies and Pakistan legends Chris Gayle and Wasim Akram were among the over 500 famous cricketers affected by the breach. Other players included current stars like Pakistan captain Mohammad Babar Azam and the big-scoring England batsman Ian Bell.
Etizaz Mohsin, a U.K.-based researcher, shared his findings with Forbes and said that the breach might affect Indian, New Zealand, and Afghan players also. While most passports were valid at the time of discovery, some had expired.
Forbes validated the integrity of the data discovered by Mohsin after Eoin Morgan (representative for England international) and Rashid Khan (representative for Afghanistan) confirmed the legitimacy of passport images for the two players. England stars Ian Bell and Henry Brookes’ managers also confirmed their passport details were correct.
The data appears to be linked to the teams involved in the Abu Dhabi T10 competitions and the Pakistan Super League. Often, cricketers provide their passports and other personal data to event organizers to get registered to play and access the grounds.
The Latest Mirai Variant V3G4 Exploits IoT Devices to Carry Out DDoS Attacks
The Palo Alto Networks’ Unit 42 identified the latest variant of the famous Mirai malware, previously responsible for several large-scale DDoS attacks on Dyn DNS in October 2016. Dubbed V3G4 by IT security researchers, it is a malware type that explicitly targets Internet of Things (IoT) devices. Like the original Mirai botnet, V3G4 exploits default data login credentials like usernames and passwords and infects IoT devices.
In the campaign tracked by the researchers, exposed IP cameras were one of the prime targets of the V3G4 malware. The malware uses the exposed devices and servers to create a powerful botnet, which hackers use to launch DDoS attacks or perform other malicious activities, like stealing data or installing malware.
According to Unit 42’s report, experts observed that the V3G4 malware was leveraging several vulnerabilities to expand from July to December 2022. Individuals and organizations must follow phishing protection best practices for securing IoT devices to protect against V3G4 and other similar IoT malware.
It includes changing default usernames and passwords, disabling unnecessary protocols and services, and updating the software with the latest security patches.
Fake Hogwarts Legacy Cracks Available for Download, Lead to Adware, Scams
Hogwarts Legacy, the much-awaited Harry Potter video game, finally landed on major gaming platforms, and we saw websites peddling free “cracked” versions of the game since the game came with a steep price tag.
Cracked games are games made playable via tampering or file modification and are generally available for free. They are pirated games, which are illegal in some states. Stefan Dasic, a Malware Intelligence Analyst, analyzed the websites claiming to share the game’s cracked PC version.
One website, games-install[.]com, asked users to enter an activation key after downloading the “game.” The website asked them to take a survey and verify themselves to access the key. The survey asks the user to enter their personal details, but the victim never gets to play the game!
AI Image Editing Tool Cutout.pro Leaks User Images and Data
Cybernews recently discovered the web-based AI image editing tool, Cutout.pro leaked 9GB worth of user data, including usernames and images. Researchers at Cybernews found an open ElasticSearch instance with 22 million log entries referencing usernames, including business accounts and individual users.
However, the number of affected users is unclear since the log entries contained duplicates. The instance also included information on the number of user credits (a virtual in-game currency) and links to Amazon S3 buckets, which stored the generated images.
The incident does not come as a surprise because AI-powered tools have become common due to ChatGPT’s massive success. Google has also jumped into the competition with its Bard AI tool.
The Hong Kong-based visual design platform enables users to generate images or manipulate photos using an AI-based API (application programming interface). The functionality allows for its integration into third-party apps.
‘Phishing’ Scam Costs An Ohio City $219,000, its Finance Director His Job
Phishing-scam training is today a commonplace requirement in workplaces, but not everyone is adhering to its importance. An accounting assistant working for the Columbus suburb of Hilliard, a small Ohio city, was hooked when emails from a fake vendor landed in the mailbox.
The sender pretended to be an existing vendor and tricked the finance worker into changing bank-routing information for him.
A day later, $218,992.06 got deducted from the city’s account. City officials explained to The Columbus Dispatch, a USA TODAY Network member, that such actions are part of an accounting assistant’s everyday work. Still, it required a verification protocol that was not followed. City Manager Michelle Crandall said the city is committed to finding the perpetrator.
“We are thoroughly reviewing the finance department’s accounts pay protocols, including determining why an employee did not follow the required protocol that could have prevented this scam.” The city’s human resources department is investigating the scam with the assistance of legal counsel.