Overview of Security Incidents For The Period 9-15 January 2021

A brief overview of the main events in the world of information security over the past week.

Read about the malware campaign against Android and Windows users, learn more about the SolarWinds cyberattack and other security incidents from January 9-15, 2021 in our review.

As Hackers Review reported on Saturday, January 9, an announcement on the sale of a database containing data from 1.3 million registered users of the hyundai.ru website appeared on the darknet forum. According to the seller, the database contains full name, phone numbers (home, work, mobile), addresses, e-mail addresses, vehicle data (brand, VIN number), etc. The database is available in SQL dump format.

Ubiquiti Networks warned about possible data leakage of its customers . As a result of unauthorized access to some of the company's IT systems, usernames, email addresses and hashed passwords, additionally protected with salt, could be compromised. In addition, addresses and phone numbers could be affected, if the user provided them.

According to the European Medicines Agency (EMA), the hackers have published some data on the coronavirus infection (COVID-19) vaccine from Pfizer and BioNTech, stolen from its servers in December last year. In particular, email screenshots, EALS peer review comments, Word documents, PDFs and PowerPoint presentations were published.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a series of successful cyber attacks on a range of cloud services. According to the CISA notice, attackers carried out phishing attacks and took advantage of the fact that employees of many organizations do not adhere to digital hygiene rules.

Mimecast, an international cloud-based email management company for Microsoft Exchange and Microsoft Office 365, reported that cybercriminals compromised a digital certificate provided to customers to securely connect Microsoft 365 Exchange accounts to Mimecast services. The certificate is used to validate and authenticate the Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products for Microsoft 365 Exchange Web Services. The consequence of such a compromise can lead to a MitM attack.

The Distributed Denial of Secrets (DDoSecrets) activist group has released 1 TB of ransomware victims, including over 750,000 emails, photos, and documents from five companies. The information was collected by the operators of the ransomware in the course of malicious operations. According to DDoSecrets co-founder Emma Best, disclosing evidence of possible corporate malfeasance and even the intellectual property that may be contained in leaked documents will benefit society.

Google has revealed a sophisticated cybercriminal operation targeting Android and Windows users that was discovered by Google at the beginning of last year. As a point of entry into the attacked system, the hackers used both known and previously unknown vulnerabilities in Google Chrome. They then deployed system-level exploits to gain more control over the victim's device.

ESET specialists have uncovered an ongoing cybercriminal campaign in which cybercriminals are carrying out cyberattacks against government and private organizations in Colombia. In particular, hackers are interested in enterprises in the energy and metallurgical industries.

On Sunday, January 10, it became known about the attack on the Central Bank of New Zealand. Unidentified hackers gained unauthorized access to the regulator's file sharing service through a third-party data exchange service that the bank uses to store and transmit important information.

As mentioned above, new information has emerged over the past week related to the SolarWinds cyberattack. For example, in addition to Sunburst and Teardrop , a third backdoor called Sunspot was discovered in the update for the Orion platform . As explained by the new CEO of SolarWinds, Sudhakar Ramakrishna, this highly sophisticated malware was designed to inject Sunburst malware into the SolarWinds Orion platform without arousing suspicion from the software development and assembly teams.

It also became known that as a result of the SolarWinds hack , classified US court documents were leaked, which could have a huge impact on the US sanctions against so-called "government" hackers. The potentially compromised documents contain information about upcoming criminal charges against Russian cybercriminals, shedding light on how the identities of the accused were identified.

In the Network appeared web-site called SolarLeaks, where put up for sale data, which, according to vendors, were stolen from the company as a result of cyber attacks on SolarWinds. In particular, the seller offers data allegedly belonging to Microsoft, Cisco, FireEye and SolarWinds itself.

Previous Post Next Post