Qakbot network dismantled. So many breaches.  

News

Hi folks,

The last few issues I was surprised by the low number of reported data breaches. For a moment there I had hopes, but turns out either the criminals or the reporters (or both) were just ooo. This week shows a list that's way too long for comfort.

I hope you find it interesting, that you get motivated by the clear indication that there is work to be done, and then have a wonderful weekend :-) Cheers!

Dieter Van der Stock

Breaches and leaks

  • The French agency that oversees unemployment registration and aid was breached, exposing data belonging to 10 million people: link.
  • The South African Department of Defence was compromised, a 1.6TB file with personnel details is available online: link.
  • The University of Michigan took all its systems offline to deal with an unspecified cybersecurity incident: link.
  • PurFoods, aka Mom's Meals, a US food delivery service, disclosed a data breach affecting 1.2 million people: link.
  • Ohio History Connection, a non-profit that manages sites and museums, leaked social security numbers in a ransomware attack: link.
  • Forever 21, a clothing and accessories retailer, was breached in March and took ... forever to disclose the impact to more than half a million individuals: link.
  • LogicMonitor, a network monitoring company, was breached by ransomware: [link]
  • Leaseweb, a large cloud and hosting provider, notified customers of unusual activity in their infrastructure: link.
  • Kroll, the financial and risk advisory company, was compromised through a SIM-swapping attack on one of their employees: link.
  • Sourcegraph, the code search and navigation platform, disclosed a data breach after an engineer accidentally leaked an admin access token: link.
  • Paramount Global, the entertainment giant, was breached, impacting the PII of about 100 people: link. (https://www.bleepingcomputer.com/news/security/logicmonitor-customers-hacked-in-reported-ransomware-attacks/).
  • MoveIT has now crossed the milestone of 1000 companies impacted: link.
Dieter Van der Stock

US and European agencies dismantle Qakbot network

Definitely the biggest news this week. The takedown, titled "Operation Duck Hunt", is "the largest U.S.-led financial and technical disruption of a botnet infrastructure", according to the DOJ.

The botnet consisted of over 700,000 infected machines, 200,000 of them residing in the US. It was used as an initial infection vector by several ransomware groups like Conti, REvil and many more.

The FBI was able to redirect botnet traffic through servers controlled by them, which in turn instructed the machines to download a "patch" that uninstalled the malware. They were able to do this by first taking over the computer of one of the botnet admins, where they found files with chatlogs, payment information, and encryption keys that were used to communicate with the botnet. There's a great read on this in more detail here.

Over $8.6 million in crypto currency was also seized, which victims can apply to receive a portion of.

You can find the official announcement here, and watch the FBI Director himself announce the takedown on Youtube. People can check if their devices were infected through Have I been Pwned or through the Check your hack site from the Dutch police.

therecord.media

GlitchSecure: real-time and continuous security testing

If you feel like doing a quick pentest every few quarters isn't enough, you are correct. Take a look at the combination of continuous vulnerability assessments and real-time pentesting that GlitchSecure offers. Every finding is verified by highly skilled (and wonderful) humans. (Sponsored)

glitchsecure.com

Victim records deleted after spyware vendor compromised

This is definitely a breach, but different enough that I wanted to highlight it. Several spyware vendors have recently been hacked and put out of business, seemingly in a form of vigilantism. Having those companies shut down is definitely a good thing, but the article rightfully warns against complications, for example when the spyware app stops working, the victim might get blamed.

malwarebytes.com

Microsoft joins opposition to current version of UN cybercrime treaty

There is an effort underway on the UN level to draft a treaty against cybercrime. Unfortunately, there seems to be a big divide in what countries believe the term "cybercrime" should include, how to prevent the treaty from becoming a surveillance-enabling tool, and what protections should be given to security researchers.

therecord.media

Presidential council recommends launching a Department of Water to confront cyberthreats and climate change

Interesting read on the changes that have to be made to water-related infrastructure in the US (and presumably in many other places). Among other issues, cybersecurity threats are very hard to tackle with old infrastructure, 30% of the workforce set to retire in the next 10 years, and the inability to attract cybersecurity talent when competing with the private sector.

cyberscoop.com

SEC cyber disclosure rules are taking effect: Here’s what to expect

The new SEC rules, where companies need to disclose breaches within four days and explain how they manage the risk of cyberthreats, go into effect on September 5th. If your company falls under SEC rules, you'll want to deep dive into this.

cybersecuritydive.com

Apple opens 2024 applications to get ‘security research’ iPhones

Apple announced today that iOS security researchers can now apply for a Security Research Device (SRD) by the end of October. If selected you'll get a specially-built device on a 12-month loan with certain security features disabled and with shell access. Any vulnerabilities you find are automatically considered for an Apple Security Bounty.

bleepingcomputer.com

Next Pwn2Own automotive hacking contest will offer total of $1 million in prices

There are four categories: Tesla, in-vehicle infotainment, electric vehicle chargers, and operating systems. The competition will be hosted at the Automotive World conference, which is scheduled for January 2024, in Tokyo. Remote participants will also be allowed, which is a nice touch.

securityweek.com

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

Interesting deep dive (and long read) on how a China-aligned threat group created malicious versions of Signal and Telegram. Among other things, they were able to spy on a victim's Signal communications by secretly autolinking the compromised device to the attacker's Signal device.

welivesecurity.com

The UX of 1Password is getting even better with passkeys

It's rare that increased security goes hand in hand with better user experience. Password managers have always fallen under that category for me. 1Password is working on going one step further on both the security and the UX front though, by supporting the use of passkeys. No more passwords to remember, not even a single one, and being much more secure as a result. (Sponsored)

pcmag.com

No spam, ever. We'll never share your email address and you can opt out at any time.