This week in Cyber Crime – 30 / 10 / 2020

After falling prey to a ransomware threat, cybersecurity start-up Cygilant finds itself in hot water. It is suspected that Cygilant is the new survivor of ransomware from NetWalker. Screenshots of internal network files and folders suspected to be affiliated with Cygilant were posted by a Dark Web site affiliated with the NetWalker ransomware community. If they paid the ransom is unclear, but the Dark Network listing is gone.

Between June 13 and June 17, a newly-announced security violation happened at Roper St. Francis Hospital. By accessing an employee ‘s email in an alleged phishing incident at the Charleston, SC hospital, an intruder was able to obtain access to a treasure chest of healthcare data. Names, birth dates, extensive medical histories, health documents, and Social Security numbers were included in the patient information that was compromised.

The Jewish Federation of Greater Washington’s cyber attack gave cyber offenders a solid payday. Bad actors were able to break in to a protected user account via the home WiFi of an employee and steal a whopping $7.5 million. A technology consultant who found suspicious behaviour in an employee’s email address discovered the breach on August 4. The evaluation suggests the, as early as the first months of summer, the hacker had access to the machine long before stealing the money. There are 52 jobs in the organisation.

Cybersecurity experts uncovered a freely available Amazon Web Services (AWS) server that belongs to Display Media, filled with more than 38 million US customer data, including their full names, email and street addresses , phone numbers, and ZIP codes. The details contained 700 statements of job documents contained in PDF files for targeted email and direct mail advertisement promotions, and 59 CSV and XLS files containing a total of 38,765,297 records of US residents, of which 23,511,441 records were unique. The bucket also held thousands of files that were targeted by the marketing company’s promotions for different marketing items, such as banner advertising, emails, and promotional flyers organised by locations and ZIP codes.

A misconfigured Amazon S3 Bucket is blamed for a nasty data leak involving Telnet, and is used for inmate communications by the Getting Out app creators. The software is typically regulated by gaol authorities (which costs an exorbitant fee of up to $0.50 a minute for relatives to interact with their imprisoned loved ones), but the data leaked is the kind of particularly confidential personal details such as whether a prisoner identifies as transgender, their marital status, prescribed medication they take, and their religion. The group, part of the Global Tel Connection family, is blaming the incident on a third party vendor. Experts claim 11,210,948 reports of prisoners and 227,770,157 messages have been revealed. Although Telnet insists that no patient records, passwords, or user payment information has been affected, the data that has been readily accessible via this unsecured bucket is potentially personal harm and opens up identity fraud and extortion threats to inmates and their

A suspected ransomware attack left Northumbria University reeling, which caused it to reschedule tests and shutter its entire campus. The college announced that it is conducting a reconstruction and rehabilitation process, but that for some time during a especially significant part of the educational year, students will not have access to the student site, blackboard, and possibly other university platforms.relatives, as well as targeting hate crime.

Magecart skimming was in operation at Warner Music from April 25 to August 5 in a just-disclosed leak. Warner Music said that hackers infiltrated “a variety of US-based e-commerce websites” that were “hosted and operated by an external service provider.” The information searched out by the cybercriminals included names, email addresses , phone numbers, billing addresses, shipping addresses, and payment card data (card variety, CVC / CVV, and expiry date) for account holders and guests who placed it.

The Australian government department Service New South Wales (NSW) reported that the personal data of 186,000 consumers were compromised by a recent attack. Hackers were able to obtain access to 47 email addresses for workers, allowing them a pass on a massive amount of details. In April 2020, 738 GB of data comprising of 3.8 million records was stolen from e-mail accounts. Service New South Wales claims that internal documentation such as handwritten notes and forms, scans, and reports of transaction applications make up the stolen evidence. There was no indication that during the cyber attack, individual MyServiceNSW account data or Service NSW accounts were hacked.

A Netwalker ransomware attack targeted Dirección Nacional de Migraciones, Argentina’s border control department, which caused the border crossing to and from the country to be disrupted for four hours on 27 August. Systems were shut down after a suspiciously high number of requests for help with irretrievable Office files started seeking tech assistance from the department. Government officials stated that they would not accept the ransom and would not bargain with ransomware operators from Netwalker, who are now seeking a ransom of $4 million (up from $2 million following the first deadline for the cybercriminals).

Tesla’s ransomware attack attempt is a crazy trip that leaves company owners with concerns.
Tesla dodged a bullet this week in a tale of so many twists and turns that it seems like an adventure film, as FBI investigators announced that it was the victim of a brazen insider threat / ransomware / nation state attack.

According to news, at its Gigafactory near Reno, Nevada, a potentially state-backed Russian cybercrime group tried to pay a $1 million Tesla employee to mount malicious ransomware code intended to steal corporate secrets and shut down Tesla ‘s activities.

In its cybersecurity strategy, any firm must consider insider threats.

Money speaks, and there’s always a chance of someone falling victim to the siren song of a bribe. There can be several motivators for a dishonest insider. Often it’s simple greed, sometimes its extortion, and sometimes it’s simply an employee wanting to pay for what their family wants in a poor location. No matter whether the worker is able to take the money of a cybercrime gang, it is the organisation the loses.

These workers were deliberately hired to do this job by bad actors who wanted to snatch the confidential secrets of Tesla, destroy their business, score a major payoff, and make a splash in the field of hacking. If the business was lucky that its workers were not drawn in by the sales pitch of the cybercriminals, relying on employee satisfaction to escape insider attacks is not a powerful defence strategy-you need to do a bit more.