In this issue, we delve into recent cyber threats: Fake Crypto Giveaways, UNC3944’s Ransomware Transition, Fortinet’s Updates, and Privacy Risks in Health Apps.
In addition, explore the following stories: CardX data leak, Retool’s crypto SMS attack, Gerchik Trading breach, Colombian government ransomware, ORBCOMM’s fleet services incident, and LockBit3.0’s school targets.
Learn about Dive into tech highlights including TikTok’s €345 million fine, Microsoft’s revelation of APT33’s espionage methods, the US Department of Defense’s 2023 cyber strategy, a Russian hacker’s guilty plea, and Google’s $93 million settlement over location data misconduct.
🚨 Cyber Alerts
1. TikTok Hit by Elon Musk Crypto Scams
Scammers are inundating TikTok with a wave of fraudulent cryptocurrency giveaways, primarily impersonating Elon Musk, Tesla, or SpaceX. These scams involve fake deep fake videos of Musk endorsing bogus cryptocurrency giveaways and instruct users to register on suspicious websites, enter promo codes, and even deposit Bitcoin for ‘activation.’ These malicious schemes have plagued social media for years, stealing millions from unsuspecting users and continue to proliferate, necessitating caution when encountering cryptocurrency giveaways.
2. UNC3944 Adopts Ransomware Tactics
In a strategic shift, the financially motivated threat actor UNC3944, also known as 0ktapus and other aliases, is expanding its monetization tactics to include ransomware deployments, according to Mandiant. UNC3944 initially focused on telecom and business process outsourcing sectors but has now broadened its target scope to encompass hospitality, retail, media, financial services, and more. The group employs phone-based social engineering and SMS-based phishing to steal credentials and has demonstrated a growing understanding of Western business practices.
3. Fortinet Addresses Vulnerabilities
Fortinet, a leading cybersecurity company, has recently released essential security updates aimed at addressing vulnerabilities with identifiers CVE-2023-29183 and CVE-2023-34984. These vulnerabilities have the potential to be exploited by malicious actors, enabling them to gain control over systems running FortiOS, FortiProxy, and FortiWeb.
4. Android Health Apps’ Risky Permissions
Leading Android health apps are exposing users to avoidable threats like surveillance and identity theft due to the risky permissions they request. These applications, designed for fitness, sleep tracking, mental health, and more, often demand access to sensitive data, such as location, camera, and microphone. Researchers from Cybernews have examined 50 popular health apps and found that a significant number of them request dangerous permissions that could compromise user privacy and security.
💥 Cyber Incidents
5. Thai Financial Platform CardX Data Breach
Thailand’s major digital financial platform, CardX, has exposed personal information related to personal loan and cash card applications. The breach revealed customers’ first and last names, addresses, telephone numbers, and email addresses, though the company assures that this information cannot be used for financial transactions. While CardX has taken swift measures to enhance data protection and cybersecurity, customers are advised to remain vigilant against potential fraudsters who may attempt to contact them through various means, such as phone calls, SMS, or fraudulent emails.
6. SMS-Based Attack Hits Cloud Customers
San Francisco-based software development company Retool has revealed that 27 of its cloud customers fell victim to a targeted SMS-based social engineering attack. This breach, which occurred on August 27, 2023, was exacerbated by a Google Account cloud synchronization feature introduced in April 2023, causing Retool to label it as a “dark pattern.” The attack began with an SMS phishing attempt on Retool employees, where the attackers posed as IT team members and lured one employee into clicking a seemingly legitimate link to address a payroll-related issue.
7. Gerchik Trading Data Breach Affects 166K
Gerchik Trading Ecosystem (GTE) is confronting a potential data breach, exposing the personal data of around 166,000 aspiring traders who participated in its online trading training programs between 2020 and 2022. The breach, brought to light by security researcher Volodymyr “Bob” Diachenko, has laid bare a dataset containing a wealth of information, including names, email addresses, contact numbers, encrypted passwords, IPs, geographic locations, and more.
8. Colombian Ministries Hit by Ransomware
Multiple government ministries in Colombia, including the Ministry of Health and Social Protection, the Judiciary Branch, and the Superintendency of Industry and Commerce, are dealing with the aftermath of a ransomware attack on technology provider IFX Networks Colombia. This cyberattack has severely impacted their ability to function, forcing operational changes and service disruptions.
9. ORBCOMM Ransomware Attack Impact
Trucking and fleet management provider ORBCOMM is grappling with a ransomware attack that has disrupted its services, leaving trucking companies unable to manage their fleets effectively. Since September 6th, customers have reported difficulties in tracking their transported inventory and using Blue Tree ELD devices, forcing truckers to resort to paper logs. ORBCOMM confirmed the ransomware attack, impacting their FleetManager platform and Blue Tree product line, and is working with external cybersecurity experts to investigate the incident.
10. Cyberattack on Florida School District
LockBit3.0 has targeted Hillsborough County Public Schools in Florida, boasting of acquiring 2 TB of data. While sample files released seem routine, some contain personal and medical details of students. LockBit3.0 has issued a ransom ultimatum, threatening to release all data if the school district doesn’t comply within 10 days, following a 3-day auction to private buyers. The extent of file encryption remains uncertain, despite initial reports indicating no evidence of student data compromise.
📢 Cyber News
11. TikTok’s €345M Fine for Child Privacy
The Irish Data Protection Commission has imposed a hefty €345M fine on TikTok for breaching the privacy of children aged 13 to 17 during data processing. This investigation, initiated in September 2021, scrutinized TikTok’s data handling practices from July 31 to December 31, 2020. Among the serious violations found were default public visibility settings for child user accounts, faulty ‘Family Pairing’ features, lack of transparency information, and the use of “dark patterns” that compromised user privacy.
12. Iranian APT33’s Cyber-Espionage Wave
Microsoft has disclosed that the Iranian state-backed APT group known as Peach Sandstorm, also known as APT33, Elfin, and Refined Kitten, conducted a widespread cyber-espionage campaign over six months, employing password spraying techniques from February to July 2023. This technique involves attempting to authenticate multiple accounts with a list of common passwords. While the initial attacks targeted thousands of organizations globally, subsequent phases of the campaign displayed increased sophistication, with the threat actors employing advanced cloud-based tactics and procedures.
13. DoD’s 2023 Cyber Strategy Focus
The Pentagon’s 2023 Cyber Strategy, outlined in an unclassified summary, emphasizes bolstering the cyber capabilities of allies and partners while enhancing collective resilience against cyberattacks. It focuses on providing cybersecurity infrastructure, workforce training, and support for developing essential capabilities to partners. Additionally, the strategy prioritizes defending the nation, disrupting threat actors, and securing critical infrastructure in the face of evolving cyber threats, particularly from China and Russia.
14. Google’s $93 Million Settlement
Google has reached a $93 million settlement with the California Attorney General’s Office following a lengthy investigation that revealed the company allegedly misled users about its location data practices. The investigation found that Google violated California consumer protection laws by assuring users that disabling the “Location History” setting would prevent the collection and storage of their geolocation data. However, the complaint alleges that Google continued to track and store this data.
15. Extradited Hacker Pleads Guilty
Dariy Pankov, a Russian hacker who was extradited from Georgia, has pleaded guilty to computer fraud charges related to his involvement in developing and selling the NLBrute malware. Pankov now faces a maximum prison sentence of five years, along with a forfeiture of $358,437, representing the proceeds of his criminal activities. He is accused of selling stolen login credentials on the dark web, which were used for various illegal activities, including ransomware attacks and tax fraud, netting him over $350,000 between 2016 and 2019.
Copyright © 2023 CyberMaterial. All Rights Reserved.
