October 2023 was a busy month for cybersecurity news, with a number of high-profile attacks and data breaches reported. In this post, we’ll summarize some of the top cybersecurity news stories from the month for you, so you can stay informed about the evolving cybersecurity landscape.
Spanish Authorities Arrest 34 Cybercriminals Involved in Data Theft from 4 Million Individuals
The Spanish National Police has taken down a cybercriminal organization involved in a wide range of computer scams that targeted over four million individuals. This operation involved 16 targeted searches and the arrest of 34 group members across multiple cities in Spain. During the police raids, firearms, luxury cars, cash, and computers containing data on four million people were seized.
The arrested individuals were linked to email and SMS phishing schemes, including impersonating delivery companies and utilities. They also used deceitful ‘son in distress’ calls to extort money from parents and rerouted merchandise by exploiting an insider’s position in a tech company. Their scams were diverse, with one involving a false loan scheme where they stole customer data from financial institutions and tricked victims into providing sensitive information on phishing sites.
The group’s estimated profit from these activities amounted to €3,000,000, which was funneled into cryptocurrency investment platforms. Law enforcement continues to work on identifying more culprits and victims in the coming months.
Seiko watch company data breach exposes 60,000 records
Japanese watch company Seiko confirmed on 25th of October 2023 that a data breach exposed the personal information of 60,000 customers. The breach occurred in August 2023, but was not discovered until October.
The Seiko data breach is believed to have been caused by a vulnerability in the company’s website. The hackers were able to exploit the vulnerability to gain access to Seiko’s customer database. The company has taken steps to fix the vulnerability in its website and has notified the affected customers of the breach. The company has also offered them free credit monitoring services.
Cloudflare reports a significant surge in HTTP DDoS attacks
The latest quarterly report from Cloudflare, released on 26th of October, reveals that the third quarter of 2023 witnessed a significant surge in HTTP distributed denial-of-service (DDoS) attacks, marking a 65% increase compared to the preceding quarter. Additionally, layer 3/4 DDoS attacks, which focus on compromising infrastructure resources, saw a 14% rise over the same period. The analysis revealed that gaming and gambling companies were the primary targets of DDoS attacks, likely due to the lucrative nature of these industries and their persistent vulnerabilities.
Interestingly, various regions experienced different attack patterns, with the software sector and farming industry being the most targeted in North America and Latin America. Cloudflare played a vital role in thwarting nearly 140 billion daily cybersecurity threats, including a record-breaking DDoS attack peaking at 201 million requests per second. As a result, organizations are encouraged to implement automated HTTP DDoS Protection to safeguard against the increasing prevalence of such attacks.
Cybercriminals target Las Vegas-area parents with threats
Cybercriminals have been targeting Las Vegas-area parents with threats to release their children’s personal information, including names, addresses, phone numbers, and social security numbers, if they do not pay a ransom. The criminals are believed to have obtained the information from a data breach that occured in August 2023 at a local school district, according to the information shared by DataBreaches.net. Parents are being urged to change their passwords and be extra vigilant about online security. They are also being advised to monitor their children’s credit reports for any unauthorized activity.
Malware disguised as cryptominer infects 1 million PCs
Antivirus provider Kaspersky has uncovered a highly sophisticated strain of malware known as “StripedFly”, which has been masquerading as a cryptocurrency miner to avoid detection for over five years. This deceptive malware has infected more than 1 million Windows and Linux computers worldwide since 2016. Kaspersky’s security researchers initially detected two infections linked to WINNIT.exe in their antivirus products, leading to the discovery of StripedFly. While it was originally categorized as a cryptocurrency miner, a deeper analysis revealed its complexity, incorporating techniques believed to have originated from the US National Security Agency, including a version of the infamous EternalBlue exploit.
StripedFly employs its custom EternalBlue attack to infiltrate unpatched Windows systems and quietly propagate across networks, even infecting Linux machines. The malware can gather sensitive data, capture screenshots, gain control over affected devices, and record microphone input. To avoid detection, StripedFly employs a unique method: it includes a cryptocurrency mining module to divert attention from its full capabilities. The identity of the malware’s creators remains unclear, but its use of the NSA-originated exploit highlights the ongoing risks associated with such leaked tools.
Critical vCenter Server vulnerability reported, VMware releases a fix
VMware released a fix for a critical vulnerability in its vCenter Server software on 25th of October 2023. The vulnerability could allow attackers to gain unauthorized access to vCenter Server and take control of virtual machines. The prominent virtualization and cloud technology provider, has rated the security vulnerability at 9.8 out of 10 because it enables remote code execution, which makes it a high-priority concern for users. The issue is associated with an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol used for network-distributed application communication. VMware has urged users to apply the available updates for affected products to address the vulnerabilities.
Boeing claimed by LockBit ransom gang
The LockBit ransomware gang has reportedly targeted The Boeing Company, a major global aerospace, commercial jetliner manufacturer, and U.S. military and defense contractor. This Russian-linked group announced its intrusion on Boeing via its dark leak site on 27th of October 2023, and claimed to have a substantial amount of sensitive data. The ransomware gang set a November 2nd deadline for Boeing to contact them, otherwise, they threatened to publish all available data. While the specific amount of exfiltrated data remains undisclosed, LockBit estimated the combined value of Boeing and its subsidiaries at $60 billion. They also stated that they breached Boeing using a zero-day exploit, though they provided no further details about the nature of this vulnerability.
In light of the cybersecurity news this month, it’s crucial for both individuals and organizations to prioritize security. To stay safe online, remember to use strong passwords and multi-factor authentication, exercise caution when handling email attachments and links, maintain updated software, and stay informed.