L’hebdo des cyber-menaces (23 mai 2021)

In Carnet de veille

Photo by Mikhail Nilov on Pexels.com

Déroulez ici

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et Merci pour le café !

un petit clic pour ma veille

Vol / perte de données

Indonesia ‘s government confirms social security data breach for some citizens

Indonesia’s Communication and Information Ministry has confirmed a leak of social security data, it attempted to downplay the incident explaining that it only impacted a small portion of the population. The authorities launched an investigation into the data leak after a user, that goes with the handle Kotz, posted on a hacker forum samples of data belonging to Indonesian citizens.

Data of 100+ million Android users exposed via misconfigured cloud services

Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services. The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources.

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

India’s flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug.

Les données personnelles de 8 000 employés de Decathlon exposées (MAJ) – Le Monde Informatique

Une enquête menée par VPNmentor montre que des données incluant noms, mails, photos et jetons d’authentification de près de 8 000 employés de Decathlon ont été exposées. Une mauvaise configuration de bucket S3 relatif à un serveur utilisé par un partenaire du groupe en est à l’origine.

Cyberattaques / fraudes

DarkSide ransomware made $90 million in just nine months

The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months to multiple Bitcoin wallets. Around 10% of the profit came in one week from attacking just two companies: Colonial Pipeline, the largest oil pipeline system in the United States, and Brenntag, a large chemical distribution company in Germany.

Cyber insurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments

Ouch. One week after the French branch of cyber insurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company’s operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit… by a ransomware attack.

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern – CyberScoop

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach.

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline

FBI: Conti ransomware attacked 16 US healthcare, first responder orgs

The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen U.S. healthcare and first responder organizations. The info was shared via a TLP:WHITE flash alert issued Thursday to help system admins and security professionals defend their orgs’ networks against future Conti attacks.

Florida water treatment plant was involved in second security incident before poisoning attempt: report | ZDNet

A new study from Dragos has found that a water treatment plant in Oldsmar, Florida — where hackers attempted to poison the town’s water earlier this year — was also involved in another potential breach at the same time.

Irish officials analyze decryption tool as long recovery process from ransomware continues – CyberScoop

The Irish government expects to dedicate significant resources in the coming days to recovery efforts related to a ransomware incident that has hampered the country’s public health service for the last week, officials said Friday.

New Zealand hospitals infected by ransomware, cancel some surgeries

New Zealand’s Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals. The attack disabled all IT services except email. Patient notes became inaccessible, clinical services were disrupted, and surgeries postponed.

Failles / vulnérabilités

DarkSide affiliates claim gang’s bitcoin deposit on hacker forum

Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum. Russian-language cybercriminal communities typically have an escrow system to avoid scams between sellers and buyers.

Justice / police / réglementation

IC3 Logs 6 Million Complaints | Federal Bureau of Investigation

Record Increase in Reporting Brings IC3 to New Milestone It took nearly seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints. It took only 14 months to add the most recent million. The IC3 logged five million complaints on March 12, 2020, a few weeks before it marked its 20th anniversary.

Irish High Court issues injunction to prevent HSE data leak

Update added to the bottom of article. The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published. Last week, Ireland’s Health Service Executive (HSE) suffered a Conti ransomware attack that has severely disrupted the health services in the country.

Divers / Suisse

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move iCloud data belonging to Apple’s China-based users to the latter’s servers, the shift raised concerns that it could make user data vulnerable to state surveillance.

La plateforme Mesvaccins.ch ne sera pas réactivée

Clap de fin pour Mesvaccins.ch… du moins sous sa dernière forme. Un examen externe a montré que la plateforme n’est pas suffisamment protégée contre les menaces de sécurité, a fait savoir la Fondation mesvaccins qui exploite ce carnet de vaccination électronique. « La Fondation mesvaccins a fait d’énormes efforts ces dernières semaines pour corriger les vulnérabilités critiques précédemment identifiées.