person using macbook air on table

L’hebdo des cyber-menaces (26 sept 2021)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

UN Confirms April 2021 Data Breach

UN official also confirms further attacks connected to the initial breach have been detected and are under investigation. The United Nations has confirmed its infrastructure was breached earlier this year. Additional attacks linked to the earlier breach have also been detected and are now under investigation.

Hacking group used ProxyLogon exploits to breach hotels worldwide

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. Slovakian internet security firm ESET spotted the hacking group (dubbed FamousSparrow) and described it as an « advanced persistent threat. »

MoD apologises after Afghan interpreters’ data exposed

The UK’s Ministry of Defence has launched an internal investigation after committing the classic CC-instead-of-BCC email error – but with the names and contact details of Afghan interpreters trapped in the Taliban-controlled nation. The horrendous data breach took place yesterday, with Defence Secretary Ben Wallace promising an immediate investigation, according to the BBC.

Cyberattaques / fraudes

Epik Confirms Hack, Gigabytes of Data on Offer

« Time to find out who in your family secretly ran … [a] QAnon hellhole, » said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.

United Health Centers ransomware attack claimed by Vice Society

​California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties.

FBI, CISA, and NSA warn of escalating Conti ransomware attacks

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations. The three US federal agencies urge enterprise IT admins to review their organizations’ network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware.

REvil ransomware devs added a backdoor to cheat affiliates

Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments. By using a cryptographic scheme that allowed them to decrypt any systems locked by REvil ransomware, the operators left their partners out of the deal and stole the entire ransom.

Revil planque un tchat dans le ransomware pour doubler les affiliés – Le Monde Informatique

Le gang derrière le ransomware a mis en place un système de chat secondaire pour négocier directement avec les victimes et ainsi contourner les affiliés. L’univers de la cybercriminalité est impitoyable et celui des ransomwares encore plus. En effet, le gang derrière Revil (aka Sodinokibi) a peut-être détourné des rançons, en excluant les affiliés du paiement.

Les arnaques téléphoniques génèrent des revenus astronomiques

Les arnaques téléphoniques sont légions en France. Nous revenions notamment en août dernier sur cette escroquerie repérée par l’opérateur Free. De faux démarcheurs prennent contact avec les clients et au terme d’un piège bien rodé parviennent à récupérer leurs données bancaires.

Failles / vulnérabilités

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

Google’s cybersecurity researchers have discovered a new technique that hackers use to trick Windows systems into bypassing malware payload detection.

Researcher drops three iOS zero-days that Apple refused to fix

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the person who reported them. Denis Tokarev (who uses the Illusion Of Chaos Twitter handle), the software developer who found the four zero-days, reported them to Apple between March 10 and May 4.

Justice / police / réglementation

Report: FBI Had Ransomware Decryption Key for Weeks Before Giving It to Victims

The Kaseya ransomware attack, which occurred in July and affected as many as 1,500 companies worldwide, was a big, destructive mess-one of the largest and most unwieldy of its kind in recent memory. But new information shows the FBI could have lightened the blow victims suffered but chose not to.

Italian mafia cybercrime sting leads to 100+ arrests – Malwarebytes Labs

The Spanish National Police (Policía Nacional) has successfully dismantled an organized crime ring of hundreds of members in a sting operation supported by Europol, the Italian National Police (Polizia di Stato), and Eurojust. This is the end result of a year-long investigation.

In 2012, Belgian police were called in to investigate a case involving computers of the Swiss Shipping Company, MSC. They found “tiny computers known as pwnies (pronounced ponies) packed in memory sticks and sitting on several of the workstations”, which caused dramatic and consistent computer slowdown. They realized that these pwnies were being used to steal important information needed “to track specific containers and gain access to restricted areas of the port.”

Divers / Suisse

Genève – Une maison de retraite hackée: données dans la nature

L’EMS de Vessy a été victime d’une cyberattaque mi-septembre. Des informations pourraient avoir été diffusées sur le darknet. La série noire se poursuit. Après la ville de Rolle (VD), le HC Bienne (BE)et plusieurs entreprises privées, c’est au tour de la maison de retraite de Vessy (GE) d’annoncer avoir été victime d’une cyberattaque.

EU officially blames Russia for ‘Ghostwriter’ hacking activities

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. « These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data, » European Council officials said in a press release today.

Facebook Paid the FTC Billions to Personally Protect Zuckerberg, Lawsuit Claims

A hulking lawsuit made public this week accuses Facebook’s board of agreeing to overpay the Federal Trade Commission billions of dollars in exchange for not personally suing CEO Mark Zuckerberg over the 2018 Cambridge Analytica data leak scandal.

Veilleur et spécialiste en cybersécurité