woman sitting on chair while leaning on laptop

L’hebdo des cyber-menaces (5 déc 2021)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

DNA testing service data breach impacting 2.1 million users

The Fairfield, Ohio-based DNA testing service DNA Diagnostics Center (DDC) has disclosed a data breach in which sensitive personal and financial data of more than 2.1 million (2,102,436) customers/users has been stolen by hackers. According to the company’s blog post, the data breach was detected on August 6th, 2021 but the details of which have only been shared today on November 30th, 2020.

Planned Parenthood data breach: Hackers steal 400,000 patients’ data

On Wednesday, December 1st, 2021 Planned Parenthood, the non-profit reproductive health care organization based in the United States disclosed a data breach impacting over 400,000 patients of its Los Angeles branch (Planned Parenthood Los Angeles (PPLA). Hackers steal 400,000 patients’ records.

A la suite d’une intrusion, Panasonic doit faire face à une fuite de données

Des hackers ont réussi à accéder au réseau de Panasonic et a volé des données. Seraient concernées des informations sur les technologies, les partenaires commerciaux et les salariés de l'entreprise japonaise, d'après les médias nationaux. Une enquête interne a été ouverte.

Police Iranienne piratée : 24 millions de données de conducteurs exfiltrés

Gestion des cookies Nous utilisons des cookies sur notre site web pour vous offrir l’expérience la plus pertinente en mémorisant vos préférences et vos visites répétées. En cliquant sur « Accepter », vous consentez à l’utilisation de ces cookies.

Colorado energy company loses 25 years of data after cyberattack while still rebuilding network | ZDNet

Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost.

Cyberattaques / fraudes

Emotet’s back and it isn’t wasting any time

Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotet’s botnet.

abuse.ch on Twitter: « Emotet’s activity yesterday was huge in terms of unique #Emotet malware distribution sites reported to URLhaus 📢 It was an uptick of +447% compared to end of November! 🔥👉 https://t.co/fkDITyH9GT pic.twitter.com/iMJucbojgM / Twitter »

Emotet’s activity yesterday was huge in terms of unique #Emotet malware distribution sites reported to URLhaus 📢 It was an uptick of +447% compared to end of November! 🔥👉 https://t.co/fkDITyH9GT pic.twitter.com/iMJucbojgM

Hackers Steal $119M From ‘Web3’ Crypto Project With Old School Attack

Image: Ulrich Baumgarten via Getty Images Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet. Do you research vulnerabilities on cryptocurrencies and their networks? We’d love to hear from you.

Le cybergang Snatch revendique une attaque ransomware sur Volvo Car – Le Monde Informatique

Des captures d’écran de données dérobées à Volvo Car Corporation circulent sur le Darknet. Le gang de ransomware Snatch revendique l’attaque. De son côté, le constructeur automobile suédois parie sur une communication minimale. Connu à la fin de l’année 2019 pour contourner les solutions de sécurité, le ransomware Snatch refait parler de lui en annonçant une liste de plusieurs victimes.

APT37 targets journalists with Chinotto multi-platform malware

North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices. APT37 (aka Reaper) has been active since at least 2012 and is an advanced persistent threat group (APT) linked to the North Korean government with high confidence by FireEye.

American diplomats’ iPhones reportedly compromised by NSO Group intrusion software

The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group’s Pegasus spyware, according to a report published Friday by Reuters. NSO Group in an email to The Register said it has blocked an unnamed customers’ access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

FBI: Cuba ransomware breached 49 US critical infrastructure orgs

The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. « The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors, » the federal law enforcement agency said.

Le forum officiel de l’Olympique Lyonnais piraté pour « venger » l’attaque de Dimitri Payet

Le site de discussions des supporters lyonnais a été victime d’une cyberattaque le lendemain du jet de bouteille sur le Marseillais. Plus de 30.000 dossiers d’utilisateurs ont été volés, ils proviendraient d’une ancienne version du site. Le 21 novembre dernier, un supporter lyonnais lance une bouteille sur le joueur Dimitri Payet en plein match.

un exemple d’un autre type de motivation que celle de l’argent …

Failles / vulnérabilités

Nine WiFi routers used by millions were vulnerable to 226 flaws

Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people.

Finland warns of Flubot malware heavily targeting Android users

Finland’s National Cyber Security Centre (NCSC-FI) has issued a « severe alert » to warn of a massive campaign targeting the country’s Android users with Flubot banking malware pushed via text messages sent from compromised devices. This is the second large-scale Flubot campaign that hit Finland this year, with a previous series of attacks SMS spamming thousands of Fins each day between early June and mid-August 2021.

8-year-old HP printer vulnerability affects 150 printer models

Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard. Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time.

Justice / police / réglementation

FBI seized $2.3 million in cryptocurrency from REvil ransomware affiliate – CyberScoop

The FBI in August seized approximately $2.3 million worth of cryptocurrency from a hacker affiliated with the REvil ransomware gang, according to a court filing unsealed Tuesday. The money seized was derived from payments to ransomware attacks involving REvil malware between April 2019 and June 2021 in the U.S. and elsewhere.

Telegram channel admins who sold fake vaccine cards arrested

The Italian financial crime agency (Guardia di Finanza – GdF) has announced the arrest of several individuals suspected of managing Telegram channels to promote fake vaccine certificates, aka ‘Green Passes.’ The operation was supported by evidence collected by investigators at Group-IB’s high-tech crime unit, who managed to unmask the criminals despite measures to keep their identities hidden.

European Money Mule Action leads to 1 803 arrests

Today saw the conclusion of the anti-money mule operation EMMA 7, an international action coordinated by Europol in cooperation with 26 countries, Eurojust, INTERPOL, the European Banking Federation (EBF) and the FinTech FinCrime Exchange. The operation resulted in 1 803 arrests and the identification of over 18 000 money mules.

Former Ubiquiti dev charged for trying to extort his employer

Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker.

Les plaintes pour rançongiciel ont augmenté de 32% en France en 2020

Le service statistique du ministère de l’Intérieur apporte un nouvel éclairage à l’augmentation des attaques informatiques par rançongiciel en France. Entre 2016 et 2020, les services de police et de gendarmerie ont enregistré entre 1580 et 1870 procédures visant des entreprises et des institutions, selon les estimations.

IdO : Le Royaume-Uni prévoit d’adopter une loi visant à interdire les mots de passe universels par défaut, les entreprises ne répondant pas aux nouvelles normes risquent de lourdes amendes

Le Royaume-Uni prévoit de protéger ses citoyens contre les pirates des mots de passe avec l’adoption d’une loi visant à interdire les mots de passe universels par défaut.Le gouvernement britannique a récemment présenté une nouvelle loi visant à empêcher que les appareils des consommateurs ne soient attaqués par des cyberpunks.Selon de nouveaux rapports, les entreprises qui ne vendent pas de produits numériques ne répondant pas aux nouvelles normes de cybersécurité peuvent être interdites et se v…

Les Etats-Unis rejoignent l’appel de Paris sur la cybersécurité

Sécurité : Trois ans après le lancement du projet, la vice-présidente Kamala Harris a annoncé que les Etats-Unis rejoignaient cet accord regroupant 80 pays sur les normes de cybersécurité.

Suisse

Cybersécurité – Les communes vaudoises s’inquiètent d’être piratées

Syndics et conseillers municipaux ont participé en nombre à une séance d’information dédiée aux attaques informatiques, jeudi soir à Savigny. Tous estiment leur commune mal protégée. « Qui pense être bien protégé dans sa commune? » À la question lancée par l’un des quatre spécialistes en cybersécurité qui animaient la séance de sensibilisation réservée aux représentants des communes vaudoises, personne n’a levé la main!

Divers

Texas School District to Scan Children’s Devices

A school district in East Texas will start scanning digital devices used by its students to find out what they have been saying to and about one another. Longview Independent School District ( Longview ISD) has partnered with technology and web-hosting company Gaggle to scour district-issued devices and student emails for a particular set of keywords.

A school district in East Texas will start scanning digital devices used by its students to find out what they have been saying to and about one another.

Les cybercriminels proposent aussi des cours sur la création de botnet

Sécurité : Les chercheurs en sécurité préviennent que la prolifération de botnets pourrait s’intensifier à mesure que les escrocs apprennent à construire les leurs. Les botnets sont l’un des principaux moteurs des cyberattaques, utilisés pour distribuer des logiciels malveillants et des rançongiciels.

La Suède veut interdire le minage de cryptomonnaies énergivores

Tandis qu’en Suède, le minage de bitcoin consomme autant d’électricité que 200 000 foyers, le pays appelle à arrêter le minage des cryptomonnaies consommant trop d’énergie, comme le Bitcoin. Les autorités suédoises craignent que l’accord de Paris signé lors de la COP 21 en 2016 ne soit pas atteint si les pays de l’Union européenne continuent dans cette voie.

Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny – CyberScoop

An under-the-radar ransomware group that’s been attacking schools, hospitals and other critical infrastructure has tried to cover its tracks by rebranding, according to findings from researchers at Mandiant. Sabbath, a rebrand of the ransomware group Arcane, « is unfortunately not slowing down » in its attacks, Tyler McLellan, principal analyst at Mandiant, said in a statement.

Twitter removes another 3,000 state-backed accounts linked to six countries | ZDNet

Twitter has removed another 3,465 state-backed accounts as part of efforts to limit the influence of information manipulation campaigns on the web. The social media platform explained in a blog post that the account sets that have been removed include eight « distinct operations » that can be attributed to China, Mexico, Russia, Tanzania, Uganda, and Venezuela.

Veilleur et spécialiste en cybersécurité