crop male hacker watching desktop computer in darkness

L’hebdo des cyber-menaces (23 janv 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

un petit clic pour ma veille

Vol / perte de données

Crypto.com confirms 483 accounts hacked, $34 million withdrawn

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk. With regards to daily trading volume, Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform « on a mission to accelerate the world’s transition to cryptocurrency. »

Telegram is a hotspot for the sale of stolen financial accounts

Telegram is increasingly abused by cybercriminals to set up underground channels to sell stolen financial details to pseudonymous users. Telegram is a free and cross-platform instant messaging service that offers end-to-end encryption communication, currently having a user base of over 500 million active users.

Cyberattaques / fraudes

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ « highly vulnerable » people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration.

Indonesia’s central bank confirms ransomware attack, Conti leaks data

Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. A Bank Indonesia spokesperson also told BleepingComputer the attack took place last month and that the bank’s operations are not disrupted after the incident.

Cyberattaque : l’Ukraine accuse la Russie et dit avoir des  » preuves « 

La situation est plus grave qu’il n’y paraissait initialement. Samedi 15 janvier, Microsoft a averti avoir détecté une attaque informatique visant à rendre inutilisables des réseaux informatiques appartenant à l’Etat ukrainien. Cette nouvelle attaque pourrait être liée à celle qui a touché plusieurs sites gouvernementaux vendredi, mais, contrairement à cette dernière, l’attaque détectée par Microsoft vise le cœur des réseaux informatiques et pas seulement les sites Web.

Failles / vulnérabilités

https://www.bleepingcomputer.com/news/security/dutch-cybersecurity-agency-warns-of-lingering-log4j-risks/

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting (XSS) bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails.

Justice / police / réglementation

Unhappy New Year for cybercriminals as VPNLab.net goes offline | Europol

A provider of choice for cybercriminals VPNLab.net was established in 2008, offering services based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as USD 60 per year. The service also provided double VPN, with servers located in many different countries.

This VPN service used by cyber criminals to deliver ransomware has just been taken down by police | ZDNet

A VPN service used by criminals to distribute ransomware, malware and facilitate other forms of cybercrime has been taken offline following a coordinated international operation by police. As part of the joint action by Europol, Germany’s Hanover Police Department, the FBI, the UK’s National Crime Agency (NCA) and others, the 15 servers used by the VPNLab.net service have been seized or disrupted, rendering it no longer available.

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

U.S. has imposed sanctions on four Ukrainian government officials for their involvement in a Russian-directed campaign to destabilize Ukraine.

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

Law enforcement action typically does little to deter cybercriminal activity. But last week’s arrests in Russia of several members of the notorious REvil ransomware group, as well as the dismantling of its criminal infrastructure, appear to have finally grabbed the attention of at least some threat actors.

Suisse

Vaud affine sa stratégie numérique au plus près des citoyens

Face aux cyberattaques de tous bords, l’Etat de Vaud a fait jeudi le point de la situation sur sa stratégie numérique. Tout en renforçant sa propre cybersécurité, le canton réaffirme sa volonté d’accompagner les citoyens et les communes dans la transition numérique. « La numérisation de la société appelle une action résolue de l’Etat.

La cyberattaque d’Emil Frey met les garages suisses dans l’embarras

Emil Frey, géant zurichois de l’importation de véhicules en Europe, est touché depuis mardi par un acte de piratage informatique. Nombre de professionnels du secteur ne peuvent plus réparer de voitures ni effectuer de ventes, a appris la RTS.

Divers

ProtonMail to block tracking pixels, hide IP addresses | ZDNet

ProtonMail announced on Wednesday that it will be blocking tracking pixels and hiding IP addresses as part of a new « enhanced tracking protection » feature. The best security key While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

After ransomware arrests, some dark web criminals are getting worried | ZDNet

Cyber criminals are becoming anxious about being tracked down by law enforcement agencies following the high-profile arrests of suspected members of one of the most notorious ransomware groups. On January 14, Russia’s Federal Security Service (FSB) announced it had detained members of the REvil ransomware gang operating from several regions of the country and dismantled the group’s operations.

UK’s Cyber Security Center publishes new guidance to fight smishing

UK’s National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls. The goal of the new guidelines is to make it harder for scammers to trick the public and lead users to phishing sites.

Veilleur et spécialiste en cybersécurité