crop hacker typing on laptop with information on screen

L’hebdo des cyber-menaces (30 janv 2022)

Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

Vol / perte de données

Il met la main sur un million de données des clients du Swisspass

Un expert informatique a identifié une faille sur une plateforme des CFF. Il a pu accéder aux données de quelque 500’000 clients du Swisspass. Les chemins de fer fédéraux ont entre-temps comblé la faille de sécurité et affirment que les clients n’ont subi aucun dommage.

Finnish diplomats’ devices infected with Pegasus spyware

Finland’s Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with the infamous NSO Group’s Pegasus spyware. The diplomats were targeted with the popular surveillance software as part of a cyber-espionage campaign. « Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity.

Cyberattaques / fraudes

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet

Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population. A massive Minecraft tournament styled after the Netflix blockbuster Squid Game (known, of course, as « SquidCraft ») apparently inspired a distributed denial of service (DDoS) attack that took down the sole (and state-owned) internet service provider in Andorra.

Segway Hit by Magecart Attack Hiding in a Favicon

Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned. Segway, maker of the iconic – and much-spoofed – personal motorized transporter familiar from guided city tours everywhere, has been serving up a nasty credit-card harvesting skimmer via its website that’s likely linked to Magecart Group 12.

LockBit gang claims it stole data from French Ministry of Justice | ZDNet

The French government is investigating claims from the LockBit ransomware gang that data was stolen from the Ministry of Justice. « The French Ministry of Justice is aware of the alert and has immediately taken actions to proceed to the needed verifications, in collaboration with the competent services in this field, » a government spokesperson told ZDNet.

BlackCat ransomware targeting US, European retail, construction and transportation orgs | ZDNet

Palo Alto Networks’ Unit 42 released a deep-dive into the BlackCat ransomware, which emerged in mid-November 2021 as an innovative ransomware-as-a-service (RaaS) group leveraging the Rust programming language and offering affiliates 80-90% of ransom payments.

Microsoft a contré une attaque DDoS géante sur Azure – Le Monde Informatique

Les serveurs Azure de Microsoft ont été visés par une attaque par déni de service distribué d’un volume sans précédent de 3,47 Tbps. La précédente, déjà très puissante, avait avoisiné 2,4 Tbps. Les attaques DDoS ciblant les hyperscalers montent en puissance.

Belarusian activists launch ransomware attack in protest of dictatorship, Russian troop surge | ZDNet

An activist group in Belarus launched a ransomware attack against the country’s railway system in protest of Belarusian President Alexander Lukashenko and Russian troop movements through the country. On Monday, the Belarusian Cyber-Partisans took to Twitter to say they encrypted Belarusian Railways networks, hijacking the system and disrupting ticket sales.

North Korea Loses Internet in Suspected Cyber-Attack

North Korea has experienced an internet outage that may have been caused by a cyber-attack. The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.

Failles / vulnérabilités

Over 20,000 data center management systems exposed to hackers

Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks. Data centers house costly systems that support business storage solutions, operational systems, website hosting, data processing, and more.

QNAP users still struggling with Deadbolt ransomware after forced firmware updates | ZDNet

QNAP Network Attached Storage (NAS) device users are still struggling to address a range of issues connected to the Deadbolt ransomware, which began infecting devices earlier this week. On Tuesday, QNAP NAS users flocked to Reddit and QNAP forums to report ransomware infections.

Linux-Targeted Malware Increases by 35% in 2021 | CrowdStrike

Malware targeting Linux systems increased by 35% in 2021 compared to 2020 XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021 Ten times more Mozi malware samples were observed in 2021 compared to 2020 targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.

Malware source code discovered on GitHub puts millions of IoT devices at risk

The nefarious minds behind a dangerous malware called BotenaGo have uploaded the source code to GitHub on October 16th 2021, according to new research by AT&T Alien Labs. This could mean hackers around the world, who now have access to this source code, will have the ability to create their own versions of the malware and adapt it to their own attack objectives.

Justice / police / réglementation

Alleged carder gang mastermind and three acolytes under arrest in Russia

Russian news agency Tass reported over the weekend that the « purported founder » of a notorious cybercrime group known as Infraud Organisation has been arrested.

$300,000 in fines issued as Canadian officials take down dark web marketplace | ZDNet

Officials with the Canadian Radio-television and Telecommunications Commission (CRTC) said they took down dark web marketplace Canadian HeadQuarters on Wednesday and fined four of those involved in the platform. Cyberwar and the Future of Cybersecurity Today’s security threats have expanded in scope and seriousness.

Bulgarian authorities take down online investment scam responsible for losses of more than EUR 10 million | Europol

Judicial and law enforcement authorities in Bulgaria, supported by Europol and Eurojust, have taken down a network of online investment fraudsters involved in money laundering. On the action day on 26 January, officers from the Bulgarian National Police (ГД Национална Полиция) arrested one suspect for defrauding mainly German and Greek investors of at least EUR 10 million.


Faille de sécurité sur le portail clients de CarPostal

Une faille de sécurité a été découverte sur le portail clients, exploité par CarPostal. Il était possible de consulter et de télécharger des documents, concernant notamment des resquilleurs, sans disposer de grandes connaissances techniques. La faille aurait déjà été comblée.


Tor Project battles Russian censorship through the courts | ZDNet

The Tor Project has filed an appeal against a Russian court’s decision to block the Tor website in the country. The best security key While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. The Tor network is an open source system for anonymizing online communication.

un petit clic pour ma veille

S'incrire à la newsletter

Inscrivez-vous et recevez la synthèse des nouveaux articles directement dans votre boîte aux lettres.

Merci pour votre inscription !

Un erreur s'est produite. Merci d'essayer à nouveau ou utiliser le formulaire disponible dans la barre latérale du site.

Send this to a friend