Cybersécurité Pour décoder l'actualité sur la cybersécurité , le cybercrime et les cyberattaques
Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
500 million WhatsApp mobile numbers up for sale on the dark web
A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews.
Medibank hackers reportedly release all data on dark web
Hackers who breached Medibank’s systems have dumped another batch of data on the dark web, along with claims the files contain all of the data they took in a heist that impacted 9.7 million customers. The Australian insurance group confirms six zipped files of data have been released, while government officials reiterate the overdue need to overhaul the country’s cyber strategy.
Belgian Police Under Fire After Major Ransomware Leak
A notorious ransomware group has begun leaking highly sensitive data it stole from Belgian police, in what is being described as one of the biggest breaches of its kind in the country. RagnarLocker has been connected to the incident, which hit the Zwijndrecht police force in the city of Antwerp.
LastPass admits to customer data breach caused by previous breach
Back in August 2022, popular password manager company LastPass admitted to a data breach. The company, which is owned by sofware-as-a-service business GoTo, which used to be LogMeIn, published a very brief but nevertheless useful report about that incident about a month later: Briefly put, LastPass concluded that the attackers managed to implant malware on a developer’s computer.
Cyberattaques / fraudes
Le piratage de 5,4 millions de comptes Twitter plus grave que prévu – Le Monde Informatique
Confirmé par Twitter cet été, le hack de 5,4 millions de comptes Twitter de janvier dernier a été exploité par plusieurs cybergangs et non un seul. Les données piratées concernent des utilisateurs dans presque tous les pays européens ainsi qu’aux États-Unis.
RansomBoggs Ransomware hit several Ukrainian entities
Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US. The ransomware is written in .NET and experts noticed that deployment is similar to previous attacks attributed to the Russia-linked Sandworm APT group.
New CryWiper wiper targets Russian entities
Researchers from Kaspersky discovered a previously unknown data wiper, dubbed CryWiper, that was employed in destructive attacks against Russian mayor’s offices and courts. The malware masquerades as ransomware, but the analysis of the code demonstrates that it does not actually encrypt, but only destroys data in the infected system.
Wave of cyber-enabled scams target FIFA World Cup fans
As the global tournament enters its second full week in Qatar, FIFA World Cup scams are proliferating as cybercriminals aim to score big from unsuspecting fans, according to data collected by cybersecurity firm Group-IB.
Keralty ransomware attack impacts Colombia’s health care system
The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. Keralty is a Colombian healthcare provider that operates an international network of 12 hospitals and 371 medical centers in Latin America, Spain, the US, and Asia.
Iran’s Fars News Agency website hacked as part of anti-govt protests
On Friday, 25th November, the hacktivist group by the name of Black Reward attacked the database of the Iranian hardline Fars News Agency.
North Korea Hackers Using New « Dolphin » Backdoor to Spy on South Korean Targets
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. « The backdoor […] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers, » ESET researcher Filip Jurčacko said in a new report published today.
Failles / vulnérabilités
U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States.
Justice / police / réglementation
Interpol Seized $130 Million from Cybercriminals in Global « HAECHI-III » Crackdown Operation
Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases.
Le Conseil de l’UE adopte la directive NIS2 – Le Monde Informatique
Alors que le Conseil de l’UE cherche à améliorer la résilience et les capacités de réponse aux incidents dans l’Union Européenne, la directive NIS2 remplace la directive NIS précédente. La directive NIS2 sur la cybersécurité adoptée par le Conseil de l’Union européenne (UE) doit améliorer la résilience et les capacités de réponse aux incidents dans l’UE.
Police arrest 55 members of ‘Black Panthers’ SIM Swap gang
The Spanish National Police have arrested 55 members of the ‘Black Panthers’ cybercrime group, including one of the organization’s leaders based in Barcelona. The gang was operating four specialized activity cells dedicated to social engineering, vishing (voice phishing), phishing, and carding, having a very organized structure.
Australia will now fine firms up to AU$50 million for data breaches
The Australian parliament has approved a bill to amend the country’s privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches.
Meta Fined €265 million in Facebook Data Scraping Case in the EU
Ireland’s Data Protection Commissioner (DPC) has placed a fine of €265 million on Meta following Facebook’s data scraping case.
SIM swapper gets 18-months for involvement in $22 million crypto heist
Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraud scheme that led to the theft of millions from cryptocurrency investor Michael Terpin.
Condamné pour piratage, l’ancien prestataire de l’ARS Ile-de-France voulait prouver qu’il était » le seul à pouvoir dépanner l’infrastructure «
Sécurité : Deux quinquagénaires ont été condamnés à de la prison ferme et de la prison avec sursis pour avoir piraté l’Agence régionale de santé d’Ile-de-France. Le principal mis en cause, un ancien prestataire, voulait se venger. Les pirates russophones ne sont pas les seuls à faire des dégâts.
Suisse
Le NCSC deviendra un office du DDPS
Berne, 02.12.2022 – Compte tenu de l’importance croissante de la cybersécurité et des bases solides établies au cours des dernières années par le Centre national pour la cybersécurité (NCSC) au sein du Département fédéral des finances (DFF), le NCSC sera transformé en un office fédéral.
Le Conseil fédéral soumet au Parlement le message concernant l’obligation de signaler les cyberattaques contre les infrastructures critiques
Berne, 02.12.2022 – Le Conseil fédéral souhaite mettre en place une obligation de signaler les cyberattaques contre les infrastructures critiques. À sa séance du 2 décembre 2022, il a adopté à cette fin et soumis au Parlement le message relatif à la modification de la loi sur la sécurité de l’information au sein de la Confédération.
Divers
Logiciels espions : Google soupçonne une entreprise espagnole de développer des logiciels espions
Sécurité : Selon Google, Variston IT aurait exploité plusieurs vulnérabilités dans Chrome, Firefox et Microsoft Defender, un cadre permettant ensuite l’installation de logiciels espions. Le groupe d’analyse des menaces de Google accuse dans un post de blog une entreprise espagnole, Variston IT, basée à Barcelone, d’exploiter des failles de sécurité sur les navigateurs Chrome et Firefox et l’antivirus Microsoft Defender pour déployer des logiciels espions.
A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet
The KmsdBot was known for targeting both Linux and Windows devices.
