Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉
Vol / perte de données
Ransomware gang uses new zero-day to steal data on 1 million patients
The Clop ransomware group claims it’s hacked over a hundred organizations, including a hospital network, by exploiting a new zero-day flaw.
Scandinavian Airlines says cyberattack caused passenger data leak
Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. The cyberattack caused some form of a malfunction on the airline’s online system, causing passenger data to become visible to other passengers.
GoDaddy: Hackers stole source code, installed malware in multi-year breach
Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.
Pepsi Bottling Ventures victime d’un discret mais très efficace voleur de données – Le Monde Informatique
L’embouteilleur américain Pepsi Bottling Ventures a subi une intrusion sur ses systèmes d’information fin décembre 2022. Le groupe a mis près d’un mois à découvrir qu’un malware a permis à des pirates de voler une grande variété de données incluant mots de passe, numéros de sécurité sociale et informations de passeport.
Atlassian confirme une fuite de données via un partenaire – Le Monde Informatique
Des cybercriminels sont parvenus à s’introduire dans le réseau informatique d’Envoy, un fournisseur de solution de gestion utilisé par Atlassian et hacker des données de ce dernier. Il faut se méfier des attaques par rebond.
LockBit’s Royal Mail ransom deadline passes, no data release
in brief The notorious LockBit ransomware gang has taken credit for an attack on the Royal Mail – but a deadline it gave for payment has come and gone with nothing exposed to the web except the group’s claims. The attack, which occurred in January, led to disruptions in both inbound and outbound international post that still haven’t been entirely resolved, the Royal Mail explained in an update on February 10.
LockBit and Royal Mail Ransomware Negotiation Leaked
The LockBit ransomware group has published a log of conversations between its operators and a Royal Mail negotiator showing the group demanded £65.7m ($79.85m) to safely return the company’s stolen data following a January cyber-attack. Hours after the incident, it was reported that the LockBit gang claimed responsibility for the attack, which disrupted Royal Mail operations for several days.
Cyberattaques / fraudes
The Feds Are Launching a Hack Back Squad
The U.S. says it’s punching back in the digital cold war over emerging technologies with a new « Disruptive Technology Strike Force. » « Our goal is simple but essential-to strike back against adversaries trying to siphon off our best technology, » a deputy attorney general said.
Iranian State TV Hacked During President’s Speech on Revolution Day
On Telegram, the hackers from Adalat e Ali group said that « We hacked the Islamic Republic of Iran’s TV and Radio transmission. »
German airport websites hit by DDos attacks once again
On Thursday, the websites of several German airports were unreachable, experts launched an investigation speculating a possible cyberattack on a large scale against the critical infrastructure. Ralph Beisel. chief executive of the ADV airport association, confirmed that the websites were hit by a DDoS attack.
FBI says cyber incident at New York field office ‘contained’
The FBI says it has contained a cyber incident at the agency’s New York field office that reportedly affected a computer network used in child sexual exploitation investigations. In a statement to FedScoop, the agency said it is aware of the incident and is working to gain additional information.
City of Oakland issued state of emergency after ransomware attack
The City of Oakland disclosed last week a ransomware attack , the security breach began on February 8, 2023. In an abundance of caution, the City of Oakland has taken impacted systems offline, while they work to secure the impacted infrastructure.
Des cybercriminels attaquent les sites web de l’OTAN
L’OTAN a été la cible d’une attaque de pirates informatiques dimanche 12 février. Un porte-parole de l’alliance militaire l’a confirmé à l’agence de presse allemande (dpa), rapporte entre autres la Frankfurter Allgemeine Zeitung (FAZ). L’information avait circulé auparavant sur Twitter, selon laquelle des activistes pro-russes avaient notamment attaqué le site internet du quartier général des opérations spéciales de l’OTAN.
Cloudflare signale une attaque DDoS record
Cloudflare vient de signaler avoir contré une attaque par déni de service (DDoS) qui a battu tous les records précédents. Un pic de 71 millions de requêtes par seconde a été enregistré. C’est 35% de plus que le précédent record de 46 millions de requêtes par seconde, signalé par Google au cours de l’été 2022.
Failles / vulnérabilités
GoDaddy says a multi-year breach hijacked customer websites and accounts
GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion.
Norwegian police recover $5.9m crypto stolen by North Korea
Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.
Justice / police / réglementation
Spanish Police Bust €5m Phishing Gang
Spain’s Policia Nacional has teamed up with the US Secret Service to dismantle a cybercrime gang that stole millions of dollars from US citizens and companies. Nine suspected members of the group have been arrested – eight in Madrid and one in Miami – after receiving close to €5m ($5.4m) from their victims, which they spent on luxury items including high-end watches costing as much as €200,000 ($215,000) each.
Russian cybersecurity expert convicted of charges in $90M hack-to-trade case
A Russian national accused of hacking into two U.S. firms that prepare filings for publicly traded companies, and then trading on information before it was public, was found guilty by a federal jury in Boston Tuesday. Vladislav Klyushin, 42, the owner of cybersecurity firm M-13 in Moscow, was found guilty of conspiracy to obtain unauthorized access to computers, wire fraud and securities fraud.
Suisse
Semaine 6: comptes Office 365 sécurisés visés par des tentatives d’hameçonnage en temps réel
14.02.2023 – La semaine dernière, le NCSC a continué à recevoir de nombreuses annonces. Ces signalements ont notamment porté sur des attaques visant les comptes Microsoft Office 365. Ces derniers sont pourtant bien souvent sécurisés au moyen de deux facteurs d’authentification, ce qui rend leur piratage plus ardu.
Le MPC enquête sur le vol de données chez Credit Suisse
Le Ministère public de la Confédération (MPC) a ouvert une enquête sur le vol de données chez Credit Suisse. Il y a un an, la publication de documents par des médias du monde entier mettait en cause la deuxième banque de Suisse.
Divers
Eliminalia, « un tueur à gages numérique » pour effacer ses traces en ligne
Des articles de la SSR, de 24 Heures ou d’autres médias suisses sont ciblés par des entreprises de désinformation. Plusieurs milliers d’enquêtes journalistiques dans le monde ont été effacées ou rendues invisibles sur internet. Eliminalia, une entreprise d’e-réputation basée en Suisse, offre ses services à des criminels, des entrepreneurs véreux et des politiciens corrompus.
BEC groups are using Google Translate to target high value victims
Abnormal Security has identified two groups that are using executive impersonation to execute business email compromise (BEC) attacks on companies worldwide. The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks.
Amazon Begs Employees Not to Leak Corporate Secrets to ChatGPT
After catching snippets of text generated by OpenAI’s powerful ChatGPT tool that looked a lot like company secrets, Amazon is now trying to head its employees off from leaking anything else to the algorithm.
Une société clandestine israélienne aurait manipulé plus de trente campagnes électorales
Une entreprise clandestine israélienne, spécialisée dans la manipulation électorale notamment par les réseaux sociaux, a été utilisée pour influencer des dizaines d’élections dans le monde, particulièrement en Afrique, selon le collectif de journalistes d’investigation Forbidden Stories.
1 Comment
Comments are closed.
Pingback: Veille Cyber N428 – 27 février 2023 |