(In)Secure Digest: Mega Leaks, Deepfakes Calls and Ransomware Attack

In our traditional monthly digest, we've gathered a bunch of recent information security incidents. In February's edition, we’ll reveal, how with the help of deepfakes intruders managed to steal millions of dollars from a multinational company’s financier; how an employee bankrupted a publishing house with a 40-year history; how data of almost every second French citizens ended up in the hands of hackers. 

ALMOST DIDN'T BELIEVE IT

What happened: an employee of a multinational company transferred $25 million to fraudsters after a fake video conference.

How it happened: In January, fraudsters sent a phishing email to an employee of the finance department of the Hong Kong branch of a multinational company. In the email, the intruders, on behalf of the CFO of the UK subsidiary, tried to convince the employee to urgently make a secret transaction. The email made the financier of the Hong Kong company distrustful, so the fraudsters offered him to organize a video call. All participants in the video conference looked like colleagues from the UK office, their voices also didn’t differ from real employees’. Immediately after the call, the employee complied with the CFO’s request and made 15 transfers, overall, he sent fraudsters $25.6 million.

The fraud was only detected a few days later when the employee became concerned about the transfer and contacted the company's head office. Hong Kong police officers told, that that was the first time malicious actors used a group deepfake for defraud. 

CORPORATE PESTS 

What happened: an employee bankrupted a publishing house with a 40-year history.

How it happened: the Eugene Weekly, a small newspaper in Oregon, established in 1982, had to close due to the consequences of the incident, involving corporate fraud. It turned out that during the past five years, the employee, who was in charge of financial issues, had been transferring the publisher's money to his own accounts. The overall damage was estimated at about $90,000. The safety margin of the small newspaper was not comparable to the losses. In January this year, the editor-in-chief of Eugene Weekly reported that because of numerous unpaid bills, the newspaper had to close down and lay off all employees (overall, 10 people worked in the publishing house). Despite the financial problems, the management of Eugene Weekly plans to try retain the newspaper.

DATA ON ONE OUT OF TWO 

What happened: as a result of series of cyberattacks, hackers managed to obtain data on 33 million French citizens.

How it happened: the leak was the result of a cyberattack on two French service providers, working with health insurance companies. On the 1st of February, Viamedis officials reported shutting down the platform due to the hack. Viamedis CEO Christophe Candé explained that the attackers conducted a phishing attack and obtained employees’ credentials to access internal systems. 

A few days later, Almerys representatives reported detection of the hack. However, the company officials clarified that the central information system was not attacked, only the employee information portal was affected. 

As a result of the incident, the attackers gained access to such details, as: birth dates, national insurance numbers, national identification numbers names of health insurance companies and more. 

Overall, the leak affected 33 million French citizens. The Paris prosecutor's office has launched an investigation.

DOWNSTREAM OF THE LEAKS

What happened: telecoms company Verizon experienced an insider related data leak.

How it happened: in February, the company officials began notifying employees that an insider had accidentally obtained their personal data. The breach occurred in September 2023. According to the documents, which Verizon employees-in-charge provided to the state attorney general, the employee gained unauthorized access to a file that contained employees' personal information, including: names, addresses, national insurance numbers, gender, union membership information, birth dates, compensation data. 

The company is now conducting an internal investigation. 

Verizon officials reported plans to strengthen technical controls to prevent cases of unauthorised access to files in the future.

According to SearchInform’s statistics, the reason behind most breaches is violation of access rights distribution, when employees are able to access confidential files, which aren’t intended for them. By the way, we have recently tested how user access rights are distributed within our corporate file storages (you can read about the results of the experiments here and here).

The telecom giant offerrd affected employees two years of free credit monitoring and identity protection services. In case of fraud, employees can receive up to $1 million in compensation.

This is not Verizon's first incident involving personal data breaches. In 2022, the company notified customers that their accounts had been compromised and their phone numbers had been stolen by fraudsters.

APPLE EXUBERANCE

What happened: a cyber researcher defrauded Apple of $2.5 million.

How it happened: Noah Roskin-Frazee, a well-known security researcher from ZeroClicks Lab, had repeatedly helped Apple to find vulnerabilities in their gadgets. Last December, the company even published a post on its website, expressing gratitude for the cooperation.

Later it turned out that the police detained the researcher for fraud. It turned out that Noah Roskin-Frazee and his accomplice gained access to Apple's systems through a third-party contractor. Later, they stole gift cards worth $2.5 million. The fraudsters also arranged the delivery of Apple products worth $100,000 and tried to resell the stolen goods.

DATA EXHANGE

What happened: two million users' data was exposed due to a leak at LectureNotes, a platform where students and teachers can share notes.

How it happened: researchers at Cybernews discovered a misconfigured database in the LectureNotes Learning App. The database was updated in real-time mode and exposed the users and app admins’ personal and access data.

Overall, the experts found 2,165.139 compromised user records, which included: username, first and last name, email, phone number, encrypted password, session tokens, etc. 

Cybernews experts told that leaked session tokens pose a serious threat, as potential attackers can access user sessions without a password. What’s more, using the compromised administrator authorisation credentials, attackers can access privileged accounts and perform malicious actions.  

LectureNotes Technologies experts solved the issue within two days. Company officials have not yet publicly commented on the incident. Cybernews researchers attribute the leak to a misconfigured MongoDB database.

THE CACTI ARE ATTACKING

What happened: attackers hacked electrical equipment supplier Schneider Electric.

How it happened: Back in late January, French multinational Schneider Electric officials reported, that the company fell victim of a ransomware attack. The hackers gained access to the resources of the company's consulting division. It is known that Schneider cooperates with the world's largest corporations, such as: Walmart, Hilton, DHL and others. Experts assume that data belonging to these corporations could have been illicitly obtained as a result of the incident.

On 20th of February, members of the Cactus hacker group announced that they had managed to steal 1.5 TB of data from the consulting division of Schneider Electric. As evidence, the attackers published screenshots of several passports allegedly belonging to Schneider Electric employees and clients. The attackers also published scans of non-disclosure agreements. The hackers promised to publish all stolen data in the public domain if Schneider Electric wouldn’t pay the ransom.

E-mail me when people leave their comments –

SearchInform is a 100% private company that develops risk management products being one of the industry leaders. More than 4,000 companies across 20+ countries are SearchInform clients. The development team has been creating search technologies for unstructured data since 1995 and started developing information security solutions in 2004. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Community Guidlines


GlobalRisk Community Guidelines

The purpose of the Global Risk Community is to foster business, networking, and educational exploration among members. We reserve the right to remove any content or to ban a participant who does not follow the spirit of our…

Read more…
Views: 74
Comments: 0

The quick start guide


Dear New Member,
We're super excited to have you as part of our community. Feel free to invite new people, participate in discussions, activities and share knowledge. 

Special Bonus for new member:

20% off the…

Read more…
Views: 382
Comments: 0

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead