In our traditional monthly digest, we've gathered a bunch of recent information security incidents. In February's edition, we’ll reveal, how with the help of deepfakes intruders managed to steal millions of dollars from a multinational company’s financier; how an employee bankrupted a publishing house with a 40-year history; how data of almost every second French citizens ended up in the hands of hackers.
ALMOST DIDN'T BELIEVE IT
What happened: an employee of a multinational company transferred $25 million to fraudsters after a fake video conference.
How it happened: In January, fraudsters sent a phishing email to an employee of the finance department of the Hong Kong branch of a multinational company. In the email, the intruders, on behalf of the CFO of the UK subsidiary, tried to convince the employee to urgently make a secret transaction. The email made the financier of the Hong Kong company distrustful, so the fraudsters offered him to organize a video call. All participants in the video conference looked like colleagues from the UK office, their voices also didn’t differ from real employees’. Immediately after the call, the employee complied with the CFO’s request and made 15 transfers, overall, he sent fraudsters $25.6 million.
The fraud was only detected a few days later when the employee became concerned about the transfer and contacted the company's head office. Hong Kong police officers told, that that was the first time malicious actors used a group deepfake for defraud.
CORPORATE PESTS
What happened: an employee bankrupted a publishing house with a 40-year history.
How it happened: the Eugene Weekly, a small newspaper in Oregon, established in 1982, had to close due to the consequences of the incident, involving corporate fraud. It turned out that during the past five years, the employee, who was in charge of financial issues, had been transferring the publisher's money to his own accounts. The overall damage was estimated at about $90,000. The safety margin of the small newspaper was not comparable to the losses. In January this year, the editor-in-chief of Eugene Weekly reported that because of numerous unpaid bills, the newspaper had to close down and lay off all employees (overall, 10 people worked in the publishing house). Despite the financial problems, the management of Eugene Weekly plans to try retain the newspaper.
DATA ON ONE OUT OF TWO
What happened: as a result of series of cyberattacks, hackers managed to obtain data on 33 million French citizens.
How it happened: the leak was the result of a cyberattack on two French service providers, working with health insurance companies. On the 1st of February, Viamedis officials reported shutting down the platform due to the hack. Viamedis CEO Christophe Candé explained that the attackers conducted a phishing attack and obtained employees’ credentials to access internal systems.
A few days later, Almerys representatives reported detection of the hack. However, the company officials clarified that the central information system was not attacked, only the employee information portal was affected.
As a result of the incident, the attackers gained access to such details, as: birth dates, national insurance numbers, national identification numbers names of health insurance companies and more.
Overall, the leak affected 33 million French citizens. The Paris prosecutor's office has launched an investigation.
DOWNSTREAM OF THE LEAKS
What happened: telecoms company Verizon experienced an insider related data leak.
How it happened: in February, the company officials began notifying employees that an insider had accidentally obtained their personal data. The breach occurred in September 2023. According to the documents, which Verizon employees-in-charge provided to the state attorney general, the employee gained unauthorized access to a file that contained employees' personal information, including: names, addresses, national insurance numbers, gender, union membership information, birth dates, compensation data.
The company is now conducting an internal investigation.
Verizon officials reported plans to strengthen technical controls to prevent cases of unauthorised access to files in the future.
According to SearchInform’s statistics, the reason behind most breaches is violation of access rights distribution, when employees are able to access confidential files, which aren’t intended for them. By the way, we have recently tested how user access rights are distributed within our corporate file storages (you can read about the results of the experiments here and here).
The telecom giant offerrd affected employees two years of free credit monitoring and identity protection services. In case of fraud, employees can receive up to $1 million in compensation.
This is not Verizon's first incident involving personal data breaches. In 2022, the company notified customers that their accounts had been compromised and their phone numbers had been stolen by fraudsters.
APPLE EXUBERANCE
What happened: a cyber researcher defrauded Apple of $2.5 million.
How it happened: Noah Roskin-Frazee, a well-known security researcher from ZeroClicks Lab, had repeatedly helped Apple to find vulnerabilities in their gadgets. Last December, the company even published a post on its website, expressing gratitude for the cooperation.
Later it turned out that the police detained the researcher for fraud. It turned out that Noah Roskin-Frazee and his accomplice gained access to Apple's systems through a third-party contractor. Later, they stole gift cards worth $2.5 million. The fraudsters also arranged the delivery of Apple products worth $100,000 and tried to resell the stolen goods.
DATA EXHANGE
What happened: two million users' data was exposed due to a leak at LectureNotes, a platform where students and teachers can share notes.
How it happened: researchers at Cybernews discovered a misconfigured database in the LectureNotes Learning App. The database was updated in real-time mode and exposed the users and app admins’ personal and access data.
Overall, the experts found 2,165.139 compromised user records, which included: username, first and last name, email, phone number, encrypted password, session tokens, etc.
Cybernews experts told that leaked session tokens pose a serious threat, as potential attackers can access user sessions without a password. What’s more, using the compromised administrator authorisation credentials, attackers can access privileged accounts and perform malicious actions.
LectureNotes Technologies experts solved the issue within two days. Company officials have not yet publicly commented on the incident. Cybernews researchers attribute the leak to a misconfigured MongoDB database.
THE CACTI ARE ATTACKING
What happened: attackers hacked electrical equipment supplier Schneider Electric.
How it happened: Back in late January, French multinational Schneider Electric officials reported, that the company fell victim of a ransomware attack. The hackers gained access to the resources of the company's consulting division. It is known that Schneider cooperates with the world's largest corporations, such as: Walmart, Hilton, DHL and others. Experts assume that data belonging to these corporations could have been illicitly obtained as a result of the incident.
On 20th of February, members of the Cactus hacker group announced that they had managed to steal 1.5 TB of data from the consulting division of Schneider Electric. As evidence, the attackers published screenshots of several passports allegedly belonging to Schneider Electric employees and clients. The attackers also published scans of non-disclosure agreements. The hackers promised to publish all stolen data in the public domain if Schneider Electric wouldn’t pay the ransom.
Comments