Search This Blog

Showing posts with label Data Breach. Show all posts

More Than 22 Billion Records Revealed in Data Leaks in 2020


A new record has been set with regards to the data breach, ‘more than 22 billion records were revealed globally amid 730 publicly leaked data violations in 2020’, as stated in a report published on Friday. A major chunk of data breaches was linked to ransomware attacks which are nearly thirty-five percent.

Cyber exposure company Tenable’s Security Response Team (SRT) analyzed that 14 percent of data leaks were the outcome of email compromises in the period of January 2020 to October 2020. The main tactics used by threat actors was the dependency on unpatched susceptibilities in their strikes, meanwhile, encompassing multiple other vulnerabilities. 

While giving insights, Satnam Narang, a Staff Research Engineer at Tenable stated “every day, cybersecurity professionals in India and the rest of the world are faced with new challenges and vulnerabilities that can put their organizations at risk. The 18,358 vulnerabilities disclosed in 2020 alone reflects a new normal and a clear sign that the job of a cyber defender is only getting more difficult as they navigate the ever-expanding attack surface”. 

The growth rate of common vulnerabilities and exposures (CVEs) increased at an average of 36.6 percent from 2015 to 2020. In 2020 it shot up to 183 percent as compared to 2015; 18,358 CVES were reported in 2020 as compared to 6,487 in 2015. 

“Pre-existing vulnerabilities in virtual private network (VPN) solutions - many of which were initially disclosed in 2019 or earlier – continue to remain a favorite target for cybercriminals,” Narang told. 

Search engines such as Mozilla Firefox, Google Chrome, Microsoft Edge, and Internet Explorer resulted in 35 percent of all zero-day susceptibilities abused in wild by the threat actors. 

“In 2021, we must have the tools, awareness, and intelligence to effectively reduce and eliminate blind spots” Narang concluded. 

Threat Actors Bypassed MFA to Gain Access to Cloud Service Accounts


The United States Cybersecurity and Infrastructure Agency (CISA) has alerted the firms by stating that cyber attackers are bypassing multi-factor authentication (MFA) protocols to secure access to the cloud service accounts.

Threat actors often use username and password combinations while targeting the organizations but hackers usually are unsuccessful in doing so due to an enabled multi-factor authentication by an organization. CISA said, threat actors successfully gained access to a user’s account despite MFA being enabled, at one instance, in this incident the hackers may have used browser cookies to bypass MFA. 

The threat actors use stolen cookies to gain access to web applications or online services and take control over an authenticated session. CISA noticed that cyber attackers are taking benefits of email forwarding protocols by storing critical information regarding the user’s personal email accounts.

CISA stated in the report that “in one case, we determined that the threat actors modified an existing email rule on a use’s account-originally set by the user to forward emails sent from a certain sender to a personal account-to redirect the emails to an account controlled by the actors. The threat actors updated the rule to forward all email to the threat actors’ accounts”.

Threat actors also designed new mailbox regulations, which were created to send specific messages to the users. These messages contained specific phishing related keywords and these messages were transmitted by using Really Simple Syndication (RSS) feeds or RSS subscription folders to keep users from being alerted. CISA also clarified that this data breach has no link to the SolarWinds supply chain attack.

While explaining further, CISA told, “recommended mitigations for organizations to strengthen their cloud environment configuration to protect against, detect and respond to potential attacks”. These recommendations also include tactics, techniques, and procedures (TTPs) which will provide assistance to the security teams to counter the attacks by threat actors on their organizations.

Resident Evil Developer Capcom Became a Victim of Ransomware Attack


The year 2020 had been a year that witnessed a lot of data leaks and hacks of assorted kinds for apps and websites. This time it was the turn of an Osaka headquarters video game developer company, Capcom that became the victim of a data breach and ransomware attack in November 2020. Not only the company but its users have also been compromised because of this attack. As a result of the ransomware attack, Capcom had to shut down its assorted parts of the network including its email and file services. 

Initially, they never disclosed that if any customer's information was breached or any of its websites, servers, or games were compromised because of this attack. However, on 16th November 2020, the company published that almost 9 of its users had their personal information compromised and further added that 350,000 of its users were at risk of a data breach. 

In this attack, Capcom witnessed hundreds of thousands of pieces of personal data stolen from its servers, including the names and addresses of customers and former employees. The estimated number of victims of the aforementioned case is 16,415. 

Capcom later affirmed that they were suspicious that the company’s information, including "sales reports, financial information, game development documents, [and] other information related to business partners," was illicitly accessed during the attack. They stated that Documents matching that description have been circulating around certain corners of the Internet since November. 

Capcom further stated that "the company has also ascertained that the potential maximum number of customers, business partners, and other external parties, etc., whose personal information may have been compromised in the attack is approximately 390,000 people (an increase of approximately 40,000 people from the previous report)." 

Not only that Capcom's network was hit by a Ransomware attack but a note was also left on the server by the threat actors. The letter affirmed that Ranga Locker, the ransomware gang is behind this cyber-attack. The gang left some hyperlinks as proof of the attack by them. Those links led the company to a file that had personal information of the company and its users as well as employees, that was later published on the internet. 

Additionally, the company wrote, "Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident.”

Threat Actor Targets New Zealand Reserve Bank to Acquire Sensitive Information


New Zealand’s Reserve Bank data systems were hacked by an anonymous hacker who potentially secured access to sensitive and personal information. The hacker managed to get his hands on a third-party file sharing service, the one used by Central Bank of New Zealand to share and reserve sensitive information. 

The Reserve Bank of New Zealand based in Wellington, commonly named as Te Putea Matua is accountable for generating monetary policy to stabilize prices in the nation. The Governor of Reserve Bank of New Zealand Adrian Orr assured the public that the data breach has been restrained and the bank’s core functions “remain sound and operational”. 

Threat actors have targeted a number of major organizations in New Zealand in the past year. New Zealand Stock Exchange was one of the prominent victims of the cyber attack and its servers were knocked out for nearly a week in August 2020. In a conversation with Radio New Zealand, Dave Parry the professor of computer science at Auckland University told that there might be a possibility of another government’s influence behind the Reserve Bank data leak. 

Adrian Orr stated that “we are working closely with domestic and international security experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information. The system has been secured and taken offline until we have completed our initial investigations”.

Till further investigations, the Reserve Bank of New Zealand is currently considering alternative techniques to secure data and has taken its systems offline.

The data of 1.3 million Russian Hyundai customers are on sale

The database, which contains information about 1.3 million Russian owners of Hyundai cars, is put up for sale on Darknet. This is reported by Telegram-channel "Information Leaks".

According to him, the data of 1.3 million registered users of the website were put up for sale. The database contains the full names, phone numbers, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they purchased, spare parts orders and participation in the brand's marketing activities.

Ashot Hovhannisyan, the founder of the DLBI data leak intelligence service, said in an interview that the database with Hyundai customer data is sold for about $2 thousand. According to him, the seller of the database has a high rating and has not previously been seen selling fake data. Hovhannisyan clarified that the latest data on user operations contained in the "testers" of the database refers to 2019.

The seller of the database, as other interviewed information security experts told, has a good reputation, so the leak is similar to the real one. One of the interlocutors claims that the seller of the base is a Russian who lives in Moscow.

According to Hovhannisyan, the database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so most likely the source of the leak was a vulnerability in this server found by an automatic scanner or a backup copy of the data accessed by cybercriminals.

According to KELA analyst Viktoria Kivilevich, the seller of the database has many ads in which he offers databases of other companies in the same format, so it is likely that the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities.

Cyber Criminals Leak Hackney Council Files on the Darknet Website


Cybercriminal group recognized as Pysa/Mespinoza has leaked the sensitive information stolen from the Hackney Council on the Darknet website. The group of attackers claimed that the stolen documents are from Hackney Council in a ransomware attack last year. The council in East London stated that they are collaborating with the Ministry of Housing and the UK’s National Cyber Security Centre (NCSC) to scrutinize and perceive the impact of the incident.

The stolen data published on the ‘dark web contains the personal information of council staff and residents; the files include critical information regarding the PhotoID, staff data, passports dump’. Cybercriminal group is utilizing the stolen data as their leverage to extort payment from the Hackney Council.

Cybersecurity expert, Brett Callow stated that “It’s an increasingly common place for ransomware groups to steal data and use the threat of its release as additional leverage to extort payment. Organizations in this position are without good option. Whether they pay or not, they’ve had a data breach and the criminals have their information. The most they can hope for is a pinky-promise that it will be destroyed”.

In this regard, the National Cyber Security Centre (NCSC) guidelines announced that there is no assurance that organizations, companies, or councils will get access to their stolen data even if the ransom demand from extorters is fulfilled. Hence law enforcement ‘does not encourage, endorse, nor condone the payment of ransom demands’.

Hackney council spokesperson asserted that in their initial investigation there are no indications that the majority of the critical and personal information of our residents have been published or affected. There are also not any signs of this critical information visible via search engines on the Internet.

He further asserted that necessary precautionary measures have been taken and they are closely monitoring the whole incident. They have collaborated with the local authorities including the Information Commissioner’s Office, Metropolitan Police, and National Crime Agency to investigate the whole incident.

Nissan Source Code Compromised Online Due to Exposed Git Server


Nissan's source code got compromised online after the company left an uncovered Git server secured with default access credentials. This leak was learned by a Swiss-based software engineer Tillie Kottmann who shared with ZDNet in an interview that she discovered the leak from an unknown source and analyzed the company’s data. 

The source code repository contained ‘critical information regarding the company’s source code of Nissan mobile apps, components of the Nissan ASIST diagnostics tool, dealer business systems and dealer portal, company’s internal core mobile library, vehicle logistics portal, market research tools, and data, client acquisition and retention tools, vehicle connected services and multiple back ends and internal tools. 

After the data was exposed and began to be shared on telegram via torrent links and hacking platforms, the company took the precautionary step to shut down the Git server yesterday. Mercedes Benz was also the victim of the data breach in May 2020 when the Swiss cybersecurity experts discovered the company misconfigured GitLab server that exposed the source code of multiple Mercedes Benz apps and tools. 

Nissan's spokesperson admitted the incident and further stated, “Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers, or employees were accessible with this security incident. The affected system has been secured, and we are confident that no information in the exposed source code would put consumers or their vehicles at risk”.

The attackers were able to lay their hands on the company’s public repository on GitLab which contains folders with sensitive information from leading companies such as Toyota, SunTech, Pepsi, Motorola, Mediatek, Sierra Nevada Corporation, and the U.S. Air Force Research Laboratory but fortunately all folders do not contain sensitive information that could guide attackers to the secured assets.

British Airways to Pay 3bn Pound as Compensation of the Data Breach


British Airlines broke through the mainstream media with a data breach that affected almost 400,00 customers. This incident happened in the year 2018 when British Airlines confirmed that the hackers have obtained the credit card and personal information of the Airways customers. They claimed it to be a major data breach. This breach of September 2018 went on for weeks before it gathered public attention. In this regard, the CEO of the airways said, “there was a large amount of information during the breach the hackers would have been able to track the address, find email IDs and more private information.” Not only the emails and debit /credit cards details were out but alarmingly, also the CVV of almost 77,000 customers were in the public eye. The British Airlines employees' account details were also out. They termed the incident – “A sophisticated malicious criminal attack.” British Airways showed full acceptance of the compensation of breach to the customers. 

The customers that were at the risk of the hack were the ones who did booking transactions between August 21st and September 5th of 2018. The airlines have suspected Magecart hackers to be behind the operations; Magecart hackers are the ones who perform credit card scanning as they target the websites that usually don't secure the payment forms. The investigation indicated that this Breach was planned and executed to perfection signifying that this was a highly targeted attack with a precision that could crack such an adeptly encrypted system. 

The data breach to the UK’s flag carrier Airlines has cost 3bn Pound compensation though in July 2019 information commissioner's ( IC ) has issued a notice that finds the Airlines with 183m Pound for the breach that troubled the customers. Later the fine was reduced to 20m Pound in October 2020. All this is a result of the ‘poor security management’ of the airlines and what's more surprising is that victims of the breach are not getting even a single penny from the 20m Pound fine. This is because British Airlines had an intention to kick off the settlement between the customers and authorities.

The consumer action law firm –“Your Lawyers” was set up to the Steering Committee which was responsible for the overall conduct of the British Airways data breach litigation. 

 “News that the British Airways wants to settle compensation claims, with negotiation set to take place in the first quarter of 2021, is acknowledgment if its wrongdoing in failing to protect customer data,” say’s Your Lawyers Director, Aman Johal. And concerning the aforesaid statement, Your Lawyers has claimed that every victim customer of the breach would now get 6000 Pounds as compensation amount.

Security Expert listed the largest data leaks of Russian residents in 2020

Founder of DLBI data leak intelligence service Ashot Hovhannisyan spoke about the most large-scale database leaks in the Russian Federation in the past year.

According to him, one of the most high-profile cases of data leakage in Russia occurred at the end of 2020. In December, a database of more than 100 thousand lines containing personal data of Moscow residents who had recovered from COVID-19 was made publicly available.

In November more than 1.3 million lines of data of Russian Railways Bonus customers appeared on the black market, containing the e-mail address and user ID, an encrypted password, the date of registration and last login, as well as service data.

"In June, there were data leaks from clients of the portal and the Skyeng online school of English, each of which was about 5 million lines and contained the full name, gender, date of birth, phone number, email address and other data," said Mr. Hovhannisyan.

He also recalled that in April there were leaks of 12 million records of Russians who issued microloans in various microfinance organizations in 2017-2019. At the same time, “almost a million lines of data of clients of the loyalty program of the retail chains K-Ruoka and K-Rauta appeared on the Internet, containing their full name, e-mail address, mobile and home phone numbers, gender, date of birth, date of filling out the questionnaire, numbers loyalty cards".

“Finally, the largest leak of nearly 600 million lines of data of customers of the Premium Bonus service, which was discovered in March 2020, containing personal data of customers of the service, was the largest leak this year. It provides loyalty programs to popular cafes and restaurants, for example, Mu-Mu, Jean Jacques, Pizza Empire”, concluded the expert.

Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers


Recently, Marijuana Business Daily has disclosed a data breach at Aurora Cannabis. The security incident compromised the credential information of an unknown number of employees of the Canadian company. The data breach was not restricted to the current employees of the company but also encompassed the former employees as well. 

A victim has shared an email of a data breach with Marijuana Business Daily which was sent to him on Dec. 25, “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email read. 

The victim, a former employee of Aurora Company who was terminated in February 2020 with other hundreds of employees, didn’t get notification of the breach until late December 31. The source said that working for Alberta-based Aurora was “an experience that I think a lot of people want to forget.” 

“And then getting a reminder on the last day of 2020, just hours to go before 2020 ended, was just a bit of a kick to the face,” he further added. The former employee said that he had talked with three present workers at Aurora and five other former employees about the information that has been exposed. Each of them reported a different kind of data breach, some reported breach of their credit card information and government identification, while others said that their home address and banking details were exposed, he added. 

The company’s spokeswoman Michelle Lefler has confirmed that the company “was subject to a cybersecurity incident” on Christmas Eve. It has affected both present and former employees of the company. 

As of now, it remains unclear what "kinds" of personal information were exposed. “The company immediately took steps to mitigate the incident, is actively consulting with security experts and cooperating with authorities,” Lefler wrote in a statement. 

“Aurora’s patient systems were not compromised, and the company’s network of operations is unaffected.” Further, she added, for now, I am unable to provide the specific number of Aurora employees whose data was exposed. I can confirm we are following all security protocols, are working with privacy councils and law enforcement, and have communicated directly with any impacted current or former employee,” Lefler added.

SolarWinds Attack Update: Russian Hackers Breached 250 US Agencies and Top Companies

More than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. The attackers gained access by hacking into 'SolarWinds Orion' management and monitoring software. The hack was much worse than what I expected, says US Senator Mark Warner according to New York Times report. The scale of the attack keeps increasing, it's evident that the US government failed to detect the attack. As per the report, companies like Amazon and Microsoft who offer cloud-based services, now investigate further to find evidence. 

The report suggests that Russian hackers compromised multiple supply chain layers to breach more than 250 networks and gain access. According to Microsoft, hackers exploited the SolarWinds software which allowed them to copy user accounts of the company, some of which were top-level individual accounts. Microsoft found unusual activity in a few company accounts and upon investigation, it found that hackers used one account to access source code in multiple source codes repositories. Besides this, Microsoft confirms that the account didn't allow hackers to change code or modify engineering systems. 

The further investigation cleared that no other unusual activities were found. During the investigation, these accounts were tested and then restored. Earlier assumptions suggested Russian actors breached more than 18000 public and private networks (including government agencies).  According to the reports, it suggests that few breached SolarWinds softwares were modified in Eastern Europe. Cybersecurity experts and federal officers currently investigate if the large scale attack operated from areas where Russian intelligence is deeply embedded. 

CISA (Cybersecurity and Infrastructure Security Agency) has alarmed US federal agencies to either shut down all the exploits SolarWinds applications or update the hacked SolarWinds Orion software. E-Hacking News earlier reported "currently, Microsoft hints to “a very sophisticated nation-state actor” as the attacker, cybersecurity experts, and the U.S government has alleged Russia for orchestrating the SolarWinds attack. The cyberattack also revealed a listing of susceptible companies. However, Microsoft didn't disclose how much the hackers were able to view the source code and what the hackers did with it. "

Massive Data Dump of 10 Crore Indian Card Holders Leaked on Dark Web


The data of 10 Crore Indian cardholders has been sold on the Dark Web for an unknown amount. The information has been disclosed by the independent cybersecurity researcher Rajshekhar Rajaharia who further stated that ‘hackers attacked the server of Bangalore-based digital payments portal Juspay and after the server was compromised they leaked the data of 10 Crore Indian debit and credit card holders on Dark Web’.

Juspay stated to IANS that people are being misinformed through media which has been telling users not to worry about their financial information. There has been no data leak regarding the card numbers and the victims of cyber attacks are much lower than the 10 Crore mark, media stated. 

While giving insights into the security incident, Juspay told, “on August 18, 2020, an unauthorized attempt on our servers was detected and terminated when in progress. No card numbers, financial credentials or transaction data were compromised; some data records containing non-anonymized, plain-text email and phone numbers were compromised, which form a fraction of the 10 Crore data records”. 

However, Rajshekhar Rajaharia was of different opinion and in relation to that, he said, the financial information of all 10 Crore cardholders is in jeopardy if the attackers can detect the Hash algorithm which is used to develop the card fingerprint and by using this algorithm they can decrypt the concealed card number.

Juspay was launched by the two former Amazon engineers Ramanathan RV and Vimal Kumar in August 2012 and was later joined by Bloomberg executive Sheetal Lalwani.  The company has raised a total of $21.6M via funding and the last funding round was in March 2020. 

The data revealed on the Dark Web contains ‘confidential information regarding debit and credit cards of cardholders including expiry date, card fingerprint, ISIN, the type of card, users' card brand (VISA/Rupay/Mastercard), the last four digits of the card, and user account ID.

The company spokesperson acknowledged that only a few contact numbers and email addresses have been leaked which have little to no value; According to him, no sensitive information regarding card numbers was accessed. He further asserted that no transaction or order information was compromised. 

Japanese Games Publisher Koei Tecmo Suffers Cyber Attack, 65,000 Users Account Compromised

The Japanese games' publisher Koei Tecmo was targeted by hackers who compromised the company's English language website and stole confidential data belonging to over 65,000 users. Following the attack, Koei Tecmo announced that they have temporarily shut down their US and European website as a precautionary measure. 

The hackers targeted the company’s website to obtain confidential information about the user accounts like names, encrypted passwords, and email addresses, however, the hackers were not successful in their attempt to acquire the data related to 'user payment details'.  

The Japanese publisher announced in the press release that “Within the website operated by KTE, the ‘Forum’ page and the registered user information (approximately 65,000 entries) has been determined to the data that may have been breached. The user data that may have been leaked through hacking is perceived to be the (optional) account names and related password (encrypted) and/or registered email address.” 

In the press release, the publisher further stated that users do not need to worry about personal financial information because they do not store this confidential information about the users.  

Referencing the reports of Bleeping Computer, the hacker has leaked critical information about users' accounts for free on a hacker forum like IP addresses, email addresses, and passwords.  

Founded in 2009, following the merger of 'Koie' and 'Teo', Koei Tecmo is a Japanese video game and anime holding organization that is responsible for many popular PC and console games like Hyrule Warriors; Age Of Calamity, Dead or Alive, Nioh 2, Atelier Ryza, to name a few. 

The attackers assert that they have used a spear-phishing campaign to hack the website on December 18th. The operators behind the attack also claimed that they were deliberating to sell a forum database for 0.05 bitcoins or about 1,300 dollars on a hacking marketplace.  

As per the reports by Bleeping Computer, stating their malevolent motives, the hackers told that they have “leaked the data to punish the Koei Tecmo publisher because they were not following the General Data Protection Regulation (GDPR) guidelines and they were refusing to spend the money on encrypting the users' information and were using a fragile salted MD5 hashing algorithm from 1992 and further warned them if they do not use the strong encryption techniques, we will continue to attack them”. 

Virtual Website Neopets Exposes Sensitive Data

Neopets is an online platform where kids can take care of "virtual pets." The website has revealed many sensitive user data online, including login credentials used for gaining access to company databases, email ids of employees, and repositories that contain proprietary code for the website. 

The exposed data comprises the IP address of Neopets users, data that can be used by hackers to target Neopets visitors. John Jackson, an independent cybersecurity researcher, found the issue while he was searching Neopet's website with his security software. The Security Ledger reports, "this is the second serious security incident involving the Neopets site. In 2016, the company acknowledged a breach that spilled usernames, passwords, IP addresses, and other personal information for some 27 million users. That breach may have occurred as early as 2013." 

Neopet, an online pet platform, was launched in the year 1999. It allows users, mostly kids, and children to take care of virtual pets/animals and buy virtual accessories for these pets using the "Neopoint" or "Neocash," virtual points earned in-game. Users can buy Neocash with real money or with the help of the awards. Viacom purchased Neopets for $160 million in 2005, but in 2017 it was purchased by NetDragon, a Chinese company. 

"The issue appears to be related to a misconfigured Apache web server, Jackson said. Though many web-based applications are hosted on infrastructure owned by cloud providers such as Amazon, Google, or Microsoft's Azure, leaked documents indicate that the 20-year-old Neopets website continues to operate from the infrastructure it owns and operates," reports The Security Ledger. 

Hacked accounts on sellout 

According to researcher Jackson, he found that Neopets accounts were "on-sale" on a website. It led him to scan Neopet's website using a security tool, which reported Neopets' subdomain exposed the website data. Upon research, Jackson found the employees' database, emails, login credentials, and complete code-base. The screenshots of the Neopets repository shared by Jackson show that the credentials were either embedded in the website's underlying code or "hard-coded." With the help of cybersecurity expert Nick Sahler, Jackson downloaded Neopet's full code-base, it revealed a database, private code repositories, user IP addresses, and employee emails.

Appliance Giant Whirlpool Smacked by Nefilim Attack


As Ransomware attacks become the new normal, people are increasingly falling prey to such attacks in cyberspace as well as beyond. As the attacks become sophisticated, the problem of ransomware has been prominent and no business worldwide is entirely immune to the threat. Recently one of the world's renowned multinational manufacturers and suppliers of home appliances, Whirlpool, headquartered in Michigan, United States become a victim of one of these ransomware attacks. 

The American appliance marketer company, Whirlpool is one of the world’s largest home appliance and home smart gadgets as well as device creators. It has a diverse variety of products under various categories namely Kitchen aid, Indesit, Hotpoint, etc. The incident demonstrated how not even the big names are immune to the ransomware threat. 

This ransomware attack was done by the Nefilim Ransomware Gang whose main task is to get into the encrypted data system by breaking the firewall and stealing confidential information for some obligatory money. With the same, if the money or the demanded amount in cash or kind is not provided on time, they leak the confidential information to the public. As per the investigations, a similar incident happened with Whirlpool in the first week of December 2020 as well, however, the exact time and date remain unknown. 

The data that the Nefilim gang leaked on its website includes sensitive information of the organization like the documents regarding employee benefits, medical information requests, background checks, accommodation requests, and much more.

Though they never opened up about the leaked data by the Nefilim gang, the consequences made them agree on the blooming rumors'. In an interview, Whirlpool talked about the attack and communicated, “Last month Whirlpool Corporation discovered ransomware in our environment. The malware was detected and contained quickly. We are unaware of any consumer information that was exposed. There is no operation impact at this time”.

“We live in a time when Illegal cyber crimes are all too prevalent across every industry. Data privacy is a top priority at Whirlpool Corporation, and we invest in the technology and processes to help protect, our people, our data our operations.”

Later, Whirlpool affirmed that their systems are fortunately restored after the malicious malware attack and everything is safe.

Russians ‘InfoWarrior’ Hackers New Game Changer for the Geopolitical Agenda?

The worse cyber attack of the year 2020 on SolarWinds which was allegedly carried out by Russian state-backed threat actors is signs of advancement in different ways as Moscow is seemingly improving its technical abilities that might pose a bigger threat of cyber espionage globally. 

The attack has compromised many important departments of the U.S. government, big tech companies, hospitals, and universities, showing a big loop of online intrusion, which is illustrating how cyber espionage operations have become a left-hand job for Russian ‘infowarrior’. Should it make the West more concerned about the security of its government or should the whole world consider these attacks as a new normal? 

Russia’s diplomatic relation with the West has always been bitter since the World Wars, and even today the situation continues to border on bitterness. Moscow sees the cyber attacks as a cheap and effective way to achieve and win its geopolitical aspirations, and therefore Russia is unlikely to take a step back from such tactics, whilst facing U.S. sanctions or countermeasures. 

Bilyana Lilly, a researcher at think tank Rand Corp said, “Such operations are a relatively inexpensive and effective way to conduct geopolitics that is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy’s. 

Referencing from an article in a Russian military journal, “the complete destruction of the information infrastructures” of the U.S. or Russia could be carried out by just one battalion of 600 “info warriors” at a price tag of $100 million’’. 

It’s been an ardent task for the West to vehemently retort to Moscow’s growing cyber abilities. Washington’s vengeance measures including sanctions, diplomatic expulsions, property seizures, and even big threats such as expulsion from the world-leading economic organizations appear to have little to no impact on its operations. 

Pavel Sharikov, a senior fellow at the Russian Academy of Science’s Institute for U.S. and Canadian Studies said, “Russia doesn’t see sanctions as an instrument of pressure but as an instrument of punishment. The Russian government says, ‘Yes we understand that you don’t like what we are doing, but we don’t really care”. 

Notably, US officials and tech companies have accused the Russian regime of cyber espionage attacks on multiple occasions, including attempts to intervene before the 2020 election. The WSJ discovered how Moscow’s cyber espionage and trolls have enlarged their 2016 toolbox with a new stratagem. 

Inferring from a paper co-written by Rand’s Ms. Lilly, “in recent years, so-called information confrontation has become an established part of Russia’s military doctrine”. In 2019, Gen. Valery Gerasimov, Russia’s General Staff chief, said that in modern warfare, cyberspace “provides opportunities for remote, covert influence not only on critical information infrastructures but also on the population of the country, directly influencing national security.” 

According to the authorities, Moscow is trying to advance its geopolitical agenda by using its cyberattack tactics; the initial target was ex-Soviet countries. It was in 2007 when Russia-backed hackers attacked Estonia which compromised websites government, bank credentials, and newspapers. 

Following up, Ukraine and Georgia have also been attacked. In most cases, states’ media firms, and election infrastructures have been targeted. “Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified schedule, U.S. officials said. 

According to the German authorities, in 2015, they got into the German parliament, in what experts described as the most significant hack in the country’s history’’. 

Interestingly, that's not all, Russia was accused of its interference in the French elections and the ‘Pyeongchang’ Winter Olympics and for the NotPetya malware attacks on the corporate webwork. And now, the Western administration is accusing Russia of cyber espionage attacks against the COVID-19 vaccine supply chain. Russia has denied its involvement. 

Important Documents Related to the Covid-19 Vaccine Leaked on the Darkweb


As the pandemic continues to spread globally via a new Covid-19 variant, the attacks on medical agencies surge likewise. Pharmaceutical industries and government organizations continue to face the wrath. As per the sources, the European Medicines Agency (EMA) became the victim of the latest attack, from where “several documents related to the Covid-19 vaccine are allegedly stolen and are released in the Darkweb market, security experts said”.

Security experts from threat intelligence firm Cyble also said, “during the evaluation of data, the experts have found that various confidential files, including MoMs, assessment reports, confidential emails, login portal links and images of its internal pages were accessed and leaked”. The illegal market for Covid-19 vaccines has asserted its malicious influence even more so as it continues to expand in scope and horizon.

In this regard, European Medical Agency said, “EMA has been the subject of a cyber attack. The Agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities”.

“EMA cannot provide additional details whilst the investigation is ongoing. Further information will be made available in due course”, the agency further added.

The agency is investigating the security incident, however, there is no clarification regarding the source of the attack. Also, whether the hackers were successful in their attempt or not remains unclear as of now.

European Medical Agency have been twice the victim of cyber attacks in recent months, it has become the target of attackers because it has all the necessary and confidential information related to the Covid-19 vaccines, also it has to be noted that it played a massive role in the assessment of Covid-19 vaccines.

The leaked documents are also being shared on the Russian-speaking forums when the threat intelligence firm Cyble started tracking the documents. During the investigation, the experts have also found that the attackers were using the internal email from where the portal link was shared and also the login page for the portal to access the reports, all of which were shared through the screenshots. Furthermore, the documents included the supposed evaluation reports of the Covid-19 vaccine which also comprised the summary report of drug release

Espionage Attacks Increasingly Concentrated on the Covid-19 Vaccine Supply Network


Now more than ever, malicious actors are targeting the healthcare space as important research of COVID-19 therapeutics are developed and other medical institutions from the world such as Pfizer, Moderna, and other biotech firms are preparing antidote against the deadly virus. While several pieces of research are underway, it is being discovered that nation-states are now targeting these companies with retribution, as the quest to beat the pandemic continues. 

According to the intelligence, cyber espionage has a keen eye on the COVID-19 vaccine supply network, the malware with the name ‘Zebrocy’ is being used by threat actors in vaccine-related cyberattacks. Earlier this month, reports have shown that documentation of Pfizer and BioNtech vaccine were accessed by threat actors that were submitted to the EU regulators. 

Recent cyber-attacks on firms are not new but threat actors have recently zeroed in on the Covid-19 vaccine chain, capitalizing on the fear of contagion amid the masses. 

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has been attacked in October, hence plants have to shut down across India, U.K, Brazil, and the USA. According to the official reports Indian-based firm has contracted to manufacture the Russian “Sputnik V’’ vaccine. 

In July 2020, the U.S. Department of Homeland Security (DHS) had informed and warned the Governments and firms against Russia-linked group APT29 which was targeting the U.S, Canadian, and British Covid-19 vaccine research companies26. 

Notably, when the pandemic began, the World Health Organization (WHO) was also targeted by the DarkHotel APT group, which looked for sensitive information. 

Likewise, the U.S. Justice Department has also accused Chinese-sponsored threat actors of targeting COVID-19 researcher Moderna. 

“Even if you are good at science, this is a cheap insurance policy to maintain a seat at the table for the game of nations,” said Sam Curry, Cybereason CSO. “The headlines around stealing vaccine research, data, and information is used to create vaccines to the world’s pandemic should be a wakeup call to research firms and both the private and public sector. It is not a question of if hacking will be done, but rather how much has already taken place,” 

“Some groups have likely infiltrated these companies and have not been caught, and are pilfering through specific vaccine information, patents and other valuable content,” he further added. “A vaccine for COVID is a strategically valuable (maybe crucial) asset. Whoever gets a vaccine first has an economic advantage and it is worth billions of dollars to a country and its economy. It is the ultimate IP with immediate value.” 

Rob Bathurst, CTO of cybersecurity firm Digitalware said, “The rule of thumb for an attacker is to use just enough to get the job done– and that is usually commercial malware first and custom packages only if needed for a specific target,” 

Warning users, Curry said, “To combat this type of attack, organizations need to continue to improve their security hygiene, implement around-the-clock threat hunting and increase their ability to detect malicious activity early. Security-awareness training is also needed and employees should not open attachments from unknown sources and never download content from dubious sources.”

Ransomware Attack Leaks GenRx’s Data


GenRx Pharmacy, which is settled in Scottsdale, AZ, is telling people of a data breach incident. The occurrence might affect the security of certain individuals. While the drug store doesn't know about any real damage done to people because of the circumstance, it is furnishing conceivably affected people with data by means of First Class mail with respect to steps taken, and what should be done to further fortify against likely defacement. 

On September 28, 2020, the pharmacy discovered proof of ransomware on its system and promptly started an examination, including recruiting independent information security and technology experts to help with incident response and criminological examination. During the ransomware assault, the drug store had full admittance to its information with unaffected reinforcements and had the option to keep up persistent business activities as they examined. Along with forensic experts, the drug store ended the cybercriminals' admittance to the drug store's system the very day and affirmed that an unapproved outsider conveyed the ransomware just a single day prior. On November 11, 2020, the drug store affirmed that the cybercriminals had exfiltrated a few records that incorporated certain health-related data, the drug store used to measure and transport endorsed items to patients.

As per the sources, the cybercriminals accessed health data of certain previous GenRx patients: patient ID, transaction ID, first and last name, address, telephone number, date of birth, sex, allergies, drug list, health plan data, and prescription data. The drug store doesn't gather patient Social Security Numbers ("SSNs") or keep up monetary data, thus it is extremely unlikely that the cybercriminal could get to that data of GenRx patients during this episode. 

An entry on the US Department of Health and Human Services HIPAA breach portal shows that more than 137,000 GenRx patients are being educated about the occurrence. GenRx Pharmacy has overhauled its firewall firmware, added extra anti-virus and web-sifting programming, established multifaceted verification, expanded Wi-Fi network traffic checking, gave extra preparation to representatives, refreshed inside approaches and methodology, and introduced real-time intrusion detection and reaction programming on all workstations and workers that access the organization.

The pharmacy is surveying more choices to improve its conventions and controls, technology, and preparation, including fortifying encryption. Although SSNs and monetary data were not influenced by this occurrence, the pharmacy suggests that as an overall best practice, people monitor account articulations and free credit reports to distinguish expected mistakes.

Swatting Incidents Streamed via Smart Gadgets


The FBI gave an admonition on Tuesday telling Americans of an "expansion" of swatting assaults focusing on individuals with smart home gadgets. As indicated by the FBI, pranksters have been hacking into occupants' smart gadgets and then contacting law enforcement to report counterfeit wrongdoings at the victims' homes. By getting into a particular home security gadget a hacker can start a call for help to authorities and watch distantly as the swat happens. The FBI brings up that, by starting a call for help from the genuine security gadget loans realness and namelessness to the hacker. 

The organization noticed that wrongdoers were utilizing, purloined email passwords to sign into the smart gadget and hack the features, including the live-stream camera and gadget speakers. In certain instances, hackers were even live-streaming the occasion on online network stages, the FBI added. Live streaming swat assaults isn't new. Last December, the Vice a Canadian-American magazine, provided details regarding a webcast called "NulledCast" which live-streamed to the substance sharing stage Discord, an episode where criminal entertainers commandeered a Nest and Ring smart home video and sound to harass them in a wide range of frightening ways.

By February 2020, Ring had revealed additional layers of security past its all-around compulsory two-factor verification, including requiring a one-time six-digit code to sign on, cautions when somebody signs onto the account, and devices to control access by third-party service providers which could likewise be penetrated. The ring is likewise getting ready to launch end to end video encryption.

Swatting has been an issue in America for as long as twenty years, and it can accompany some genuine repercussions. Settling on fake emergency calls can accompany misdemeanor or crime accusations relying upon the state. Los Angeles occupant Tyler Rai Barriss was condemned to 20 to 25 years in federal jail on 51 charges relating to spoof crisis calls, including one bogus report he made to authorities in Witchita, Kansas, in December 2017. On the call, Barriss professed to have shot and executed his dad and said he was holding his family hostage. 

To curb the rise in hack and swat cases, department authorities said they are presently working with gadget sellers to prompt clients on how they could choose better passwords for their gadgets. Makers have just been told about the uptick in hacking, and the FBI said it was working with nearby law authorization to help encourage units on the appropriate method to react to the danger.