Month: November 2022

Phone numbers of nearly 500 million WhatsApp users are on sale. As reported by Cybernews, on November 16, 2022, a a threat actor has posted an ad on a hacking community forum, claiming that it is selling a 2022 database of 487 million WhatsApp user mobile numbers. The actor claimed that the database contains mobile numbers of active WhatsApp users from 84 different countries. The phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), US (32 million), Saudi Arabia (29 million), France (20 million), Turkey (20 million), UK (11 million), Spain (11 million), Russia (10 million) and Germany (6 million).

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK for $2,500, and Germany for $2,000.

Upon request, the seller of WhatsApp’s database shared a sample of data with Cybernews researchers. There were 1097 UK and 817 US user numbers in the shared sample. Cybernews investigated all the numbers included in the sample, and managed to confirm that all of them are, in fact, WhatsApp users.

WhatsApp is reported to have more than two billion monthly active users globally.

Such information is mostly used by attackers for smishing and vishing attacks, so users should remain wary of any calls from unknown numbers, unsolicited calls and messages from unknown senders.

Read more about it here.

Australian health insurance giant Medibank said no ransom payment will be made to the criminals responsible for a recent data leak, wherein around 9.7 million current and former customers’ data was compromised. This figure represents around 5.1 million Medibank customers, 2.8 million ahm customers and around 1.8 million international customers

Medibank confirmed that name, date of birth, address, phone number, and email addresses for around 9.7 million current and former customers were accessed in the data theft. Medibank first announced the cyberattack on October 12.

The health insurer believes the criminals have not accessed primary identity documents, such as drivers’ licenses, for Medibank and ahm resident customers, because it does not collect primary identity documents for resident customers except in exceptional circumstances.

The Australian Federal Police (AFP) later announced that it has identified the criminals.

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published its 10th annual report on the state of the cybersecurity threat landscape. The report covers the period of April 2021 to July 2022.

The report identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures.

Top threats

• Ransomware:
  • 60% of affected organisations may have paid ransom demands
• Malware:
  • 66 disclosures of zero-day vulnerabilities observed in 2021
• Social engineering:
  • Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
• Threats against data:
  • Increasing in proportionally to the total of data produced
• Threats against availability:
  • Largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022;
  • Internet: destruction of infrastructure, outages and rerouting of internet traffic.
• Disinformation – misinformation:
  • Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
• Supply chain targeting:
  • Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020

Main trends
Zero-day exploits are the new resource used by cunning threat actors to achieve their goals;
A new wave of hacktivism has been observed since the Russia-Ukraine war.
DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
AI-enabled disinformation and deepfakes. The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rulemaking process, as well as the community interaction, by flooding government agencies with fake contents and comments.

Read more about it here.