Month: October 2023

In early October 2023, Resecurity’s HUNTER (HUMINT) unit identified millions of personally identifiable information (PII) records, including Aadhaar card numbers, belonging to Indian residents, being offered for sale on the Dark Web.

An Aadhaar is a unique, 12-digit individual identification number issued by the Government of India. Beyond the PII found on traditional ID documents, Aadhaars include “core biometrics,” including 10 fingerprints and two iris scans. There are roughly 1.4 billion Aadhaars issued since this ID service launched in 2009.

On October 9, 2023, a threat actor going by the alias ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. This represents about 55% of India’s total population. The entire dataset was offered for sale for $80,000.

The leak of PII data containing Aadhaar and other details of Indian residents on the Dark Web creates a significant risk of digital identity theft. Threat actors leverage stolen identity information to commit online banking theft, tax refund frauds, and other cyber-enabled financial crimes. Resecurity observed a spike in incidents involving Aadhaar IDs and their leakage on underground cybercriminal forums by threat actors looking to harm Indian nationals and residents. To mitigate this risk, Resecurity acquired the published data set on Dark Web and notified victims of the leaked identities.

Read more about it here.

Flagstar Bank has warned that 837,390 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.

Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition in 2022, was one of the largest banks in the United States, having total assets of over $31 billion.

The breach occurred between May 27 and 31, 2023. It exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv for payment processing and mobile banking services.

In June 2022, Flagstar Bank disclosed another data breach that impacted roughly 1.5 million of its customer in the US, but the company did not share details about the attack. The security breach took place in early December 2021.

On March 2021, the bank was the victim of another attack conducted by the Clop ransomware gang.

Read more about it here.

Researchers disclosed a new zero-day DDoS attack technique, called ‘HTTP/2 Rapid Reset’, that was exploited since August 2023 in record-breaking attacks. These attacks have been observed on Amazon Web Services (AWS), Cloudflare and Google.

The attack peaked at 155 million requests per second (Amazon), 201 million rps (Cloudflare), and a record-breaking 398 million rps (Google).

The attack method abuses HTTP/2’s stream cancellation feature to continuously send and cancel requests, overwhelming the target server or application and imposing a DoS state.

The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled, by sending a RST_STREAM frame. The protocol allows the client to unilaterally request a cancelation. It “makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open”, continues the Google post. This can be mitigated by having entire TCP connection needs to closed when abuse is detected.

Amazon Web Services (AWS), Cloudflare and Google said on October 10, 2023 they took steps to mitigate these record-breaking Distributed Denial-of-Service (DDoS) attacks

Read more about it here.