Category: Uncategorized

Phone numbers of nearly 500 million WhatsApp users are on sale. As reported by Cybernews, on November 16, 2022, a a threat actor has posted an ad on a hacking community forum, claiming that it is selling a 2022 database of 487 million WhatsApp user mobile numbers. The actor claimed that the database contains mobile numbers of active WhatsApp users from 84 different countries. The phone numbers belongs to the citizens of Egypt (45 million), Italy (35 million), US (32 million), Saudi Arabia (29 million), France (20 million), Turkey (20 million), UK (11 million), Spain (11 million), Russia (10 million) and Germany (6 million).

The threat actor told Cybernews they were selling the US dataset for $7,000, the UK for $2,500, and Germany for $2,000.

Upon request, the seller of WhatsApp’s database shared a sample of data with Cybernews researchers. There were 1097 UK and 817 US user numbers in the shared sample. Cybernews investigated all the numbers included in the sample, and managed to confirm that all of them are, in fact, WhatsApp users.

WhatsApp is reported to have more than two billion monthly active users globally.

Such information is mostly used by attackers for smishing and vishing attacks, so users should remain wary of any calls from unknown numbers, unsolicited calls and messages from unknown senders.

Read more about it here.

Australian health insurance giant Medibank said no ransom payment will be made to the criminals responsible for a recent data leak, wherein around 9.7 million current and former customers’ data was compromised. This figure represents around 5.1 million Medibank customers, 2.8 million ahm customers and around 1.8 million international customers

Medibank confirmed that name, date of birth, address, phone number, and email addresses for around 9.7 million current and former customers were accessed in the data theft. Medibank first announced the cyberattack on October 12.

The health insurer believes the criminals have not accessed primary identity documents, such as drivers’ licenses, for Medibank and ahm resident customers, because it does not collect primary identity documents for resident customers except in exceptional circumstances.

The Australian Federal Police (AFP) later announced that it has identified the criminals.

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published its 10th annual report on the state of the cybersecurity threat landscape. The report covers the period of April 2021 to July 2022.

The report identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures.

Top threats

• Ransomware:
  • 60% of affected organisations may have paid ransom demands
• Malware:
  • 66 disclosures of zero-day vulnerabilities observed in 2021
• Social engineering:
  • Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
• Threats against data:
  • Increasing in proportionally to the total of data produced
• Threats against availability:
  • Largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022;
  • Internet: destruction of infrastructure, outages and rerouting of internet traffic.
• Disinformation – misinformation:
  • Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
• Supply chain targeting:
  • Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020

Main trends
Zero-day exploits are the new resource used by cunning threat actors to achieve their goals;
A new wave of hacktivism has been observed since the Russia-Ukraine war.
DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
AI-enabled disinformation and deepfakes. The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rulemaking process, as well as the community interaction, by flooding government agencies with fake contents and comments.

Read more about it here.

Australian retail giant Woolworths disclosed a data breach that impacted 2.2 million MyDeal customers. In September 2022, Woolworths purchased 80% of MyDeal.

According to the company, a threat actor leveraged a user’s compromised credentials to access the MyDeal customer relationship management (CRM) system.

This gave the attacker access to MyDeal customer data, including name, email address, phone number, delivery address and, in some cases, date of birth. Woolworths said 1.2 million of the impacted customers only had their email address compromised. Payment, drivers license, or passport details were not accessed, because MyDeal does not store this information. In addition, no customer account passwords were accessed.

Woolworths itself was not impacted by the security breach.

Read more about it here.

Japanese giant Toyota Motor Corporation disclosed in a statement that nearly 300,000 customers may have had their personal data leaked, after a third party mistakenly uploaded part of the T-Connect source code to their GitHub account while it was set to be public in December 2017. The source code contained the access key to a data server that stored customer email addresses and management numbers. This made it possible for an unauthorized third party to access the details of 296,019 customers between December 2017 and September 15, 2022, when access to the GitHub repository was restricted. The server contained customer email addresses and management numbers.

T-Connect is an app developed by the company that allows car owners to control the vehicle’s infotainment system and monitor the access of the vehicle

The silver lining to the data leak is that customer names, phone numbers, credit cards, etc., were not exposed. With no additional personal information about the user, threat actors cannot tailor their social engineering efforts while carrying out phishing attacks, making them a bit less severe.

Read more about it here.

Telstra Telecom, Australia’s largest telecommunication company, reported on October 4, 2022, that it was the victim of a data breach through a third-party. This occurred nearly two weeks after its main rival, Optus, reported a data breach of its own. In total, the first names, last names and the email addresses of 30,000 Telstra employees and former employees have been leaked on a hacking forum.

“There has been no breach of Telstra’s systems. And no customer account data was involved”, said in a statement Narelle Devine, the company’s Chief Information Security Officer for the Asia Pacific region.

Read more about it here.

American Airlines has recently suffered a data breach. Threat actors compromised a limited number of employee Microsoft 365 email accounts, and as a result gained access to sensitive customer and employee personal information. The information included names, email addresses, passport numbers, date of birth, driver’s license numbers, mailing addresses, phone numbers, and certain medical information.

The company filed a data breach notification letter with Montana’s State Attorney General’s Office on September 16, 2022, disclosing that the breach was discovered in July, approximately two months earlier. The notification reads: “In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members. Upon discovery of the incident, we
secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident. Our investigation determined that certain personal information was in the email accounts. We conducted a full eDiscovery exercise and determined some of your personal information may have been contained in the accessed email accounts. We have no evidence to suggest that your personal information was misused.”

The company did not disclose how many customers were impacted by the data breach.

American Airlines employs about 123,000 employees, and makes about 6,800 daily flights to 350 destinations in over 50 countries. It is the world’s largest airline when measured by fleet size, scheduled passengers carried, and revenue per passenger mile.

Read more about it here.

InterContinental Hotels Group PLC (IHG) disclosed on September 9, 2022 that has been breached. Parts of its technology systems have been subject to unauthorized activity. The attack significantly disrupted IHG’s booking channels and other applications, which implies that the company may have been subject to ransomware attack. The attack impacted also third-party sites, such as Expedia and Booking.com.

IHG operates 17 brands, including Regents, InterContinental, Crowne Plaza and Holiday Inn.

Read more about it here.

The hacking group AgainstTheWest recently published a post on the Breach Forums message board, claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to have had access to an Alibaba cloud instance containing data for both TikTok and WeChat users. The group claims to hold 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and more.

TikTok has told Bleeping Computer that the claims of the company being hacked are false: “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.” TikTok further said: “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”

Popular data breach hunter Bob Diachenko and his team analyzed the publicly exposed data and confirmed its authenticity, and noted that the data’s source was Hangzhou Julun Network Technology Co., Ltd and not TikTok.

Troy Hunt, a regional director at Microsoft and the creator of the Have I Been Pwned tool, called the hackers’ data “inconclusive,” but added that “it could be non-production or test data” that likely wasn’t taken through a data breach.

This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.

— Troy Hunt (@troyhunt) September 5, 2022

Read more about it here.

Google announced it has fended off the largest ever HTTPS-based Distributed Denial of Service (DDoS) attack, which peaked at 46 million requests per second. According to Google, the DDoS attack was quickly detected and stopped at the edge of Google’s network, and the customer that was attacked was not impacted.

On June 1, 2022, starting 9:45 AM PDT, a Google Cloud Armor customer was targeted with a series of HTTPS DDoS attacks which peaked at 46 million requests per second. To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.

Cloud Armor Adaptive Protection was able to detect and analyze the traffic early in the attack lifecycle. Cloud Armor alerted the customer with a recommended protective rule which was then deployed before the attack ramped up to its full magnitude. Cloud Armor blocked the attack ensuring the customer’s service stayed online and continued serving their end-users.

“There were 5,256 source IPs from 132 countries contributing to the attack. Approximately 22% (1,169) of the source IPs corresponded to Tor exit nodes.”

The attack lasted 69 minutes, ending at 10:54 AM PDT.

Read more about it here.