Cyber Victor – a leading blog on cyber security

Amazon disclosed on November 11, 2024 a data breach that exposed employee information after the data was allegedly stolen during the May 2023 MOVEit Transfer attacks. The company said that the data was stolen from a third-party property management vendor. The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. This critical SQL injection flaw enabled cybercriminals to bypass security measures and potentially steal sensitive data from thousands of organizations worldwide.

The Amazon employee information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.

Amazon did not disclose the number of impacted employees.

A threat actor using the handle Nam3L3ss leaked over 2.8 million records containing Amazon employee data on the hacking forum BreachForums.

Read more about it here.

Interbank, one of Peru’s leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Interbank disclosed a data breach after a threat actor going by the moniker ‘kzoldyck’ claimed the leak of 3.7 TB of company data. The alleged stolen data includes account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, info on bank transactions, and other sensitive information, including plaintext credentials.

Interbank announced that it had resumed its mobile and online platforms after recent outages and assured customers that their funds were not impacted by the security incident.

The threat actor confirmed that Interbank refused to pay the ransom after a two-week negotiation.

Interbank, formally known as the Banco Internacional del Perú Service Holding S.A.A., is a leading Peruvian provider of financial services and has over 2 million customers.

Read more about it here.

US based financial services giant company Fidelity Investments warns 77,099 individuals of a data breach that exposed their personal information. The company revealed via a breach notification filed with the Office of the Maine Attorney General that it was hit by a breach on August 17, 2024, which the firm detected on August 19. A letter sent to the 77,099 customers caught up in the breach confirmed that the attackers stole personal information related to them.

Fidelity said that a third party had accessed and obtained certain information without authorization by using two customer accounts they recently set up. This implies that threat actors exploited “Broken Access Control”, the number one attack vector in OWASP’s Top 10 Web Application Security Risks. One of the risks associated with this is permitting the viewing or editing of someone else’s account by providing its unique identifier. After detecting the activity, the company terminated access to those accounts and launched an investigation with help from outside security experts.

Compromised information included names, Social Security Numbers, financial account data, and drivers license information. Fidelity confirmed that financial data was not exposed and Fidelity customer accounts were not hacked.

Read more about it here.

American peer-to-peer payments and money transfer company MoneyGram confirmed on September 21, 2024 that a cyberattack caused its services to become unavailable. The company has taken some of its systems offline since September 20 to contain the attack, and services were fully restore on September 26.

MoneyGram now confirms on its web site that the cyberattack exposed customer data, including customer name, contact info (such as phone numbers, email and postal addresses), dates of birth, government IDs, Social Security numbers, and transaction details:

“The impacted information included certain affected consumer names, contact information (such as phone numbers, email and postal addresses), dates of birth, a limited number of Social Security numbers, copies of government-issued identification documents (such as driver’s licenses), other identification documents (such as utility bills), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (such as dates and amounts of transactions) and, for a limited number of consumers, criminal investigation information (such as fraud). The types of impacted information varied by affected individual.”

The company said it is proactively working to contain and remediate the attack with the help of external cybersecurity experts. The company already notified law enforcement about the data breach.

Read more about it here.

Web infrastructure and security company Cloudflare has disclosed that it autonomously mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. This is the largest publicly recorded thwarted DDoS to date. The assault consisted of a “month-long” barrage in September 2024 of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data.

The previous record-breaking volumetric DDoS attack was reported by Microsoft in November 2021, peaking at 3.47 Tbps with a packet rate of 340 million Pps (Packets per second). The largest attack previously seen by Cloudflare peaked at 2.6 Tbps.

According to Cloudflare, the infected devices were spread across the globe but many of them were located in Russia, Vietnam, the US, Brazil and Spain

A Volumetric DDoS attack aims to overwhelm the target’s network or servers by flooding them with a massive volume of data. The goal is to consume all available bandwidth or system resources, rendering the service inaccessible to legitimate users.

Read more about it here.

American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its services to become unavailable.

On September 21, 2024, the company informed its customers that it was experiencing “a network outage impacting connectivity to a number of our systems.”

The company has taken some of its systems offline since September 20 to contain the attack.

On September 23, MoneyGram confirmed that it “recently identified a cybersecurity issue affecting certain of our systems”.

Online services were fully restored only on September 26.

The company remained largely silent about the cybersecurity incident beyond a handful of updates posted to its X account. However, the length and the severity of the outage points to ransomware. The fact that the company was spending an extended period of time restoring key systems further points to potentially its refusal to pay a ransom demand and recovery from backups.

In 2014, it was the second largest provider of money transfers in the world. MoneyGram operates in more than 200 countries and territories with a global network of about 430,000 agent offices, serving 150 million customer.

Read more about it here.

Cybersecurity giant Fortinet confirmed on September 12, 2024 that it suffered a data breach, after a threat actor claimed to steal 440GB of files from the company’s Microsoft SharePoint server. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers” says its blog post. The company further stated that “Fortinet’s operations, products, and services have not been impacted.”

The threat actor, known as “Fortibitch,” claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay.

Fortinet did not disclose how many customers are impacted or what kind of data has been compromised but said that it “communicated directly with customers as appropriate.”

Fortinet is one of the largest cybersecurity vendors in the industry, offering firewalls, routers, VPN devices, extended detection and response, SIEM, network management and consulting services. It employs over 13,500 employees.

Read more about it here.

Giant car rental company Avis disclosed that an August 2024 data breach affected 299,006 of its customers.

According to the letter it sent out to those who have been affected, on August 3, 2024, a threat actor gained unauthorized access to its business applications. The data was access until August 6. The data breach was detected on August 14. The company took steps to end the access and launched an investigation with third-party experts, as well as alerted the authorities and notified the Maine Attorney General’s Office.

The stolen data includes personal information such as names, mailing addresses, email addresses, phone numbers, dates of birth, credit card numbers with expiration dates and driver’s license numbers – critical information that can be used for identity theft or fraud.

The car rental did not disclose technical details about the attack

To mitigate possible damage, Avis is providing all affected customers with one year of free credit monitoring through Equifax.

Read more about it here.

Giant oil service company Halliburton confirmed that it was hit by a cyberattack that forced the company to take systems offline.

In a SEC filing, Halliburton said that “On August 21, 2024, Halliburton Company (the “Company”) became aware that an unauthorized third party gained access to certain of its systems.” The filing further says: “When the Company learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity. The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”

It isn’t clear at the time of this writing whether the cyberattack is some form of ransomware attack.

The company did not immediately respond to requests for further comment about the impact of the cyberattack.

Houston, Texas-based Halliburton employs 48,000 employees and operates in 70 countries.

Read more about it here.

Jerico Pictures Inc., doing business as National Public Data (“NPD”), exposed in April 2024 the personal information of nearly 2.9 billion individuals as a result of a data breach.

NPD is background check company that allows its customers to search billions of records with instant results.

In early April, 2024, a threat actor that uses the moniker of USDoD gained access to NPD’s network, and was able to exfiltrate unencrypted PII, including full names, Social Secutiy numbers, address history, and family information, of billions of individuals whose data is stored on NPD’s network.

On April 8, 2024, USDoD announced the sale of a “National Public Data” database on a dark web forum called Breached. It offered the 2.9 billion records for $3.5 million.

Researchers from VX-underground requested and received an advance copy of the data, reviewed the massive file – 277.1GB uncompressed, and confirmed that the data present in it is real and accurate. They also noticed that the database doesn’t contain information from individuals who use data opt-out services. People who did not use data opt-out services and resided in the United States were immediately found. The archive also contains data on deceased people.

A proposed class action lawsuit was filed in U.S. District Court, Southern District of Florida, Fort Lauderdale Division, on behalf of Christopher Hofmann, who said he received a notification from his identity theft protection service provider the month before that his data was on the dark web due to a data breach.

Read more about it here.