Top news stories this week
- Exposed. Unauthorised third-party gains access to Matt Gaetz depositions.
- Red handed. Phobos ransomware administrator arrested in South Korea and Scattered Spider members charged in the US.
- Pay up. Meta faces multiple repercussions from 2021 data breach.
- Phishing beware. Malware delivered by mail and Trump assassination story used as bait in phishing campaigns.
- Muddy waters. Cyber security issues impact the resilience of critical national infrastructure in the UK and the US.
- Deepfake. Hackers hide infostealers behind legitimate-looking AI image editing tools.
1. 'Hacker' gains access to Matt Gaetz depositions
An unauthorised third-party has accessed witness depositions from a US congressional ethics investigation into former congressman Matt Gaetz, even as the House Ethics Committee reportedly remains deadlocked on whether the results of the investigation should be released. Gaetz, who has since withdrawn as nominee for the US Attorney General position, denies any wrongdoing.
The documents were accidentally exposed to the internet via the file sharing platform ShareFile after being incorrectly configured, leading to an unknown user named ‘Altam Beezley’ downloading them.
So What?
When sharing and hosting sensitive documents on third-party platforms, it is crucial to control and verify who is able to access them.
[Researcher: David Broome]
2. US law enforcement charges Phobos administrator and Scattered Spider members
A suspected administrator of Phobos ransomware, Evgenii Ptitsyn, was apprehended in South Korea and extradited to the US to face legal charges. The Russian national is accused of distributing the Phobos strain on dark web markets to affiliates who then successfully attacked both private and public US institutions. It is estimated that the group received more than USD 16 million in extortion payments.
Separately, five members of the ransomware group Scattered Spider have been charged in US courts. The threat group is responsible for prolific hacks including the attack on MGM Resorts last year. The four American nationals and one UK national arrested face potential sentences of 25 years each.
So what?
US law enforcement continues collaborative efforts to unmask the operators of ransomware and tackle cyber crime.
[Researcher: Adelaide Parker]
3. German court allows thousands to seek compensation from Meta over 2021 data breach
A German court has ruled that thousands of individuals affected by the 2021 Facebook data breach are entitled to seek compensation of EUR 100 without them having to prove specific financial loss or that their data was misused. The ruling follows a EUR 265 million fine imposed on Meta in 2022 by the Irish Data Protection Commission in response to the same incident.
So what?
Organisations operating in different jurisdictions with varying regulatory frameworks may incur multiple liabilities and fines in the event of a cyber incident.
[Researcher: Aditya Ganjam Mahesh]
4. Malware delivered by mail and Trump assassination story used as bait in phishing campaigns
Cyber criminals used the Swiss postal service to distribute malicious QR codes, purporting to be from the Swiss Federal Office of Meteorology and Climatology. The letters encouraged recipients to download a Severe Weather Warning app onto their Android devices from a third-party app store. The app contained malware aimed at stealing credentials from other installed apps, such as banking applications.
In a separate phishing campaign, attackers impersonated the New York Times and used a fake Trump assassination story to lure victims into clicking a link and harvest their credentials.
SO WHAT?
Phishing techniques constantly evolve but some key rules remain; look out for typos in the company name and domain they try to impersonate, and only download applications from trusted app stores.
[Researcher: Anna Tankovics]
5. Cyber security issues impact the resilience of critical national infrastructure in the UK and the US
Two separate investigations have disclosed the resilience gaps of water treatment companies in the UK and the US. Thames Water in the UK utilises obsolete technology dating back to 1980s, making it susceptible to outages and cyber attacks. Separately, almost 100 water treatment systems in the US contain multiple critical vulnerabilities and cyber security gaps, and have previously been struck by ransomware.
SO WHAT?
Vulnerabilities of end-of-life technology can no longer be patched, which makes them an easy target for cybercriminals. Organisations should enforce routine patch management and replace legacy IT infrastructure.
.[Researcher: Milda Petraityte]
6. Criminals hide infostealers in fake AI photo and video editors
Hackers are hiding infostealers and other malware in fake AI image generators circulating on social media. The infostealer variants, such as Lumma Stealer for Windows and AMOS for macOS, extract sensitive data such as login credentials, cookies, browsing history, credit card details, and cryptocurrency wallet information once downloaded.
So what?
Avoid downloading items from unverified sources, as doing so can severely compromise the security of your personal data.
[Researcher: Lena Krummeich]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
