Network security Archives | Page 171 of 178

Thousands of event tickets leaked because of Ticketmaster hack

In an ongoing extortion scheme targeting Ticketmaster, nearly 39,000 print-at-home tickets for 150 upcoming concerts and events featuring artists like Pearl Jam, Phish, Tate McCrae, and Foo Fighters have been leaked by threat actors. The person responsible, known as ‘Sp1derHunters,’ is the same individual who sold data stolen from recent data breaches targeting Snowflake, a third-party cloud database provider.

The chain of events began in April when threat actors initiated the download of Snowflake databases from over 165 organisations using stolen credentials acquired through information-stealing malware. Subsequently, in May, a prominent threat actor named ShinyHunters started to sell the data of 560 million Ticketmaster customers, allegedly extracted from Ticketmaster’s Snowflake account. Ticketmaster later verified that their data had indeed been compromised through their Snowflake account.

Initially, the threat actors demanded a ransom of $500,000 from Ticketmaster to prevent the dissemination or sale of the data to other malicious actors. However, a recent development saw the same threat actors leaking 166,000 Taylor Swift ticket barcodes and increasing their demand to $2 million.
In response to the situation, Ticketmaster asserted that the leaked data was ineffective due to their anti-fraud measures with a system that continuously generates unique mobile barcodes. According to Ticketmaster, their SafeTix technology safeguards tickets by automatically refreshing barcodes every few seconds, making them impervious to theft or replication.

Contrary to Ticketmaster’s claims, Sp1d3rHunters refuted the assertion, stating that numerous print-at-home tickets with unalterable barcodes had been stolen. The threat actor emphasised that Ticketmaster’s ticket database has online and physical ticket types, such as Ticketfast, e-ticket, and mail, which are printed and cannot be automatically refreshed. Instead, they suggested that Ticketmaster must invalidate and reissue the tickets to affected customers.

The threat actors shared a link to a CSV file containing the barcode data for 38,745 TicketFast tickets, revealing ticket information for various events and concerts, including those featuring Aerosmith, Alanis Morissette, Billy Joel & Sting, Bruce Springsteen, Carrie Underwood, Cirque du Soleil, Dave Matthews Band, Foo Fighters, Metallica, Pearl Jam, Phish, P!NK, Red Hot Chili Peppers, Stevie Nicks, STING, Tate McRae, and $uicideboy$.

International law enforcement coalition dismantles illegal uses of penetration testing tool used in ransomware

An international coalition of law enforcement agencies has dismantled hundreds of illegal installations of Cobalt Strike, a penetration testing tool frequently abused by state-sponsored and criminal hackers in ransomware attacks. The operation, coordinated by Britain’s National Crime Agency (NCA), targeted 690 IP addresses hosting illegal versions of the software across 27 countries.

Cobalt Strike, now owned by Fortra, was developed in 2012 to simulate hacker attacks on networks. However, its effectiveness has led to widespread abuse by malicious actors using pirated versions. The crackdown is part of broader efforts to combat ransomware gangs by disrupting critical points in their operations, similar to the recent seizure of bulletproof hosting provider LolekHosted.

In addition to legitimate uses, Cobalt Strike has been exploited by hackers linked to Russia, China, and North Korea. The NCA highlighted that pirated versions of the software, available on illegal marketplaces and the dark web since the mid-2010s, have become a preferred tool for network intrusions and rapid ransomware deployment.

Typically, unlicensed versions of Cobalt Strike are used in spear phishing campaigns to install beacons on target devices, allowing attackers to profile and remotely access networks. Its multifunctional nature, including command and control management, makes it a ‘Swiss army knife’ for cybercriminals and nation-state actors, according to Don Smith, VP of threat research at Secureworks Counter Threats Unit.

Europol confirmed Fortra’s significant efforts to prevent software abuse and its partnership throughout the investigation. Nevertheless, older versions of Cobalt Strike have been cracked and used by criminals, linking the tool to numerous malware and ransomware cases, including those involving RYUK, Trickbot, and Conti.

EU Commission opens €210m fund for cybersecurity and digital skills initiatives

The European Commission has opened the application process to fund cybersecurity and digital skills initiatives, exceeding a €210m ($227.3m) investment under the Digital Europe Programme (DEP). Established in 2021, the DEP aims to contribute to the digital transformation of the EU’s society and economy, with a planned total budget of €7.5bn over seven years. It funds critical strategic areas such as supercomputing, AI, cybersecurity, and advanced digital skills to advance this vision.

In the latest funding cycle, the European Commission will allocate €35m ($37.8m) towards projects safeguarding large industrial installations and critical infrastructures. An additional €35m will be designated for implementing cutting-edge cybersecurity technologies and tools.

Furthermore, €12.8m ($13.8m) will be invested in establishing, reinforcing, and expanding national and cross-border security operation centres (SOCs). The initiative aligns with the proposed EU Cyber Solidarity Act, which aims to establish a European Cybersecurity Alert System to enhance the detection, analysis, and response to cyber threats. The envisioned system will consist of cross-border SOCs using advanced technologies like AI to share threat intelligence with authorities across the EU swiftly.

Moreover, the DEP will allocate €20m to assist member states in complying with the EU cybersecurity laws and national cybersecurity strategies. That includes the updated NIS2 Directive, which mandates strengthening cybersecurity measures in critical sectors and requires it to be transposed into national legislation by October 2024.

Finally, the latest DEP funding round will also allocate €55m ($59.5m) towards advanced digital skills, supporting the design and delivery of higher education programs in key digital technology domains. Additionally, €8m ($8.6m) will be directed towards European Digital Media Observatories (EDMOs) to finance independent regional hubs focused on analysing and combating disinformation in digital media.

RockYou2024 password leak exposes nearly 10 billion unique passwords

The largest compilation of nearly ten billion unique passwords, titled RockYou2024, was leaked on a popular hacking forum, posing significant risks for users prone to reusing passwords. Discovered by Cybernews researchers, the file contains 9,948,575,739 plaintext passwords and was posted by a user named ObamaCare. The leak is believed to combine data from various old and new breaches, dramatically increasing the threat of credential-stuffing attacks.

Credential stuffing attacks exploit leaked passwords to gain unauthorised access to accounts, affecting users and businesses. The RockYou2024 leak significantly heightens this risk, as previous attacks on companies like Santander and Ticketmaster demonstrated. Cybernews highlighted the need for robust security measures, such as resetting compromised passwords, using strong, unique passwords, and enabling multi-factor authentication (MFA).

The RockYou2024 leak follows the 2021 release of a similar but smaller compilation, RockYou2021, which contained 8.4 billion passwords. The new dataset has grown by 15 percent, incorporating an additional 1.5 billion passwords. The compilation is believed to include information from over 4,000 databases collected over more than two decades, making it a potent tool for cybercriminals.

To protect against potential breaches, Cybernews advises users to reset exposed passwords, use MFA, and utilise password managers. The company will also integrate RockYou2024 data into its Leaked Password Checker, allowing individuals to verify if their credentials have been compromised. The leak follows another significant breach, the Mother of All Breaches (MOAB), which involved 12 terabytes of data and 26 billion records earlier this year.

UN ITU condemns Russia for alleged satellite system interference in European countries

The UN’s International Telecommunication Union (ITU) condemned Russia for allegedly interfering with the satellite systems of several European countries, including Ukraine, France, Sweden, the Netherlands, and Luxembourg. These incidents, reported over recent months, have disrupted GPS signals and jeopardised air traffic control.

ITU’s review indicated that the interference originated from earth stations near Moscow, Kaliningrad, and Pavlovka. The organisation called the interference ‘extremely worrisome and unacceptable’ and urged Russia to cease these actions immediately and investigate the incidents. It also proposed a meeting between the affected countries and Russia to resolve the issue.

Swedish authorities blamed Russia for harmful interference shortly after Sweden joined NATO, while France reported significant disruptions to its Eutelsat satellites. Additionally, Lithuania and Estonia raised alarms about navigation signal interference impacting flights. Earlier in the year, a jet carrying UK Defence Secretary Grant Shapps experienced GPS jamming over Kaliningrad.

Russia denied any wrongdoing and complained about alleged interference by NATO countries, which ITU did not address. Russia’s presidential press secretary, Dmitry Peskov, expressed unawareness of the UN agency attributing interference to Russia and questioned the UN’s authority to discuss the matter.

IBM and Microsoft expand cybersecurity partnership for enhanced cloud protection

IBM Consulting and Microsoft have expanded their long-standing partnership to help clients modernise their cybersecurity operations and manage hybrid cloud identities. As businesses increasingly adopt hybrid cloud and AI technologies, protecting valuable data has become critical.

IBM Consulting integrates its cybersecurity services with Microsoft’s security technology portfolio to modernise end-to-end security operations. The collaboration aims to provide tools and expertise to protect data through cloud solutions, ultimately driving business growth. Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM Consulting, emphasises that ‘security must be a foundational part of every organisation’s core operations.’

IBM’s Threat Detection and Response (TDR) Cloud Native service combines Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Defender for Cloud with AI-powered security technologies to accelerate threat detection and response. IBM’s global team of security analysts provides 24/7 monitoring and investigation of security alerts across clients’ hybrid cloud environments, maximising the value of Microsoft’s end-to-end security solutions.

Indonesia IT Ministry official resigns amid cyberattack fallout

After recent Indonesia’s most severe cyberattack, Samuel Abrijani Pangerapan, the director-general for applications and information at the Ministry of Communications and Information Technology, resigned, citing moral responsibility. The attack, which struck more than 280 government agencies, resulted in significant data loss and disrupted essential services ranging from airport operations to scholarship management. The hacker group responsible initially demanded a ransom of $8 million, which the government refused to pay. The hackers later apologised and provided a decryption key to unlock the stolen data.

Despite the decryption key’s release, the recovery process has been challenging. The Ministry of Communications and Information Technology reported that only 2% of the data had been saved by early efforts, with the rest presumed lost. President Joko Widodo responded by ordering an immediate cybersecurity audit and the implementation of robust backup strategies across all national data centres. The goal is to prevent similar incidents in the future, emphasising the need for comprehensive security measures.

Public dissatisfaction has grown in response to the government’s handling of the cyberattack. The attack impacted administrative services and caused significant disruptions at airports in Indonesia, where immigration systems were forced to operate manually due to the cyberattack’s effects on automated processes. The scale of the breach underscored existing vulnerabilities across government data management systems managed by PT Telkom Indonesia, whose subsidiary operated the compromised data centre.

CDK cyberattack and economic factors slow down US car sales in Q2

The US auto industry faces challenges in the second quarter as Ford and General Motors report slower sales growth following the cyberattack that disrupted a critical software system used by dealerships nationwide. The outage at CDK in late June impacted over 15,000 retail locations during a crucial selling period, adding to the hurdles already faced by automakers due to supply chain disruptions. Despite hopes for a post-pandemic surge in vehicle demand as more people returned to work, high borrowing costs and economic uncertainties flattened these expectations.

Ford’s quarterly sales saw a modest 1% increase to 536,050 vehicles, a significant slowdown compared to the 10% growth in the previous year. Similarly, Toyota Motor’s local unit and Honda also experienced decelerated sales growth in the second quarter. Analysts anticipate automakers to recover lost sales. CDK reported progress in restoring the dealer management system, with most dealer connections already operational.

Ford attributed its growth in the quarter to the success of hybrid and electric models, with sales of gas-powered vehicles declining by 5%. In comparison, EV and hybrid vehicle sales rose by approximately 61% and 55%, respectively. In June, US new vehicle sales reached around 1.32 million units, translating to a seasonally adjusted annual rate of 15.29 million units per data from Wards Intelligence released on Tuesday.

Supreme Court’s overruling of Chevron deference alters cybersecurity agenda in the US

The recent decision by the US Supreme Court to overturn the long-standing ‘Chevron deference’ doctrine will have significant implications for the Biden administration’s cybersecurity agenda, particularly regarding the protection of critical infrastructure. The ruling shifts the power to interpret and enforce laws related to cybersecurity from executive agencies to Congress and the courts, marking a departure from the previous approach that relied on agency-led initiatives to enhance cybersecurity practices.

One key takeaway from this development is how it has revealed the inadequacies in the cybersecurity practices of critical infrastructure organisations. Despite the rise in cyber threats targeting these entities, many have failed to implement baseline security measures like multifactor authentication, making them vulnerable to attacks. The absence of stringent regulations mandating such practices has exacerbated these organisations’ cybersecurity challenges.

The Biden administration’s strategy of leveraging existing agency rules to bolster cybersecurity measures is now facing a regulatory overhaul. The government must implement a more comprehensive legislative approach to address cybersecurity gaps.

Looking ahead, the repeal of the Chevron deference doctrine is set to usher in a new era of cybersecurity regulation, with a stronger emphasis on congressional involvement in shaping cybersecurity policies. The increased engagement of legislative affairs staffers, lobbyists, and advocates in the regulatory process shows a shift towards a more collaborative and evidence-based approach to cybersecurity governance.

Why does it matter?

As the landscape of cybersecurity regulation evolves in response to this landmark decision, critical infrastructure sectors are expected to face renewed scrutiny regarding their cybersecurity preparedness. The need for robust cybersecurity frameworks and proactive measures to safeguard vital infrastructure assets has never been more pressing. Therefore, the implementation of comprehensive and effective cybersecurity regulations is becoming imperative.

Phishing attack compromises Formula 1 governing body email accounts

The Fédération Internationale de l’Automobile (FIA), the governing body of auto racing since the 1950s, revealed that attackers managed to access personal data by compromising several FIA email accounts through a phishing attack. Established in 1904 as the Association Internationale des Automobile Clubs Reconnus (AIACR), the FIA is a non-profit international association that oversees various auto racing championships, including Formula 1 and the World Rally Championship (WRC). With 242 member organisations spanning 147 countries across five continents, the FIA also governs the FIA Foundation, which supports and finances road safety research.

In response to the breach, the organisation swiftly took corrective actions, including promptly blocking the unauthorised accesses upon discovery of the incidents. The FIA informed the Swiss data protection regulator (Préposé Fédéral à la Protection des Données et à la Transparence) and the French data protection regulator (Commission Nationale de l’Informatique et des Libertés) about the security breach.

To prevent similar incidents in the future, the FIA implemented enhanced security measures and expressed regret for any concerns raised among the affected individuals. Emphasising its commitment to data protection and information security, the FIA continuously evaluates and strengthens its systems to combat evolving cyber threats. However, details such as the breach detection timeline, the extent of personal information accessed, and the nature of the exposed or stolen sensitive data remain undisclosed by the organisation.