At a glance.
- Havenly discloses data breach.
- Zoom impersonation used in credential-harvesting campaign.
- Ransom paid in RagnarLocker infestation.
- NetWalker hits Forsee Power.
Interior design firm Havenly discloses a data breach.
In a follow-up to last week's reports that the ShinyHunters had leaked data from at least eighteen companies, BleepingComputer identifies one of the affected organizations as Havenly, a US web-based interior design firm. A database containing 1.3 million user records has been dumped on a hacker forum.
Zoom impersonation used to harvest credentials.
Bogus Zoom invitations have increased during the pandemic, and they've been used in credential-harvesting scams. INKY reports having detected thousands of such attacks this summer. All told they found thirteen distinct phishing templates. The goal was to induce victims to give up their login credentials for Microsoft Office365 and Outlook accounts.
Travel firm pays $4.5 million ransom to get out from under RagnarLocker infection.
Reuters reports that the US-based corporate travel management firm CWT (Carlson Wagonlit Travel) paid $4.5 million last week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters. The attackers had initially asked for $10 million, so the $4.5 million CWT actually paid represents a negotiated amount. It's unclear whether customer information was compromised in the incident. CWT acknowledges that the investigation is still in its early stages, but the Register says that the company says it believes customer data are safe.
NetWalker ransomware hits French battery firm Forsee Power.
Lithium-ion battery company Forsee Power has been attacked with NetWalker ransomware. Forsee didn't pay up, and the NetWalker gang has begun to release data stolen in the incident, ITWire reports. Moreno Carullo, Nozomi Networks co-founder and CTO commented:
“The tactics used in this ransomware attack seem to be consistent with what we’ve seen in the last months. The current trend in ransomware operations consists of compromising a target network and once a valuable asset is reached, the exfiltration phase takes place. A ransom is then demanded, with the threat that exfiltrated data will be leaked to the public.
"Organizations should carefully evaluate their security posture with this specific threat in mind and consider segmenting corporate data according to its strategic importance. Too often, we’ve seen attackers walking away organizations’ contracts, payroll information and other intellectual property that was all stored on a single file server.”