At a glance.
- Stolen data offered to the victims' competitors.
- Malicious ads target former WhatsApp users.
- Possible cyberattack on a Texas school district.
- Eye care practice discloses data breach.
Underground souk peddles stolen data to victims’ competition.
Cybercriminals have begun creating data theft extortion marketplaces on the dark web, underground forums dedicated to trading data stolen in cyberattacks carried out by the marketplace operators or released through other data breaches. Bleeping Computer reports that one of these marketplaces, which calls itself "Marketo" (and is not to be confused with the entirely legitimate US software company of the same name) is upping the ante by attempting to sell this stolen data to the breach victims’ competitors. One of Marketo’s emails reads, "Hello, we are Marketo and we know you have a competitor - [redacted]. So we would like to inform you that we attacked them and downloaded quite a bit of data.” Marketo offers tax documents, client lists, personal data, and other info that competitors might find valuable. Though the potential customers’ identities have not been released, they are said to include billion-dollar companies that are household names.
Malicious ad scam targets WhatsApp deserters.
Researchers at eSentire examine a new data theft operation luring victims with malicious Google ads promoting messaging apps like Signal and Telegram. Using spoof websites that closely mimic the legitimate apps, the campaign employs social engineering to convince victims to download info-stealing malware RedLine Stealer. Telltale signs the malicious sites are imposters: defective links, non-standard top-level domains, and the suspicious ad hosting provider NameCheap. The attackers are capitalizing on the recent wave of users abandoning WhatsApp for more secure alternatives after the app’s recent policy update indicated it would be sharing user data with parent company Facebook.
Texas school district investigates cyberattack.
Judson Independent School District, located in the US state of Texas, is working with law enforcement to determine the nature of a potential ransomware attack that disrupted their systems last Friday, WOAI reports. A statement from the district explained, “We are working around the clock with our team of independent forensic investigators and third-party experts, in cooperation with federal, state and local law enforcement, to resolve this disruption. Until we are able to restore access and secure our systems, we respectfully are not able to share further details at this time.”
Impact of eye clinic breach comes into view.
In the US state of Iowa, the Times-Republican reports that optometry center Wolfe Eye Clinic has identified and begun notifying the 500,000 patients whose data were exposed due to a February ransomware attack. Once the intrusion was detected, an in-depth investigation was conducted, but the full scope of the incident wasn’t determined until May. “Unfortunately, these types of cyber incidents have become all-too-common for health care providers of all sizes nationwide,” said Luke Bland, the clinic’s chief financial officer.