At a glance.
- Ransomware trends.
- Cellular accounts hijacked.
- COVID-19 data compromised.
- Albanian voters' data leaked.
- Acer India customer data offered for sale.
Trends in global ransomware activity.
For their first Ransomware Activity Report, the researchers at VirusTotal examined 80 million ransomware samples submitted by one hundred forty countries over the past eighteen months. Highlights include:
- The largest number of samples came from Israel, followed by South Korea, Vietnam, and China.
- The first half of 2020 showed surges in activity, and a peak in July 2021 was the result of increased action from the Babuk ransomware family.
- One hundred thirty ransomware families were detected, with GandCrab the most active, and Babuk, Cerber, Matsnu not far behind.
Ransomware is now routinely accompanied by theft of sensitive data.
Hackers get to Visible accounts.
Visible, the mobile virtual network operator owned by Verizon, has confirmed that hackers have taken over multiple user accounts, 9to5Mac reports. According to users' posts on Reddit and Twitter, the attackers are locking the user out then purchasing phones on the user’s tab. The company claims there has been no breach of their internal systems, but that the intruder obtained account login credentials through a credential stuffing operation. However, according to Android Police, some victims say their login info was unique to their Visible accounts, making credential stuffing an unlikely explanation. FierceWireless notes that at least one user says Visible does not offer two-step authentication, which could have made the accounts more difficult to crack.
Saryu Nayyar, CEO of Gurucul, thinks companies undergoing incidents like this should come clean as soon as they responsibly can: “Customer transparency into attacks is really the only honest way a company can respond to its users. It’s not clear yet whether user accounts have been hacked, but Verizon has to take customers’ claims seriously. This means that Verizon has to investigate whether accounts were changed and get back to affected customers immediately on remediation efforts, as well as cancelling any orders or reimbursing customers for fraudulent orders.”
Bill Lawrence, CISO of SecurityGate, observes that utilities (and cell service can be usefully thought of in this way) often require payment methods to be associated with customers' accounts.
“This scenario sounds like the attackers could change account access and treat themselves to new iPhones with the victim’s credit. When setting up these types of accounts, first and foremost, look for multi-factor authentication options and enable them. Also, be wary of linking bank accounts directly, and if you’re using a card, credit cards have better fraud protection than debit cards. Never click the box shopping websites have to offer to save credit card information to “make the next purchase easier”. That puts your information out there to be lost in each company’s future breach. Use a password manager or your browser instead. And regularly keep an eye out for other fraudulent activity in your accounts.”
Belgian COVID-19 data compromised.
Belgium has disclosed its CovidScan app, used to verify COVID vaccinations, experienced a leak potentially exposing the data of 39,000 individuals, Bloomberg reports. The timing is less than ideal, as Brussels planned to start requiring proof of vaccination in restaurants, bars, sports clubs, and hospitals as of this coming Friday.
Albanian voter data leak.
US Ambassador to Albania Yuri Kim has requested an investigation into the exposure of a database allegedly used by Albania’s ruling Socialist party to keep track of citizens’ voting preferences. EURACTIV details that the database contained info on over 910,000 citizens including names, phone numbers, employer, and voting preferences, as well as a party member assigned to keep tabs on the individual’s political leanings. On twitter, Kim echoed the sentiments of the OSCE-ODIHR election monitoring mission: “Albania should ensure the security of citizens’ personal data. Relevant institutions should thoroughly investigate and sanction any breach which impacts public confidence in the electoral process.”
Hacker offers 60GB of Acer data for sale.
After criminals on an underground forum attempted to sell 60GB of data stolen from Acer, the electronics company has confirmed it experienced a data breach, its second attack this year. Acer told the Record by Recorded Future, “We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems.” The data, which was leaked by hacking group Desorden, allegedly includes customer info and login credentials for over three thousand Indian retailers and distributors. The Hindustan Times adds that the threat actors promised that “More data will be published.” Though Acer has not yet verified the authenticity of the data, researchers at Privacy Affairs say it appears to be “accurate and genuine.”