Hacking Hacking Hacking The most important news of the past week25. November 2022
Hacking Hacking Hacking
The most important news of the past week
Berlin, Nov. 25, 2022
United Kingdom: The biggest case of cyber fraud
London Metropolitan Police have arrested a hacking group that caused $121 million in damage to victims. This operation is the largest case of cyber fraud in the history of the UK.
The hacking group created a website called “iSpoof” that provided users with tools that allowed them to conduct vishing campaigns. Visitors used the tools to create fake pages and make personal phone calls posing as government agencies and banks.
Once victims entered their credentials on these pages, the hackers used the details to steal money from victims’ bank accounts.
In just 12 months, over 10 million fraudulent calls were made using iSpoof, including 3.5 million in the UK alone.
The hackers managed to steal over $50 million from 200,000 UK citizens.
A global operation by London Metropolitan Police, Europol and various judicial authorities in the US, Australia, Canada, etc. arrested 142 people.
US healthcare: more than 2300 attacks in 2020.
The global healthcare cybersecurity industry is expected to reach $30 billion by 2026, representing an annual growth rate of 17.8%. The war in Ukraine is considered the main catalyst for the current upswing in the industry.
The industry’s 2022 valuation is $15.70 billion, up more than $2 billion from the 2021 market value.
Cybersecurity companies help protect healthcare organizations by providing both services and proprietary software products. These services and products are designed to help them avoid DDoS attacks, identity theft, cloud security vulnerabilities, etc.
In terms of industries, public hospitals, biotechnology research companies, and medical device companies are the most affected victims in this area.
In 2020 alone, there were more than 2,3,000 cyberattacks on U.S. healthcare organizations and facilities, a number that is expected to increase in the coming years due to hospitals’ reliance on digitization and patient data stored in the cloud.
In June 2022, the FBI reported that Iran-backed hackers attempted to penetrate a children’s hospital in Boston in hopes of preventing the hospital from providing critical services to children diagnosed with serious illnesses.
According to one report, the number of cyberattacks on healthcare organizations is increasing as the vacation season approaches. Hackers are likely to take advantage of the fact that most hospitals will be operating with reduced staff.
The report, titled Organizations at Risk 2022: Ransomware Attackers Don’t Take Holidays, shows that 88% of cybersecurity professionals working in large organizations have missed a vacation because their organization was attacked during a vacation.
Of all the industries surveyed, healthcare organizations took the longest to recover their systems and close their security gaps. Most healthcare organizations took 3 to 6 days to close their security gaps after an attack.
Companies and organizations in the United States, United Kingdom, Germany, France, Italy, United Arab Emirates, South Africa and Singapore were surveyed for the study.
Contacts on dating apps and the consequences
The US government has seized seven domains that were used for “romance hacking” scam campaigns. The hackers who carried out this campaign managed to steal $10 million.
The scammers searched for their victims on dating apps and social media websites. Then they built a relationship with them, gained their trust and convinced them to invest with cryptocurrency.
The hackers, believed to be based in Asia, contacted their victims through communication apps like Line and WeChat.
To make themselves more believable, the threat actors created fake apps that mocked up growth graphs and sent alerts to the targets to show them the real-time performance of their investments.
After convincing victims to transfer a relatively small amount of $400, they sent $9.6 million to a wallet address provided by the hackers. Whenever they tried to withdraw their money, victims were faced with numerous technical problems and threats.
Russian hackers attack Prince William’s website
The Russian hacking group Killnet claims it hacked the website of Prince William, the Prince of Wales. The group claims it is the reason why the website has been offline since yesterday.
Killnet claims that this hacking campaign is part of its ongoing efforts to launch cyberattacks against actors who have supported Ukraine in its war against Russia. The group shared the statement on Telegram, a messaging platform that has recently become popular with hacker groups.
The Prince of Wales’ website is not widely used by the royal family and still contains outdated information about the family, suggesting that the website is not considered a priority and that the damage caused by the threat actor is limited in this case.
This is not the first time Prince William has been the target of Russian threat actors. In 2018, Russian hackers managed to steal unpublished images from his wedding reception.
Russian hackers: world champions in password stealing
Russian hackers stole over 50 million passwords using info-stealer malware in the first seven months of 2022. The passwords were collectively stolen by 34 hacker groups.
In addition to these passwords, hackers stole information from 2.11 billion cookie files, 113,000 crypto wallets, and 103,000 credit cards.
These numbers represent an 80% increase in passwords, 74% increase in cookie files, and 216% increase in crypto wallets from the previous year.
The majority of victims are located in the U.S. (91,000 devices), followed by Brazil (86,000 devices), India (53,000 devices), Germany (40,000), Indonesia (35,000), the Philippines (31,000 devices), France (30,000 devices), Turkey (28,000 devices), Vietnam (22,000 devices), and Italy (21,000 devices). In total, Russian attackers managed to crack 890,000 devices in 111 countries.
The value of the credit card information captured by the groups is at least $5.8 million.
According to the researchers, Telegram has become the first choice for hackers when they want to communicate publicly or even spread stealer malware. As for the latter, Redline and Racoon were the two most commonly used information stealers.
Killnet crashes EU Parliament website
The EU Parliament’s website was hacked by the pro-Russian group Killnet just hours after it passed a resolution calling Russia a “state that sponsors terrorism.” The hackers used a DDoS attack as a threat vector.
The EU’s highest legislative body passed the resolution early in the afternoon, while the DDoS attack occurred just a few hours later at around 15:00 CET.
While the website came back online, it was brought down again by the hackers just 30 minutes later.
The EU has not officially identified the hacker responsible, but the pro-Russian hacker group Killnet has claimed responsibility.
Russia condemned the resolution, and the Russian Foreign Ministry spokesman called it “an act of idiocy.”
Vulnerability in Cisxco Secure Email Gateway
According to a report, the Cisco Secure Email Gateway can be easily breached by threat actors. An anonymous researcher said they reported the issue to Cisco, but the response was not productive.
According to the anonymous researchers, the methods used to attack the Cisco Secure Email Gateway involve Outlook, Mozilla Thunderbird, Mutt and Vivaldi.
There are three methods by which the vulnerability in Cisco’s system can be abused:
Cloaked Base 64 (affects Microsoft Outlook, Mozilla, Vivaldi and Mutt).
yEnc encoding (affects Mozilla Thunderbird)
Cloaked Quoted-Printable (affects Vivaldi and Mutt)
The researcher claims that the tools used for this cyberattack are open-source and can be found in GitHub repositories.
Cisco has already issued a warning regarding a vulnerability in its Secure Emai Gateway system. According to the warning page, the company has been working on a patch for the flaw as recently as today.
Vietnamese are now hackers as well
The hacker group Ducktail is targeting companies that use Facebook ads in a hacking campaign that is becoming more dangerous than before. The group is now using WhatsApp to spear-phish its victims.
Based on analysis and data collected by researchers, a Vietnamese threat actor is responsible for the cyberattack.
The threat targets individuals and employees who manage their Facebook Business accounts with a malware that steals information.
The malware is designed to steal browser cookies and information from the victim’s Facebook account and then hijack any of the victim’s Facebook Business accounts.
Meta released a statement on the report, saying that the company is aware of the threat actor and regularly intercepts its campaigns. The company also urged users to pay attention to the files they download because the info stealer malware used in this campaign infects its victims by downloading files.