Kroll cyberattack compromises customer data
Three cryptocurrency firms, FTX, BlockFi, and Genesis, faced data breaches after a SIM swapping attack on the financial advisory firm, Kroll. The attacker managed to switch an employee's T-Mobile number to their SIM card, enabling unauthorised access to Kroll's systems. These files had personal data from bankruptcy claimants linked to the three companies.
On discovering the breach, Kroll took rapid measures to safeguard the accounts of the affected companies and informed the impacted parties through email. As per Kroll, “We have no evidence suggesting other systems or accounts were compromised. We're working closely with the FBI on a full-scale investigation.”
FTX alerted its users that the attacker accessed details like names, addresses, emails, and FTX account balances. However, FTX clarified that account passwords weren't with Kroll, ensuring their digital assets remained secure. Customers were advised to watch for potential scams.
Soon after these announcements, some FTX users received misleading emails, suggesting they could now withdraw funds from their accounts. Genesis and BlockFi also informed their users about the breach. Genesis indicated compromised details included names, addresses, and claims against Genesis debtors. Both companies emphasized the potential for increased phishing emails and scam calls.
Poland’s rail network hit by cyber attack, 2 arrested
Hackers disrupted railway traffic in north-west Poland at the weekend, using frequencies to play Russia's national anthem and a speech by President Vladimir Putin, as reported by the Polish Press Agency (PAP).
During the incident, hackers transmitted signals near Szczecin, halting about 20 trains. Services resumed within hours. On Sunday, Polish police detained two Polish men, aged 24 and 29, in Bialystok, suspected of the hack into the national railway's communication. Radio equipment was confiscated from their residence.
The railway network had first been hacked last Friday night near Szczecin, affecting several trains. Further attacks were registered over the weekend across the country, but without significant disruption.
Poland's role in supporting Ukraine and its key position in the transit of arms has made it a target. The internal security agency confirmed its investigation into the matter. Stanislaw Zaryn from the special services told PAP that there have been months of efforts by Russia, in partnership with Belarus, to destabilise Poland. However, he assured that the recent cyber-attacks did not endanger passengers' safety.
UK to ban equipment used to hack cars
Keyless car hacking tools may soon be outlawed in the UK, following discussions between ministers and police chiefs in response to a 25% surge in vehicle thefts. The proposed ban focuses on the sale and possession of devices like keyless repeaters, signal jammers, and related hacking tools, believed to be the main culprits behind the uptick in UK vehicle thefts which reached 130,389 in 2022.
Police attribute most thefts to organised crime syndicates, targeting high-end cars for export or disassembly in “chop shops”. They often employ jamming tools to neutralise car GPS trackers. Thieves typically utilise “relays” and “repeaters” to capture keyless fob signals, subsequently used to unlock vehicles. To counter this, car manufacturers have improved security, and owners are urged to shield their keys using “faraday bags”.
The National Crime Agency notes an increase in criminals using advanced tools to bypass keyless systems or directly hack into cars. These hacking devices, sell for around £2,500 online or via encrypted messaging platforms like Telegram, infiltrate the car's internal networks, facilitating unauthorised access.
3 Malware loaders responsible for 80% of cyber attacks in 2023
Security experts have identified three malware loaders that account for 80% of the computer and network attacks this year, QBot, SocGholish, and Raspberry Robin. Between January and July, QBot (also known as QakBot, QuackBot, and Pinkslipbot) was the most observed loader, responsible for 30% of breaches, SocGholish followed at 27%, and Raspberry Robin at 23%.
Loaders play an intermediary role in malware attacks. After being activated on a victim's system—often through an email attachment or system vulnerability—they ensure their persistent presence and fetch the primary malware, like ransomware. Identifying and blocking a loader can prevent a broader malware attack. But as ReliaQuest notes, what mitigates one loader might not work for another.
QBot, a 16-year-old banking trojan, has evolved to deliver ransomware, steal data, and enable lateral movement in networks. Recently, it adopted new malware delivery techniques, including using malicious OneNote files in phishing emails. This week the FBI revealed that it along with international partners had successfully dismantled the Qakbot network.
SocGholish, a JavaScript-based malware linked to Russia's Evil Corp, typically masquerades as a fake update. It recently led "aggressive watering hole attacks," compromising significant organizational websites.
Lastly, Raspberry Robin, which targets Windows, has evolved from a worm spread via USB drives, primarily delivering ransomware.
Data of 1.2 million Purfoods customers stolen
Purfoods, a US based health-focused food-delivery business alerted over 1.2 million customers of a potential data breach earlier this week. This breach may have exposed personal, financial, and medical details. In January, criminals reportedly infiltrated Purfoods' network via ransomware, encrypting specific files and possibly extracting customer data.
A subsequent investigation revealed files containing private and health-related information of some customers, such as names, Social Security numbers, medical information, and financial account details. While the company has informed the US Department of Health and Human Services in line with HIPAA regulations, it has also sought external assistance to enhance security and offered free credit monitoring for the affected individuals for a year. However, with recent incidents compromising the credibility of their credit monitoring partner, Kroll, Purfoods also shared information to help victims safeguard against identity theft. Following this incident, several law firms are already targeting affected customers, highlighting potential forthcoming legal challenges for Purfoods.
