On October 30th, the Querétaro Intercontinental Airport near Mexico City experienced a cyber security breach. An intensive investigation was launched to gauge the impact and details of the incident. The LockBit ransomware group has taken credit for this cyber-attack, listing the airport on its data leak site and issuing a ransom demand with a deadline of November 27th, threatening to publish the stolen data if their demands are not met. This event comes on the heels of a similar assault on Boeing, where the group started to leak sensitive information this week.
The leaked Boeing data, revealed on LockBit's dark web platform, contains sensitive details, including specifics on engine part suppliers, technical operators, and Boeing's confidential financial and marketing data. LockBit's disclosure also suggested that Boeing may have ignored warnings from the group, indicating a refusal to pay the ransom.
Active since late 2019, LockBit has gained notoriety for its advanced ransomware attacks. The latest, known as LockBit 3.0, is deemed the most sophisticated to date. The group is responsible for more than 1,400 attacks worldwide and is reported to have collected substantial ransoms in Bitcoin.
This week the Royal Malaysia Police announced the dismantling of an international cybercrime syndicate, active since 2015, offering phishing-as-a-service. The major operation was successful due to collaboration with Australian and American law enforcement.
Eight individuals were arrested, including seven Malaysian men and one Thai woman, following the sharing of critical intelligence by the Australia Federal Police and the FBI. The Sabah-based syndicate sold phishing kits and services under the name BulletProftLink. The group compromised various websites, including financial, educational, and government entities, mainly in Australia.
The syndicate's operations involved selling stolen credentials from phishing scams. The Malaysian police's Commercial Crimes Investigation Department uncovered a significant money trail and linked the syndicate to two investment scams, with losses totalling over RM1.2 million based on 37 lodged reports.
During raids across multiple locations, including Technology Park Malaysia, the authorities seized servers, a cryptocurrency wallet worth approximately RM965,808.80 ($2,06215.25), electronics, jewellery, and vehicles. Investigations have led to the opening of 17 investigation papers under the Computer Crimes Act and the Penal Code. A software developer from Sabah, was revealed to be responsible for creating the phishing templates and had full access to the phishing website.
“We believe the credentials stolen through their phishing services are then sold on the dark web,” Malaysian Police said.
The Marina Bay Sands (MBS) resort in Singapore has reported a data breach affecting the personal details of 665,000 customers. The breach, which was identified on October 20, resulted from unauthorized access to the MBS loyalty program database on October 19 and 20.
The compromised data includes customers' names, email addresses, mobile and phone numbers, countries of residence, and loyalty membership numbers and tiers. This breach could potentially expose MBS customers to targeted scams, phishing, and social engineering tactics.
The breach announcement assured that there is no evidence suggesting that the Sands Rewards Club casino members have been affected by this security incident.
MBS said it has notified all affected customers of the breach and the subsequent risks. Following the breach, MBS promptly informed the necessary authorities in Singapore and internationally.
The exact scale and nature of the breach remain unclear, but the pattern of the attack suggests it could be linked to a ransomware incident, where perpetrators often seize data and demand a ransom. As of the latest reports, no ransomware group has taken responsibility for the breach at Marina Bay Sands.
“These kind of breaches occur due to threat actors using social engineering to bait the users into giving their credentials or one time codes to bypass multi-factor authentication. Others is security and configuration negligence; resorts like these have guest and internet facing networks, that can allow the threat actors to gain access if they are not configured correctly or the latest vendor software updates have not been installed which tackle vulnerabilities,” says Integrity360 IR analyst Durali Cingit.
The United States, South Korea, and Japan are forming a high-level consultative group to counter North Korean cyber threats, which are believed to finance its weapons programs. Announced by South Korea's presidential office, this tripartite group aims to strengthen joint response capabilities against global cyber threats and to devise strategies to block North Korea's cyber-aided funding of its nuclear and WMD development. Meetings will occur quarterly.
The formation of this group comes in the wake of the FBI linking North Korea to significant cryptocurrency hacks, including thefts from Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge, part of a larger trend identified with $3.8 billion stolen in 2022 alone.
Moreover, a bilateral working group involving South Korea and Australia is being established to coordinate against common threats. This initiative aligns with increased cyber cooperation in the Pacific, such as the Quad Cybersecurity Partnership between the U.S., India, Japan, and Australia, which focuses on securing software, supply chains, and data, amidst concerns about Chinese cyber activities and geopolitical tensions.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Integrity360's flagship conference Security First comes to Stockholm in 2023!
Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.