As most of us were enjoying the festive holidays cyber criminals and the cyber experts that thwart them were still busy at work. This roundup covers the major news of the holiday season.
EasyPark group data breach affects European and UK Customers
Europe's largest parking app operator, EasyPark Group, has voluntarily reported a data breach affecting its customers across the EU and the UK to regulatory authorities. The breach compromised customer names, phone numbers, addresses, email addresses, and partial credit card numbers. While parking data remains secure, the exact number of affected users remains undisclosed, except for 950 known cases within the UK's RingGo user base. The company indicated that the majority of affected individuals are linked to the EasyPark brand, suggesting European customer data exposure.
EasyPark, touted as Europe's most expansive parking app by coverage, is part of a competitive industry vying for global dominance. Owned by Vitruvian Partners and Verdane since 2021, the company operates multiple brands, including EasyPark, ParkMobile, RingGo, and Park-line, across over 4,000 cities in 23 countries. Despite the breach, EasyPark confirmed that its ParkMobile brand serving 50 million US users remains unaffected. The company is currently unaware of any misuse of the stolen data and has not received any ransom demands. This breach highlights the delicate balance between technological convenience and the need for robust data protection measures.
The incident underscores the growing reliance on centralised parking services globally as digital platforms increasingly replace traditional meters and attendants. While these automated systems eliminate the need for physical infrastructure and cash transactions, they also amass sensitive personal and location data, heightening privacy and security concerns.
Albania's Parliament and telecom firm targeted in cyber attacks; Iranian group claims responsibility
Albania's National Authority for Electronic Certification and Cyber Security (AKCESK) disclosed that the Assembly of the Republic of Albania and telecommunications firm One Albania were hit by cyber attacks last week. While the affected infrastructures aren't classified as critical, the breaches raised concerns. One Albania, boasting 1.5 million subscribers, reported handling the incident smoothly, with its services running uninterrupted.
AKCESK, emphasized that the attacks didn't stem from within Albania, is actively working to trace the origins, recover systems, and bolster defenses against future threats. The agency is revising its cyber security strategies following the incident.
The extent of the breach remains unclear, but an Iranian hacker group called Homeland Justice, has claimed responsibility, also alleging an attack on Air Albania. The group's message indicated a retaliatory motive against "supporters of terrorists." This incident marks another significant cyber assault on Albania, following a disruptive attack in mid-2022 that led to U.S. sanctions against Iran's intelligence ministry and officials. With tensions rising between Iran and the West we are likely to see more events like this one throughout 2024.
Victoria's court system breached in suspected Russian Ransomware attack, sensitive records at risk
Australia experienced another major cyber incident after the state of Victoria's court system was compromised in a ransomware attack. The attackers are suspected to be Russian hackers, leading to the potential breach of sensitive court audio-visual records.
The attack targeted recordings of hearings, possibly including witness testimonies, between November 1 and December 21. Court Services Victoria (CSV) is urgently working to notify affected individuals and has set up a support center for inquiries. The County Court is notably affected, with significant cases involving sensitive subjects like child and historical sexual abuse potentially exposed. The Supreme Court and some Magistrates Court hearings were also impacted, though the Children's Court's recent hearings remain secure.
Acting Premier Ben Carroll assured that court operations continue securely, despite the breach. Cybersecurity experts attribute the attack to a sophisticated Russian phishing method using Qilin ransomware. CSV took swift action to isolate and secure the system, aiming to maintain the integrity and security of court operations amidst rising cyber threats against major Australian institutions and companies.
Black Basta busted?
In a bit of good news, researchers at Security Research Labs (SRLabs) announced that they had developed 'Black Basta Buster,' a decryptor exploiting a flaw in the Black Basta ransomware's encryption method, enabling victims to potentially recover their files without cost.
The weakness involves a reused 64-byte keystream in the encryption process, which, when XOR encrypting files with sections of zero bytes, inadvertently exposes the keystream. This vulnerability allows for decryption of files, especially those containing extensive zero-byte sections, like virtualized disk images.
Despite its effectiveness, this decryptor is limited to files encrypted by Black Basta from November 2022 to a recent update by the ransomware developers, who patched the exploited vulnerability about a week ago.
The decryptor's utility varies with file size: files smaller than 5000 bytes are irrecoverable, those between 5000 bytes and 1GB can be fully restored, and for larger files, only the initial 5000 bytes are lost.
The discovery of this flaw and the subsequent creation of the decryptor provide a rare but critical opportunity for affected users to reclaim their data without succumbing to ransom demands. Black Basta has been notorious for its double-extortion attacks on corporations since its emergence in April 2022.
