Here are the top cyberattacks from the last month that shook the world.
US Marshals service falls victim to a ransomware attack
On February 17, the US Marshals Service (USMS) confirmed it had suffered a ransomware attack. The agency, which tracks down fugitives and protects government witnesses, reported that data had been exfiltrated from a system containing legal process returns and personally identifiable information (PII) relating to subjects of USMS investigations, third parties, and employees. While treating the attack as a major incident, the USMS noted that it had been able to continue operations. No Witness Security Program information had been compromised.
DISH hit by a ransomware attack, data exfiltrated
Satellite broadcast firm DISH reported on February 22 that a ransomware attack had caused “system issues” over the previous weekend. The company disclosed that data had been extracted from its IT systems during the incident. While DISH’s internal communications, customer call centers, and websites were affected, its Sling, wireless, and data networks continued to operate. The company took help from an incident response firm. It was to help with the investigation and will notify customers regarding safety.
LastPass suffers a second cyberattack. The attacker gains access to the corporate valut
Password manager LastPass revealed that an attacker who stole partially encrypted login data in August 2022 hacked an employee’s home computer shortly afterward. The threat actor was able to exploit a vulnerable third-party media software package on the computer of a senior DevOps engineer to load a keylogger and steal the engineer’s credentials. These were then used to access the corporate vault, which contained encryption keys for customer vault backups stored in Amazon S3 buckets. Only four LastPass employees had access to the corporate vault. After spotting an attempt by a threat actor to conduct unauthorized activity using Cloud Identity and Access Management (IAM) roles, Amazon alerted LastPass about the incident.
T-mobile’s customer data compromised over 100 times in 2022 under cyberattacks
U-Research into Telegram chat logs by cybersecurity experts has revealed that three separate cybercriminal groups breached T-Mobile’s internal network more than 100 times in 2022. The attackers used phishing techniques to access internal company tools and set up a “SIM-swapping” service. This enabled them to divert any T-Mobile user’s text messages and phone calls to another device, bypassing multi-factor authentication prompts. All three SIM-swapping groups remain active.
Former FTX director pleads guilty to criminal charges
Nishad Singh, the former engineering director of the now-bankrupt FTX cryptocurrency exchange, has pleaded guilty to US criminal charges. Singh admitted that by mid-2022, he knew FTX’s founder was borrowing customer funds. It was to back his Alameda Research hedge fund without their knowledge. He expressed his remorse for his role in the plot. He also agrees to cooperate with prosecutors’ investigation into FTX founder Sam Bankman-Fried.
Gmail introduces client-side encryption
Google has made Gmail client-side encryption (CSE) generally available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. The feature ensures that any data sent as part of an email’s body and attachments, including inline images, is unreadable before reaching Google’s servers. However, email headers will not be encrypted, including subject, timestamps, and recipients lists. The encryption feature was first introduced in beta testing in December 2022 after being made available in beta for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar.
Cloud exploitation incidents skyrocket: cyberattacks more prone
CrowdStrike, a leading cloud-delivered endpoint, and workload protection provider, released its 2023 Global Threat Report on Tuesday. According to the report, cloud exploitation grew by a whopping 95% last year, and the cloud continues to evolve as the new battleground for adversaries.
The report also highlighted that malware-free cyberattacks rose in 2022 as attackers sought new ways to evade antivirus protection and outsmart machine-only defenses. Additionally, adversaries re-weaponized and re-exploited vulnerabilities such as vulns affecting legacy Microsoft Active Directory and the ubiquitous Log4Shell vulnerability.
The report drops a truth bomb. China-nexus is the ultimate intrusion group, wreaking havoc across 39 industry sectors and 20 geographic regions, as revealed by CrowdStrike’s latest findings. They’re giving other cybercriminals a run for their money.
Gamers working together to fix video game that got hacked
Activision’s Black Ops III first-person shooter game has been exploited by hackers, allowing them to take over other players’ computers. These cunning hackers possess the power to boot players out of games. They can vandalize downloadable content, and even swipe sensitive data from other players.
Last year, a gamer named Maurice Heumann took matters into his own hands. She did it after discovering two remote code execution (RCE) vulnerabilities in a game. Heumann resorted to hacking the game and reported the issues to Activision. Although the company rewarded him with a bounty for one of the bugs, neither of the issues has been fixed yet. Looks like Heumann had to do the dirty work for Activision! However, Activision has now announced that it plans to release fixes for the vulnerabilities this week. Gamers have been working on their solutions, highlighting the community’s passion for keeping games secure and safe.
Summarizing cyberattacks of last month
Ransomware attacks and other cyberattacks continue to impact businesses and individuals worldwide. Organizations must remain vigilant and proactively protect their systems and data.
While the rise in cloud exploitation and malware-free attacks is concerning, the growth in client-side encryption and the dedication of the cybersecurity community to fixing vulnerabilities is cause for optimism. With continued collaboration and innovation, we can stay one step ahead of cybercriminals planning cyberattacks and ensure a more secure digital future.