Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Blackmail. Show all posts

Lapsus$ Attackers Gained Access to a Support Engineer's Laptop, as per Okta

 

According to Okta, a quick inquiry into the posting of screenshots that appeared to depict a data breach discovered they are linked to a "contained" security incident that occurred in January 2022. 

After the LAPSUS$ hacking group shared screenshots on Telegram which it claimed were taken after gaining access to "Okta.com Superuser/Admin and several other systems," Okta, an enterprise identity, and access management business, initiated an investigation. 

Lapsus$ is a hacking gang that has risen through the ranks by supposedly breaking into the networks of high-profile companies one by one to collect information and threaten to disclose it online until blackmail payments are made.

Sitel, Okta's third-party provider of customer support services, was hacked by the Lapsus$ data extortion gang. "The Okta Security team was notified on January 20, 2022, a new factor had been added to a Sitel customer service engineer's Okta account. It was a password which served as this factor" Okta explains. "Though this individual approach was unsuccessful, it reset the account and contacted Sitel," says the company, which then hired a top forensic agency to conduct an investigation. 

Okta is a publicly-traded corporation based in San Francisco with thousands of users, including several technology companies. FedEx, Moody's, T-Mobile, JetBlue, and ITV are among the company's top clients. 

"Lapsus$ is infamous for extortion, threatening victims with the publication of sensitive information if demands are not met," said Ekram Ahmed, a Check Point spokesperson. "The gang boasts of infiltrating Nvidia, Samsung, and Ubisoft, among others." The public has never fully understood how the gang was able to penetrate these targets. 

Okta claims it was unaware of the scope of the event in January, believing it to be restricted to a failed account takeover attempt aimed at a Sitel support engineer. Sitel's hiring of a forensics firm to investigate the incident and prepare a report also assured Okta at the moment the situation didn't need to be escalated any further.

The stock price of Okta dropped about 20% in less than a week after the company's clumsy announcement of the January hacking event. At first, Okta CEO Todd McKinnon described the event as an "attempt" by malicious attackers to hack a support engineer's account. However, it was eventually discovered the problem had affected 2.5 percent of Okta's clients (366 in total). Sitel's support engineers have restricted access to Jira requests and support systems, but they are not allowed to download, create, or delete client records. 

According to Okta, the screenshots posted by the Lapsus$ group were taken from a compromised Sitel engineer's account with limited access. Regardless, the corporation voiced dissatisfaction with the amount of time it took for the investigation's findings to be released.

Hackers Blackmail Patients of Surgical Company in a Cyber attack




The patients of a facial surgical company in Florida, who were hacked recently, are now being threatened by hackers. The hackers demand that the patients pay them money, or else they would leak their personal information online.

TCFRR (The Center for Facial Restoration), a facial surgery company based in Miramar, was attacked by cyber-criminals in November last year.

In an online statement published on the company's official website, plastic surgeon and company founder Dr. Richard Davis said: " On 8 November 2019, I got an anonymous e-mail from hackers claiming to breach my company's server. The cyber-criminals revealed that they had personal data of TCFRR's patients and threatened to either expose the data online or sell it to 3rd parties." 

Dr. Davis was then blackmailed and the hackers demanded a ransom (not disclosed) in return for not compromising his company's cybersecurity.

As if this was not enough, the hackers after blackmailing Dr. Davis, contacted TCFRR's patients individually, in-demand for extorting money from the rhinoplasty company's patients.

"The hackers were demanding a ransom negotiation, and after 29 November 2019, around 20 patients have reached our company having criticisms of individual ransom demands, accusing that these hackers are threatening to release their personal information (including personal photos) online unless their ransom demands are met," says Dr. Davis in a statement. 

He suspects that around 3500 patients (current and former) might have been the victim of this cyber attack. The hacked data might include passport, driving license, residential address, emails, contact information, banking credentials, and patients' photographs. 

Following the incident, the FBI's cybersecurity department was contacted on 12 November, and David frequented the FBI on 14 November to discuss the ransom demands and the cyber attack information.

To be further safe from any similar incident happening again, Dr. David has taken up some precautions that include installing new hard disks, and a new firewall and malware protection antivirus.

"I am disgusted by this criminal and selfish invasion, and I sincerely apologize to the patients for their crisis in this stupid and spiteful action," said Davis on his website.

The statement was published openly, the reason being that the company's server didn't have the option of contacting the patients personally.

Expert warns cyber threats to worsen with tech advances


Technological advances like Artificial Intelligence, Internet of Things, Automatic Cards and others will throw up new challenges for cyber security and all countries must unite to foresee and combat them, a leading Israeli cyber security expert said on Monday.

"The Internet was not designed for security, hence it is inherently insecure since everything is hackable. It is more difficult to be a cyber security personnel than a hacker. The hacker has to succeed only once, where the the cyber security personnel has to succeed always to remain safe, within many rules and regulations," Menny Barzilay, the CEO, Cyber Research Centre of Tel Aviv University and CEO of Cytactic, said.

He pointed out how "smart people" from different countries are joining hands to commit cyber crimes and hence there is "a need for super-smart people" from around the world to join as cyber security experts.

"Cyber threats don't create a sense of urgency, unlike a bomb threat, and we cannot feel it in our senses. It is therefore more difficult to convince people that the 'cyber' threat is real," said Barzilay, addressing a panel discussion on cyber security at Nehru Science Centre (NSC) via videoconference.

The discussion was also attended by Israeli Consul-General in Mumbai, Yaakov Finkelstein, security experts from the Mumbai Police and students.

Recalling an incident of cyber attack on Sony Corporation after the release of its film, "The Interview", Barzilay said that corporates are not prepared to face cyber crimes and the government must support them during such cyber hits.

"Billions of devices, part of Internet of Things implies they are prone to hacking, a smart device means being vulnerable, it will also affect our privacy. Big companies have lot of data about users and can manipulate them for private gains, something which allegedly happened in the US elections," he said.

No environment is immune to cyber attacks : Research

Global cyber-security solutions provider Check Point Software Technologies Ltd, released its “Cyber Attack Trends: 2019 Mid-Year Report”, revealing that no environment is immune to cyber-attacks.

Threat actors continue to develop new tool sets and techniques, targeting corporate assets stored on cloud infrastructure, individuals’ mobile devices, trusted third-party supplier applications and even popular mail platforms:

Mobile banking: With over 50% increase in attacks when compared to 2018, banking malware has evolved to become a very common mobile threat. Today, banking malware is capable of stealing payment data, credentials and funds from victims’ bank accounts, and new versions of these malware are ready for massive distribution by anyone that’s willing to pay.

Software supply chain attacks: Threat actors are extending their attack vectors such as focusing on the supply chain. In software supply chain attacks, the threat actor typically instils a malicious code into legitimate software, by modifying and infecting one of the building blocks the software relies upon.

Email: Email scammers have started to employ various evasion techniques designed to bypass security solutions and anti-spam filters such as encoded emails, images of the message embedded in the email body, as well as complex underlying code which mixes plain text letters with HTML characters. Additional methods allowing scammers to remain under the radar of Anti-Spam filters and reaching targets’ inbox include social engineering techniques, as well as varying and personalizing email content.

Cloud: The growing popularity of public cloud environments has led to an increase in cyber-attacks targeting enormous resources and sensitive data residing within these platforms. The lack of security practices such as misconfiguration and poor management of the cloud resources, remains the most prominent threat to the cloud ecosystem in 2019, subjecting cloud assets to a wide array of attacks.

“Be it cloud, mobile or email, no environment is immune to cyber attacks. In addition, threats such as targeted Ransomware attacks, DNS attacks and Cryptominers will continue to be relevant in 2019, and security experts need to stay attuned to the latest threats and attack methods to provide their organizations with the best level of protection,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

Fake Facebook account behind suicide of a schoolboy

A 17-year-old from Co Tyrone took his own life on Friday, after being “tricked and deceived” by a fake Facebook account holder.

According to the  Principal Stephen Magennis of a St Joseph's Primary School, Galbally, schoolboy Ronan Hughes was “tricked and deceived” by a Facebook account set up internationally.

In a letter to pupils Magennis said “A fake Facebook account had been set up in a foreign country, to trick Ronan into thinking he was interacting with people from here.”

The teenager used to gave up his spare time at St Joseph's Grammar school, where he assist three pupils in a 'Reading Support Program.'

Writing to his parents, Mr Magennis said: "Ronan was the victim of ruthless, faceless people, intent on first befriending him and luring him into giving personal information and then sharing images that were used to threaten him in an attempt to extort money.”

Mr Magennis said that the tragic death of Ronan is a reminder and a warning to all parents that our children must be vigilant, and very careful when using the internet. We need to be protective of them and proactive to give them the ability to make informed decisions

Mr Magennis added: "We must not be complacent nor naive as parents. We need to advise our children about staying safe online and monitor what they are doing, saying, writing and sharing online.

Parish priest Fr Benny Fee said: "Ronan did not take his own life but his life was taken from him, and somewhere in the world, maybe far, far away from Clonoe, is a man, a woman or a gang who are guilty of a heinous crime.”

Superintendent Baird said: “If anyone has experienced anything of a similar nature or has received any inappropriate images or links, it is important that they contact Police or tell a trusted adult. By doing this you will be helping prevent further such incidents. You will not get into trouble.