The leaked database, which reportedly contains 6 million records, has been compressed to a file size of 1.59 gigabytes. While the full extent of the exposed information is unknown, the leaked data includes email addresses, usernames, user IDs, and IP addresses.
The first and most obvious action is changing your Pinterest password and the related email address. Knowing even a few of your details can allow hackers to piece together information and cause you major difficulties.
Of course, you know not to use the same password for many things, right? If you are guilty of that cardinal sin, change your password everywhere and use one of the best password organizers to create a safe password that you will not forget. Use two-factor authentication to provide maximum security.
If your data has been hacked, you are likely to become the victim of other phishing efforts. Be cautious when clicking dodgy links, and not simply in messages on your Pinterest account.
When using your email account, use caution; any communication that does not appear to come from a known source may be a hoax. Attachments should be treated with caution since they could contain malware.
One of the best VPNs might help you protect yourself from phishing frauds. Nord and Surfshark offer built-in anti-virus with their memberships, while Nord's Threat Protection Pro product is a proven anti-phishing champion.
Currently, Pinterest has not issued an official statement regarding the reported hack. The Cyber Press team has contacted Pinterest to warn them of the data leak and is awaiting their response.
If proven, this data leak might have serious ramifications for Pinterest. The company may incur significant operating costs in investigating the hack and alerting affected users.
As the issue evolves, users should actively check their accounts and look for any formal statements from Pinterest regarding the potential data loss.
The greatest method to avoid becoming a victim of a data breach is to use extreme caution while disclosing your personal information. Give websites only what they need; having a VPN enabled prevents many trackers and encrypts your data on both ends, preventing hackers from making sense of it. VPN services frequently have zero-logs policies, which means hackers have nothing to work with.
When it comes to cybercrime, getting into a system is only half the battle; the real challenge is extracting the stolen data without being detected. Companies often focus on preventing unauthorised access, but they must also ensure that data doesn’t slip out undetected. Hackers, driven by profit, constantly innovate methods to exfiltrate data from corporate networks, making it essential for businesses to understand and defend against these techniques.
The Challenge of Data Exfiltration
Once hackers breach a network, they need to smuggle data out without triggering alarms. Intrusion Detection Systems (IDS) are crucial in this fight. They monitor network traffic and system activities for suspicious patterns that may indicate unauthorised data extraction attempts. IDS can trigger alerts or even automatically block suspicious traffic to prevent data loss. To avoid detection, hackers use obfuscation techniques to disguise their actions. This can involve encrypting data or embedding it within harmless-looking traffic, making it difficult for IDS to identify and block the exfiltration attempts.
Reality vs. Hollywood
In Hollywood movies like "Mission Impossible," data theft is often depicted as a physical heist involving stealth and daring. In reality, hackers prefer remote methods to avoid detection and the risk of getting caught. By exploiting vulnerabilities in web servers, hackers can gain access to a network and search for valuable data. Once they find it, the challenge becomes how to exfiltrate it without triggering security systems.
One common way hackers hide their tracks is through obfuscation. A well-known method of obfuscation is image steganography, where data is embedded within images. This technique allows small amounts of data, such as passwords, to be hidden within images without raising suspicion. However, it is impractical for large datasets due to its low bandwidth and the potential for triggering alarms when numerous images are sent out.
Innovative DNS Data Exfiltration
The Domain Name System (DNS) is essential for internet functionality, translating domain names into IP addresses. Hackers can exploit this by sending data disguised as DNS queries. Typically, corporate firewalls scrutinise unfamiliar DNS requests and block those from untrusted sources. However, a novel method known as "Data Bouncing" has emerged, bypassing these restrictions and making data exfiltration easier for hackers.
How Data Bouncing Works
Data Bouncing leverages trusted web hosts to facilitate DNS resolution. Here’s how it works: hackers send an HTTP request to a reputable domain, like "bbc.co.uk," with a forged "Host" header containing the attacker’s domain. Akami Ghost HTTP servers, configured to resolve such domains, process the request, unknowingly aiding the exfiltration.
Every HTTP request a browser makes to a web server includes some metadata in the request’s headers. One of these header fields is the "Host" field, which specifies the requested domain. Normally, if you request a domain that the IP address doesn’t host, you get an error. However, Akami Ghost HTTP servers are set up to send a DNS request to resolve the domain you’ve asked for, even if it’s outside their network. This means you can send a request to a trusted domain, like "bbc.co.uk," with a "Host" header for "encryptedfilechunk.attackerdomain.com," and the trusted domain carries out the DNS resolution for you.
To prevent data exfiltration, companies need a comprehensive security strategy that includes multiple layers of defence. This makes it harder for hackers to succeed and gives security teams more time to detect and stop them. While preventing intrusions is crucial, detecting and mitigating ongoing exfiltration attempts is equally important to protect valuable data.
As cyber threats take new shapes, so must our defences. Understanding sophisticated exfiltration techniques like Data Bouncing is essential in the fight against cybercrime. By staying informed and vigilant, companies can better protect their data from falling into the wrong hands.
A newly identified ransomware group named Volcano Demon is using aggressive tactics to compel victims to pay ransoms. Halycon, an anti-ransomware firm, recently reported that this group has targeted several organisations in the past weeks with a new encryption tool called LukaLocker.
Attack Strategy
Volcano Demon’s attack method is both simple and effective. Initially, the hackers infiltrate the target’s network, mapping it out and stealing as many sensitive files as they can. Following this, they deploy LukaLocker to encrypt files and entire systems. The victims are then instructed to pay a ransom in cryptocurrency to receive the decryption key and prevent the stolen data from being leaked.
Technical Details of LukaLocker
LukaLocker works by adding a .nba extension to encrypted files and is capable of operating on both Windows and Linux systems. The encryptor is proficient at hiding its tracks by erasing logs before exploitation, making it difficult for cybersecurity experts to perform a full forensic analysis. Furthermore, LukaLocker can disable processes linked to most major antivirus and anti-malware solutions, making recovery efforts even more challenging.
Unlike typical ransomware groups that maintain dedicated data leak sites, Volcano Demon employs a more direct and intimidating approach. They contact the leadership of the victimised companies via phone calls from unidentified numbers to negotiate ransom payments. These calls are often threatening in nature, adding psychological pressure to the already stressful situation of a ransomware attack.
Impact on Businesses
The harassment tactic used by Volcano Demon increases the urgency and stress for affected businesses. The inability to conduct thorough forensic investigations due to LukaLocker’s log-clearing capabilities leaves victims vulnerable and with limited recovery options.
Businesses must enhance their cybersecurity measures to reduce the risk of such attacks. Implementing comprehensive logging and monitoring solutions, maintaining regular backups, and educating employees about common infiltration methods like phishing are critical steps. Additionally, organisations should ensure their antivirus and anti-malware solutions are robust and regularly updated to counteract disabling mechanisms like those employed by LukaLocker.
Volcano Demon’s innovative approach to ransomware, characterised by harassing phone calls and sophisticated encryption methods, underscores the developing nature of cyber threats. As cybercriminals develop new strategies to exploit vulnerabilities, it is essential for businesses to remain vigilant and proactive in their cybersecurity efforts to protect sensitive data and ensure operational continuity.
This escalation illustrates the growing threat ransomware attacks present against important sectors across the United States.
1. Island Transportation Corp.: A heavyweight in the bulk carrier industry, Island Transportation Corp. services the petroleum sector. Unfortunately, they fell victim to the BianLian ransomware attack, compromising a staggering 300 GB of organizational data. Among the exposed information are vital business records, accounting files, project details, and personal data.
2. Legend Properties Inc.: As a well-established commercial real estate and brokerage firm, Legend Properties Inc. found itself in the crosshairs. The attackers gained unauthorized access to 400 GB of sensitive data, including critical business information, accounting records, and personal details.
3. Transit Mutual Insurance Corporation of Wisconsin: A key player in the insurance industry, Transit Mutual Insurance Corporation of Wisconsin suffered a similar fate. The ransomware breach exposed 400 GB of organizational data, encompassing business records, accounting files, project data, and personal information.
The situation underscores the growing threat posed by ransomware attacks to critical sectors across the United States.
While Island Transportation Corp.'s website remains functional, Legend Properties Inc. and Transit Mutual Insurance Corporation of Wisconsin have displayed blocking messages, indicating potential disruptions due to the attack.
Earlier this year, a hacker successfully breached OpenAI's internal messaging systems, obtaining sensitive details about the company's AI technologies. The incident, initially kept under wraps by OpenAI, was not reported to authorities as it was not considered a threat to national security. The breach was revealed through sources cited by The New York Times, which highlighted that the hacker accessed discussions in an online forum used by OpenAI employees to discuss their latest technologies.
The breach was disclosed to OpenAI employees during an April 2023 meeting at their San Francisco office, and the board of directors was also informed. According to sources, the hacker did not penetrate the systems where OpenAI develops and stores its artificial intelligence. Consequently, OpenAI executives decided against making the breach public, as no customer or partner information was compromised.
Despite the decision to withhold the information from the public and authorities, the breach sparked concerns among some employees about the potential risks posed by foreign adversaries, particularly China, gaining access to AI technology that could threaten U.S. national security. The incident also brought to light internal disagreements over OpenAI's security measures and the broader implications of their AI technology.
In the aftermath of the breach, Leopold Aschenbrenner, a technical program manager at OpenAI, sent a memo to the company's board of directors. In his memo, Aschenbrenner criticised OpenAI's security measures, arguing that the company was not doing enough to protect its secrets from foreign adversaries. He emphasised the need for stronger security to prevent the theft of crucial AI technologies.
Aschenbrenner later claimed that he was dismissed from OpenAI in the spring for leaking information outside the company, which he argued was a politically motivated decision. He hinted at the breach during a recent podcast, but the specific details had not been previously reported.
In response to Aschenbrenner's allegations, OpenAI spokeswoman Liz Bourgeois acknowledged his contributions and concerns but refuted his claims regarding the company's security practices. Bourgeois stated that OpenAI addressed the incident and shared the details with the board before Aschenbrenner joined the company. She emphasised that Aschenbrenner's separation from the company was unrelated to the concerns he raised about security.
While the company deemed the incident not to be a national security threat, the internal debate it sparked highlights the ongoing challenges in safeguarding advanced technological developments from potential threats.