Highlights
The risk of cyber threats through the month of August has grown exponentially – bringing cybersecurity to many global industries’ priorities.
We’d like to start our newsletter with 2022 statistics, revealing the rising cost of data breaches.
- Black Kite’s “The Cost of a Data Breach: A New Perspective” global report finds that the current average data breach cost is $15.01 million. Within the next three years, the global cost of cybercrime is expected to reach $10 trillion.
- IBM’s “Cost of Data Breach” 2022 Report states that the healthcare sector set a new record of $10.10 million in average breach costs and has the highest breach costs on the global average.
Through August, cryptocurrency exchange sites and bridge platforms suffered from various cyberattacks and the third-biggest crypto heist of 2022 occurred. Cryptocurrency mixer, Tornado Cash, was blacklisted by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) for money laundering.
A 0ktapus phishing campaign compromised data of about 10 000 profiles, part of 136 different organizations. Up to $10 million is currently offered by the U.S. State Department of Justice to identify members of the Conti ransomware group. In other news, Google blocks the largest distributed denial-of-service (DDoS) attack to date.
Read on to find out August updates pertaining to the cybersecurity space.
Cybercrime Breaking News
A widespread phishing campaign has compromised 9,931 accounts by targeting 136 organizations, including MailChimp, Twilio, and CloudFlare amongst many others. The aim of the malicious actors was to abuse the service provided by Okta, the identity and access management organization.
Impersonating Okta, they sent company users text messages, prompting them to enter their Okta identity credentials and two-factor authentication (2FA) codes. The threat actors, now labeled as 0ktapus, gained access to corporate networks via remote access devices.
Palto Alto makes patches available against a firewall vulnerability used in distributed denial-of-service (DDoS) attacks. The high-severity vulnerability, CVE-2022-0028 (CVSS score: 8.6), could allow malicious actors to carry out reflected and amplified TCP denial-of-service (DoS) attacks.
Due to evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw in Palo Alto Networks’ PAN-OS to its Known Exploited Vulnerabilities Catalog.
Google blocks the largest distributed denial-of-service (DDoS) attack to date, peaking at 46 million requests per second (RPS). The HTTPS DDoS attack occurred at the beginning of June and targeted an unnamed Google Cloud Armor customer.
On August 17th, Apple released two updates to patch zero-day vulnerabilities in iOS’s, iPAdOS’s, and macOS’s WebKit and Kernel. The security vulnerabilities could potentially allow malicious apps to execute arbitrary codes (even with kernel privileges) thus overtaking the devices. The threats were addressed with improved bound checking.
Apple representatives state that the vulnerabilities “may have been actively exploited” in the past and urge users to update their iOS devices.
The Python Package Index, PyPI, alerted Python Project Maintainers against an ongoing phishing campaign. Representatives stated that “this is the first known phishing attack against PyPI.” Hackers are currently trying to insert malicious updates to legitimate packages using stolen developer credentials.
Microsoft Threat Intelligence Center (MSTIC) reveal that Iranian hackers, MuddlyWater or MERCURY, are still exploiting the Log4j vulnerability to target SysAid applications, which are an IT management software used by Israeli organizations. MSTIC are confident that “MERCURY’s observed activity was affiliated with Iran’s Ministry of Intelligence and Security (MOIS)”.
A ransomware attack, said to be perpetrated by LockBit, cripples Center Hospital Sud Francilien (CHSF)’s “business software, storage systems (in particular medical imaging) and the information system relating to patient admissions.” The malicious actors demanded a $10 million ransom in exchange for the decryption key.
Cyberwar between Russia and Ukraine: Updates
Killnet, pro-Russian hackers, take down the Latvian parliament’s website for several hours during a denial-of-service (DDoS) attack. The hackers have declared “war” on nations that ally with Ukraine during the conflict with Russia.
Cybersecurity Justice
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctions cryptocurrency mixer Tornado Cash for money laundering. In an official statement, they allege that the mixer has been “used to launder more than $7 billion worth of virtual currency since its creation in 2019”, including $455 million that was said to have been stolen by the North Korean state-sponsored Lazarus Group.
The U.S. State Department of Justice is offering a reward of up to $10 million for information to identify five members of the Conti ransomware group. Issuing a photo of threat actor, “Target”, the Department is also looking to identify “Reshaev,” “Professor,” “Tramp,” and “Dandis”.
FBI warns investors to be more cautious when using DeFi platforms, as exploitation of vulnerabilities by bad actors is on the rise.
FinTech Updates
Cryptocurrency platform Nomad was robbed of about $190 million in just a few hours in the beginning of August. Malicious actors exploited a vulnerability in the Replica contract, which allowed users to replace addresses within working transactions with their own.
According to Comparitech’s worldwide cryptocurrency heists tracker, this is the ninth-biggest crypto heist in history.
Hackers “cloned” Curve Finance’s, an exchange liquidity pool, DNS to send users to a fake site. As a result, over $500K is said to have been stolen from wallets.
More than $4 million is believed to be stolen from about 9,000 crypto wallets on the Solana blockchain, since the beginning of August.
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.