Samsung UK data breach and ransomware actor’s SEC complaint
Samsung discloses data breach impacting UK customers, ransomware actor files SEC complaint over victim’s failure to disclose breach and the Ddostf malware botnet. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Samsung UK discloses year-long data breach that leaked customer data
Last week, Samsung Electronics informed customers of a data breach at its UK online store. It exposed personal details like names and contact information. Financial data and passwords, however, were not affected. The company stated the breach was caused due to a vulnerability in a third-party application. This incident is the third major data breach Samsung has faced in the past two years.
2. Ransomware gang reports victim to SEC over undisclosed data breach
The ransomware group ALPHV/BlackCat recently filed a complaint with the SEC against MeridianLink. They accuse the digital lending solutions provider of failing to disclose a data breach under new SEC rules. MeridianLink acknowledges the incident but reported minimal impact and no unauthorized access. This unusual tactic by ALPHV/BlackCat could signal a new approach in ransomware strategies involving threat actors filing regulatory complaints against victims.
3. Researchers discover DDostf malware botnet targeting MySQL servers
ASEC researchers have detected a rise in Ddostf botnet attacks targeting MySQL servers on Windows. Attackers exploit vulnerable MySQL servers using weak credentials or known flaws. Once in, they install Ddostf, which waits for commands to initiate DDoS attacks. The botnet's unique capability allows it to connect to new addresses and execute commands. Administrators are urged to secure their servers with strong passwords and timely patches to thwart such campaigns.
4. U.S. feds warn of Scattered Spider’s advanced phishing methods
U.S. agencies recently warned of a cybercrime group known as Scattered Spider. Skilled in social engineering, Scattered Spider employs tactics like SIM swapping and prompt bombing to infiltrate networks. Researchers also found the group using legitimate remote access tools and impersonation tactics for data theft. The U.S. government is advising companies to strengthen their defenses with phishing-resistant MFA, application controls and recovery plans.
5. Russian cyber espionage group uses LitterDrifter USB worm to infiltrate Ukrainian entities
A Russian cyber espionage group tied to the FSB has been using a USB worm called LitterDrifter to target Ukrainian entities. Check Point reveals that the group uses this worm for large-scale data collection driven by espionage goals. LitterDrifter spreads via USB drives and connects to command-and-control servers, evolving from a PowerShell-based worm. Unique in approach, it uses domains as placeholders for C2 servers and links to a Telegram channel for C&C communication. This worm's usage marks an escalation in Russian cyber espionage efforts with a focus on intelligence gathering.
Phishing simulations & training