JBS paid $11 million ransom to cybercriminals
The world’s largest meat processor, JBS, has confirmed that it paid a ransom of $11 million to cyberattackers who the FBI have identified as the Russian-speaking REvil gang. JBS is based in Brazil, but last week’s hack targeted servers in the U.S. and Australia. CEO of JBS USA, Andre Nogueira, noted that making the decision to pay the ransom was very difficult but added, “we felt this decision had to be made to prevent any potential risk for our customers.”
Electronic Arts’ gaming source code stolen in hack
Hackers have breached the network of gaming giant Electronic Arts (EA) and have allegedly stolen roughly 750 GB of data, including game source code and debug tools. EA confirmed the data breach was not a ransomware attack and stated, “that a limited amount of code and related tools were stolen, and we do not expect any impact to our games or our business.” The attackers claim that the stolen data provides access to all EA services, and they are attempting to sell it at a price of $28 million. The hackers have posted screenshots to prove that the data is, in fact, in their possession. A spokesperson from EA has indicated that EA does not believe any of its player data has been stolen.
Largest stolen creds market seized by law enforcement
The US Department of Justice (DOJ) announced on Thursday that a multinational operation took down Slillpp, the largest online marketplace for stolen online login credentials. Just prior to seizure, Slilpp vendors were selling more than 80 million stolen user credentials for more than 1,400 companies, some of which are high-profile ones. Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division, stated, “The Slilpp marketplace allegedly caused hundreds of millions of dollars in losses to victims worldwide, including by enabling buyers to steal the identities of American victims.”
One Fastly customer triggered major internet outage
The major internet blackout that affected high-profile websites such as Amazon, Reddit, the Guardian and the New York Times on Tuesday has been attributed to a software bug. Cloud-computing company, Fastly, has indicted that a bug in a software update issued to customers in mid-May was triggered when one of its customers changed their settings. Fastly confirmed that, within 49 minutes of the incident, 95% of their network was operating normally. The company has deployed a bug fix across its network and is performing an analysis to determine why the bug was not detected during their software quality assurance and testing processes.
Thanks to our episode sponsor, Trend Micro
Google issues fix for Chrome zero-day exploited in the wild
Nebraska Medicine data breach settlement approved
In September 2020, Omaha-based Nebraska Medicine fell victim to a cyber-attack on its systems resulting in postponement of patient appointments and forcing staff to resort to charting by hand. In February, Nebraska Medicine reported the incident to the Department of Health and Human Services as a HIPAA breach affecting more than 216,000 individuals who the provider then began notifying about the incident. A US District Court of Nebraska judge has approved a lawsuit settlement that would compensate eligible claimants up to $3,000 for time and money spent dealing with the breach. Court documents indicate the provider failed to maintain adequate privacy practices and security controls including, systems monitoring, applying system security updates and patches, appropriately limiting privileged access to systems, and enforcing use of strong passwords.
New TLS attack allows user data extraction and code execution
Researchers from three German universities have identified a new attack method against the commonly-used Transport Layer Security (TLS) protocol, that can allow a man-in-the-middle attacker to extract user data or execute arbitrary code. Researchers explained that the new attack, dubbed ALPACA, takes advantage of the fact that, “TLS does not bind a TCP connection to the intended application layer protocol.” This could allow an attacker to redirect TLS traffic to another endpoint. The researchers note that conducting such an attack would be very difficult from the internet and more plausible over a local network and advise administrators and developers to check their deployments and ensure that appropriate countermeasures are applied.
Hackers force Iowa college to cancel classes for four days (and counting)
The Des Moines Area Community College was forced to cancel classes for four straight days, beginning last Thursday, June 3, after hackers forced a shut-down parts of the their network and telephone system. The hack, which appears to be ransomware-related, has forced the college to resort to posting updates on Facebook, Twitter, and a barebones version of its website. School president, Rob Denson, posted a message on the school’s website indicating that the IT department is working with outside cyber security experts to restore service and determine whether any data was compromised. On Wednesday, the school began resuming a portion of its in-person classes.