Cyber Security Headlines – June 18, 2021

Ukrainian and South Korean police raids collar Clop ransomware gang suspects

Six alleged members of the notorious Clop ransomware gang were arrested in raids carried out by Ukrainian and South Korean law enforcement, who seized cash, cars, and several computers. The gang is known for targeting high-profile companies including the widely-publicized hack into defense contractor Bombardier where Clop was able to obtain blueprints for military jet radar equipment. Clop’s resume also includes reportedly swiping details related to  two million credit cards from South Korean retailer, E-Land and an attempt earlier this year to extort infosec firm, Qualys. Trend Micro recently noted that of the most notorious ransomware gangs, Clop led the way, with 5TB of stolen data published online.

(The Register)

Over one billion records belonging to CVS Health exposed online

On Thursday, WebsitePlanet, in conjunction with researcher Jeremiah Fowler, revealed that an online database, belonging to CVS Health, had no form of authentication in place to prevent unauthorized entry. The database exposed more than one billion records, including CVS website visitor IDs, session IDs, search details, and email addresses, in yet another example of misconfigured cloud services impacting security. The researchers noted that these details could prove useful to hackers wanting to craft targeted phishing attacks as well as competitors, who may be interested in CVS system search query data. WebsitePlanet privately disclosed the issue to CVS Health, who confirmed the database belonged to them and was managed by an unnamed vendor on their behalf. Public access was restricted shortly following the disclosure.

(ZDNet)

Scammers using fake Ledger devices to swipe cryptocurrency

Fraudsters are now resorting to sending fake replacement devices to customers using popular Ledger crypto security products in an attempt to steal cryptocurrency wallets. The fake devices are being sent in authentic-looking Ledger Nano X packaging along with a poorly written letter explaining that the device was sent to replace their existing one, claiming that their customer information had been leaked online. Enclosed instructions advise the recipient to connect the malicious device to their computer and enter their Ledger recovery phrase which is sent to the hackers who can then import the victim’s wallet on their own devices.​ Ledger is aware of this scam and has posted warnings about it on their dedicated phishing page.

(Bleeping Computer)

US convicts Russian national behind Kelihos botnet crypting service

Russian national Oleg Koshkin was convicted on charges related to the operation of malware crypter services including Crypt4U.com, Crypt4U.net, fud.bz, fud.re, and other websites used by the Kelihos botnet to obfuscate malware payloads and evade detection by major antivirus solutions. Koshkin was arrested in California in September 2019 and faces a maximum penalty of 15 years in prison after his scheduled sentencing in September 2021. According to the DOJ, Koshkin worked closely with the operator of the botnet, Peter Levashov, and stated, “Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos through multiple criminal affiliates.” On Wednesday, Koshkin’s co-defendant, an Estonian national named Pavel Tsurkan, also pled guilty to charges of helping hackers infect victim computers worldwide with malware.

(Bleeping Computer)

Thanks to our episode sponsor, Keyavi

Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more.

Puzzling new malware blocks access to piracy sites

Researchers are baffled by new malware designed to prevent victims from visiting software piracy sites, which ironically, is hidden in pirated copies of software distributed on the game chat service Discord and through Bittorent. Once double-clicked, the malware modifies the victim’s HOSTS file which blocks them from visiting a large number of piracy sites and then installs second executable named ProcessHacker.jpg. Sophos principal researcher, Andrew Brandt, said, “There may not even be an overall purpose to this attack at all. However, that doesn’t reduce the level of risk or the potential disruption for victims.”  Brandt urged users to install a robust security solution to spot such threats and avoid downloading pirated software.

(Infosecurity Magazine)

Reno’s Grand Sierra Resort and Casino adds security robot to its patrol team

The 100,000 square foot Grand Sierra Resort and Casino in Reno, Nevada, has added a security robot to its security team. The Knightscope K5 Autonomous Security Robot (ASR) has 360-degree view cameras, two-way communication capability, thermal imaging and an emergency call button. Working alongside the physical security team, the robot will allow security officers to see and hear what is going on, communicate with customers and staff through the robot, as well as dispatch additional security officers if needed.

(Security Magazine)

US ranks 8th in facial recognition invasiveness

Experts predict that the global facial recognition market will more than double to 8.5 billion USD by 2025. In a recent report, Comparitech studied how the 100 most populated countries use facial recognition, and measured invasiveness by comparing their use of the technology in governments, police departments, airports, schools, banks, workplaces and public transportation. The report found that 70% of governments are using facial recognition on a broad scale, 70% of police forces use some form of the technology, while 80% of countries are using facial recognition within banking and financial institutions. Six countries had no evidence of using facial recognition and only two countries, Belgium and Luxembourg, are known to have banned the use of the technology. According to the report invasiveness rankings, China and Russia occupy the top two spots respectively for most invasive use of facial recognition, while the US is ranked in an eighth-place tie with Mexico.

(Comparitech)

Facebook ads coming to a virtual reality near you

Earlier this week, Facebook announced that it will begin testing advertisements that will appear within the company’s Oculus virtual reality headsets. The Oculus headset ads will first appear in the shooter game Blaston from Resolution Games and will begin appearing in other Oculus apps in coming weeks. Facebook, which derives more than 97% of its overall revenue from advertisements, said these ads could provide new ways for software developers to generate revenue. The ads will follow Facebook’s advertising principles, giving users the same controls they have on Facebook, including the ability to hide specific ads or hide those from specific advertisers. Facebook added that the advertisements will not be based on any data that’s stored locally on user headsets.

(CNBC)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.