Tag Archive for: attackers

MSI Ransomware Attackers Demand $4 Million for Stolen Data

/in


Computing hardware company MSI fell victim to a ransomware attack last week, records show.

While the details aren’t all available from the paperwork that the tech company filed with the Taiwanese Stock Exchange, the timing lines up with claims from the “Money Message” ransomware gang. If those claims are true, MSI’s stolen data files will be leaked online if the company doesn’t pay a ransom to the tune of $4 million.

It’s the latest ransomware attack to remind the tech industry that this form of hack remains one of the most serious cybersecurity threats to keep a watch for.

What to Know About the MSI Hack

The “Money Message” group has claimed to be responsible for the breach, and to require $4 million in payment in order to halt their release of the data. This stolen data includes company source code, the hackers state.

Not confirmed currently? When exactly the hack occurred, what type of data may or may not have been taken, and which encrypted systems MSI was relying on.

MSI has not disclosed the details of the ransom, but they have confirmed the breach itself. One recent study found that 30% of IT professionals say they have covered up data breaches, so this situation could be even worse.

“After detecting some information systems being attacked by hackers, MSI’s IT department has initiated information security defense mechanism and recovery procedures.” – MSI

In the same statement, the company said it had reported the incident to “the relevant government authorities.”

Ransomware Has Surged in the Past Few Years

The threat of ransomware attacks — when hackers infiltrate a system specifically in order to steal or lock up massive amounts of data unless the victim pays a big fee to reverse the damage — has long been a billion-dollar concern for industries everywhere.

In fact, total ransomware costs reached $1.2 billion in 2021. Together with general business email compromise, ransomware incidents added up to 70% of all cyberattacks between mid-2021 and mid-2022. Healthcare was one big target, due in part to the large amount of sensitive data that hospitals rely on — 1.9 million US patient records were stolen in just one 2022 incident alone.

Ransomware Is Down… But…

Source…

Attackers stole LastPass data by hacking an employee’s home computer

/in


LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage. The update provides more information about how the series of hacks happened last year that resulted in the popular password manager’s source code and customer vault data being stolen by an unauthorized third party.

Last August, LastPass notified its users of a “security incident” in which an unauthorized third party used a compromised developer account to access the password manager’s source code and “some proprietary LastPass technical information.” The company later disclosed a second security breach in November, announcing that hackers had accessed a third-party cloud storage service used by the password manager and were able to “gain access to certain elements” of “customers’ information.”

On December 22nd, LastPass revealed that the hackers had used information from the first breach in August to access its systems during the second incident in November and that the attacker was able to copy a backup of partially encrypted customer vault data containing website URLs, usernames, and passwords. LastPass then advised its users to change all of their stored passwords as “an extra safety measure,” despite maintaining that the passwords were still secured by the account’s master password.

Now, LastPass has revealed the threat actor responsible for both security breaches was “actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities” between August 12th and October 26th. During this time, the attacker stole valid credentials from a senior DevOps engineer to gain access to shared cloud storage containing the encryption keys for customer vault backups stored in Amazon S3 buckets. Using these stolen credentials made it difficult to distinguish between legitimate and suspicious activity.

It’s suspected the hacker accessed the private computer via Plex media software installed on the machine

Just four DevOps engineers had access to the decryption keys needed to access the cloud storage service. One of the…

Source…

Oakland ransomware attackers leak ‘confidential’ data

/in


LATEST March 3, 5:30 p.m. Play Ransomware, the hacker group claiming responsibility for a ransomware attack on Oakland in February, has published confidential data, Emsisoft threat analyst Brett Callow confirmed to SFGATE, though the contents have yet to be confirmed by SFGATE. The group claims the leak contains 10 gigabytes of compressed data.

The city of Oakland declined to provide comment to SFGATE about the attack, instead referring back to its statement published earlier Friday.

March 3, noon Weeks after Oakland confirmed that it fell victim to ransomware, the alleged attackers have come out to claim the cyberattack — and detailed the extent of their purported conquest.

As first noted by Philadelphia cybersecurity analyst Dominic Alvieri, the hacker group Play Ransomware claims that it was responsible for the attack on Oakland, which rendered many city services inoperable for a stretch of time in February. 

The possible extent of the leak is troubling: According to a screenshot first obtained by cybersecurity news site and forum Bleeping Computer, the group obtained access to “private and personal confidential data, financial, gov and etc. IDs, passports, employee full info.” 

“The claim appears official and data should be leaked within about two hours I believe,” Alvieri told SFGATE in a Twitter message, adding that the estimate comes from prior “claim post timelines.” 

The city of Oakland appears aware of an impending leak, but did not identify the group or confirm the validity of its claims. 

“While the investigation into the scope of the incident impacting the City of Oakland remains ongoing, we recently became aware that an unauthorized third party has acquired certain files from our network and intends to release the information publicly,” the city said on its news page Friday. “We are working with third-party specialists and law enforcement on this issue and are actively monitoring the unauthorized third party’s claims to investigate their validity.”

It is unclear whether the city will negotiate with or pay the group. The city also did not…

Source…

GitHub Attack Allowed Attackers to Steal Okta’s Source Code

/in


Okta has, however, confirmed that attackers couldn’t access its customer data or services.

Authentication giant Okta has suffered yet another security breach. Reportedly, someone stole Okta’s source code after attacking its repositories on GitHub.

Okta’s chief security officer, David Bradbury, issued a “confidential” email notification to their “security contacts,” revealing that the suspicious activity the company detected earlier in December 2022 has led to the leaking of its code repositories.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” Okta’s notification read.

“We have decided to share this information consistent with our commitment to transparency and partnership with our customers,” Okta explained.

According to Bradbury, GitHub notified it about a possible suspicious activity and that someone accessed its code repositories. Okta launched an investigation and concluded that the access had indeed occurred. In response, the company temporarily restricted access to Okta GitHub repositories and suspected all GitHub integrations with 3rd party apps.

Okta has confirmed that the attackers couldn’t access its customer data or services, reports Bleeping Computer. Hence, users of its different services, including HIPAA, DoD, and FedRAMP, were unaffected by this incident and didn’t need to adopt threat-prevention practices.

It is worth noting that the users of these services are mainly US-based government, healthcare, and defence organizations.

Okta and Cyber Attacks

Okta is a cloud-based identity and access management platform that provides secure single sign-on, user provisioning, data security and mobile device management.

The company already had a troublesome year regarding security. In March 2022, Okta confirmed a data breach by the ransomware group LAPSUS$, and in September, Auth0, which is owned by Okta, reported the theft of its old source code.

Possible Repercussions?

There’s no doubt that source code is a valuable asset, and its stealing or leaking can have far-reaching consequences. Okta, a mainstream authentication platform, should be really…

Source…