Tag: didn’t | SpinSafe

Security firm now says toothbrush DDOS attack didn’t happen, but source publication says company presented it as real

February 12, 2024/in Internet Security

Update 2 — 2/9/2024 6:30am PT: The security company at the nexus of the original report that three million toothbrushes were used in a DDOS attack has now retracted the story and claimed it was a result of a mistranslation — but according to the news outlet that published the initial report, that statement isn’t true. The reports of this story are not based on a mistranslation by the media. The publication claims Fortinet presented the story as having actually happened and approved the text of the article, which had been submitted to Fortinet prior to publication.

Here’s the Aargauer Zeitung’s (the source of the story) statement on the matter (via Google Translate):

What the Fortinet headquarters in California is now calling a “translation problem” sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats -Attack described.

Fortinet provided specific details: information about how long the attack took down a Swiss company’s website; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was out of consideration for its customers.

The text was submitted to Fortinet for verification before publication. The statement that this was a real case that really happened was not objected to.

Fortinet’s global management has now backtracked on its statement, which was sent to various international media outlets. The company also failed to send this to CH Media. We have not yet received any further statements from Fortinet.”

EDIT 2/7/2024 — 3:30pm PT: Fortinet sent us a statement indicating that the report of the toothbrush attack is inaccurate:

“To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.” – Fortinet.

The original text of the source report read:

“She’s in the bathroom at home, but she’s part of a large-scale cyber…

Source…

Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

January 11, 2024/in Computer Security

Security firm Mandiant says it didn't have 2FA enabled on its hacked Twitter account

Anyone who works in computer security knows that they should have two-factor authentication (2FA) enabled on their accounts.

2FA provides an additional layer of security. A hacker might be able to guess, steal, or brute force the password on your accounts – but they won’t be able to gain access unless they also have a time-based one-time password.

So, how come Mandiant didn’t have 2FA protecting its Twitter account, which was hacked last week to promote a cryptocurrency scam?

Mandiant promised in the wake of the hack that it would share details of what had happened, and – true to its word – it’s done just that.

Mandiant explanation

But Mandiant’s explanation of how it was hacked raises some more questions.

We have finished our investigation into last week’s Mandiant X account
takeover and determined it was likely a brute force password attack,
limited to this single account.

What they seem to be saying is that someone tried over-and-over-and-over-and-over again again to break into Mandiant’s Twitter account, or rather used a computer to do it for them… and eventually they got lucky.

You have to wonder just how long and complicated Mandiant’s Twitter password was if that really was the case.

Presumably Mandiant has now changed the password, so why don’t they tell us what it was? Maybe we could all learn something if we knew just how much effort the hackers had to go to to bruteforce Mandiant’s password, and how long it might have taken them.

PS. “likely”? Sounds like Mandiant isn’t really sure.

My guess had been that perhaps Mandiant’s Twitter account was compromised in a similar way to that of another firm hacked around the same time – CertiK.

In that case the hackers contacted CertiK posing as a Forbes journalist, and tricked an employee into clicking on a link that posed as a calendar scheduling link for an interview.

Anyway, lets look further at what Mandiant has to say about its security breach:

Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We’ve made changes to our process to ensure this doesn’t happen again.

Well, there’s a carefully worded sentence!…

Source…

Shimano Was the Victim of a Ransomware Attack and Didn’t Pay the Ransom. Hackers Then Published a LOT of Data.

November 28, 2023/in Internet Security

Shimano, one of the world’s leading cycling component manufacturers, came under fire from hackers at the beginning of the month, when the company was the victim of a ransomware attack involving 4.5 terabytes of sensitive company data.

Who perpetrated the ransomware attack?

According to Cycling News, “The attacker, LockBit, is a cybercrime group that uses malware to breach sensitive company data and then attempts to extort money in exchange for avoiding its public release.

“Cyber-crime protection company Flashpoint describes it as the world’s ‘most active’ ransomware group, saying it is responsible for 27.93 percent of all known ransomware attacks.”

What kind of data was leaked?

Escape Collective first reported earlier this month that the hackers threatened to publish 4.5 TB of confidential data unless Shimano paid an unspecified ransom. This data, according to a notification published by the hackers on the LockBit website, included:

Confidential employee details – including social security numbers, residential addresses, and passport scans
Financial documents – including balance sheets, budget, bank statements, cash flow and tax details
Client database – including contact details, reports, minutes from meetings, factory inspection results, incident reports, and legal documents
Confidential diagrams and drawings, laboratory tests, NDAs, contracts, and development materials.

They put a deadline on the ransom for November 5, 2023. And when demands were not met, the notice on LockBit’s website changed, stating that “all available data [had been] published”. But there was no corresponding download link to access the data.

Until recently. Escape Collective updated their report late last week saying that when contacted, “a cyber-security firm active in the space suggested that the delay in publication could indicate Shimano was in negotiations. Multiple attempts to contact LockBit itself via Sonar, a web messenger in the Tor darknet browser, went unanswered.”

But at least some of the data has indeed been published. Escape Collective reported that made public were, “multiple folders with subfolders upon subfolders nestled within them. Some documents are in English, some…

Source…

Southeastern Louisiana University Says Hackers Didn’t Get Personal Info

August 6, 2023/in Computer Security

(TNS) — Six months after Southeastern Louisiana University’s systems were taken offline in response to a cybersecurity attack, the school announced Thursday that no personal identifiable information or educational records were stolen in the incident.

Southeastern took its network offline Feb. 23 in response to the security incident, which left students and faculty without access to the school’s website, email or portal for submitting assignments for nearly four weeks while officials worked with Louisiana State Police to investigate the incident.

The school said in a statement it worked with the Division of Administration, Louisiana National Guard, LSP, FBI, U.S. Department of Homeland Security, U.S. Secret Service and the Governor’s Office of Homeland Security and Emergency Preparedness during the investigative process.

“Investigations as complex as this take time, and it was important that the work was conducted with the highest level of diligence to ensure the most thorough and complete results possible,” the university wrote in its statement.

While neither Southeastern nor LSP have provided much detail about the incident, a cybersecurity expert with New Orleans and South East Information Technology Group, a Hammond-based cybersecurity firm, found 150 gigabytes of SELU data on the “dark web” in April, made available by a ransomware group named “BianLian.” The claim was also verified by sources at cybersecurity firm Postlethwaite & Netterville.

Source…

Tag Archive for: didn’t

Who perpetrated the ransomware attack?

What kind of data was leaked?