InForce Cyber

Threat Report January 2022

Nobel Foundation site hit by DDoS attack on award day

The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyberattack that unfolded during the award ceremony on December 10, 2021.

Nobel is an annual prize awarded to people whose work in physics, chemistry, physiology, medicine, literature, and peace, has been exceptional and is deemed particularly beneficial to humanity.

The Nobel prize ceremony is being live-streamed from Oslo and Stockholm, and as such, DDoS attacks can interrupt the video feed and possibly even blemish the prestige of the institution. Nobel prize website targeted by DDoS attack As revealed, the institution’s site was hit by a DDoS (distributed denial of service) attack which aims to overwhelm a website with high volumes of “garbage” traffic and a large number of bogus connection requests.

Nobel is an annual prize awarded to people whose work in physics, chemistry, physiology, medicine, literature, and peace, has been exceptional and is deemed particularly beneficial to humanity.

Microsoft says it mitigated a DDoS attack that lasted approximately 15 minutes against one of its Azure customers in Asia.

A Microsoft Azure cloud computing customer in Asia was a victim of a massive 3.47 Tbps DDoS attack (distributed denial of service attack) in November 2021, the software and technology giant Microsoft revealed on January 25, 2022.

The DDoS attack lasted approximately 15 minutes and included a botnet of more than 10,000 compromised IoT (Internet of Things) devices from countries across the globe. These included Iran, India, China, Russia, Taiwan, Vietnam, Thailand, Indonesia, South Korea, and the United States.

Although it is unclear who was behind the attack, Microsoft’s report titled “Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends” dug deeper into the attack. According to the company, the attack was mitigated however the attacker employed different methods to boost the DDoS attack.

Hackers are taking over CEO accounts with rogue OAuth apps

Threat analysts have observed a new campaign named ‘OiVaVoii’, targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.

According to a report from Proofpoint, the campaign is still ongoing, though Microsoft is monitoring the activity and has already blocked most of the apps. The impact of executive account takeovers ranges from lateral movement on the network and insider phishing to deploying ransomware and business email compromise incidents.

Qubit Finance platform hacked for $80 million worth of cryptocurrency

A threat actor has used an exploit to steal approximately $80 million from Qubit Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.

The hack took place late last night, on January 27 , and was formally acknowledged by the platform within hours.

According to an incident report of the hack, Qubit said the attacker was able to steal 206,809 Binance coins (BNB) from its wallet using a vulnerability in one of its Ethereum blockchain contracts, which the company uses to process transactions for its users.

Taiwanese Apple and Tesla contractor hit by Conti ransomware

Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning.

Delta claims to be the world’s largest provider of switching power supplies and reported sales of over $9 billion last year.

In a statement shared on January 22, 2022, the company said the incident impacted only non-critical systems, which had no significant impact on its operations. AdvIntel “Andariel” platform detected the attack on January 18.

French Ministry of Justice Targeted in Ransomware Attack

Cybercriminals claim to have breached systems belonging to France’s Ministry of Justice and they are threatening to make public the files stolen from the government organization.

Threat actors who are using the ransomware named LockBit 2.0 have posted a message on their Tor-based leak website claiming to have stolen files from the Ministry of Justice’s systems.

The ministry’s press office told SecurityWeek that an investigation has been launched.

“The French Ministry of Justice is aware of the alert and has immediately taken actions to proceed to the needed verifications, in collaboration with the competent services in this field,” the statement reads.

North Korea Loses Internet in Suspected Cyber-Attack

North Korea has experienced an internet outage that may have been caused by a cyber-attack.

The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.

Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters that the latest outage could have resulted from distributed denial-of-service (DDoS) attack.

Describing the recent incident, Ali said: “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country.”.

Official Says Puerto Rico’s Senate Targeted by Cyberattack

Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page, the latest in a string of similar incidents in recent years.

Senate President José Luis Dalmau said in a statement that there is no evidence that hackers were able to access sensitive information belonging to employees, contractors or consultants, although the incident is still under investigation.

He said the incident was reported to local and federal authorities.

Leaks and Breaches

CompanyInformationAffected
Bank IndonesiaThe bank was targeted in a ransomware attack in December 2021. They claim the attack did not disrupt its public services and no critical data was stolen. Conti ransomware operators have since leaked files allegedly stolen in the attack. The group claims to be in possession of 13.88GB of data.Unknown
Griggsville-Perry School District (US)The district was targeted in a ransomware attack on January 10th, 2022, that also impacted other network areas, including disabling some of the phones. The hackers have demanded a ransom to decrypt the targeted files.Unknown
Anne Arundel Medical Center (US)The health systems owners, Luminis Health, discovered an unauthorised individual gained access to its employee email system between August 26th and September 14th, 2021. Potentially compromised information includes names, dates of birth, medical record numbers, and Social Security numbers.Unknown
Co-WIN (India)Data from the government’s Co-WIN server was allegedly leaked and listed for sale on Raid Forums. Potentially exposed information includes names, ages, genders, mobile numbers, addresses, and dates and results of COVID-19 tests. The National Health Authority has since denied the leak, stating that the platform neither collects addresses, nor PCR test results for vaccination.~ 20,000
Peachtree Orthopaedic Clinic (US)The clinic reported a breach to the United States Department of Health & Human Services on January 3rd, 2022.The breachwas reported as a hacking incident and it remains unclear what data may have been affected.53,686
Sacramento County (US)Five employees were successfully targeted in a phishing campaign on June 22nd, 2021. The attack resulted in the exposure of 2,096 records containing health information, and 816 records of personally identifiable information.Unknown
Diia (Ukraine)A hacker called ‘FreeCivilian’ claims to have hacked the Ukrainian government web portal, used by citizens to upload passports, ID cards, driver’s licences and more. On January 21st, 2022, the hacker posted data they claim to have stolen for sale on a popular hacking forum.Unknown
Patriot Front (US)Unicorn Riot published over 400GB of data relating to the far-right group, taken from their chat servers. The data includes videos, direct messages, coordination of future campaigns, and more.Unknown
Central Bank ofThe bank disclosed that customers of Acesso Soluções de~160,100
BrazilPagamento had data from the payment system Pix leaked. The leak occurred between December 3rd and December 5th, 2021.Potentially exposed data includes usernames, Individual Taxpayer Registrations, branch number, and account number.
University ofA data breach occurred after a former employee sent an email to518
Arkansas fortheir private email account that contained an Excel document with
Medical Sciencespatient information. The exposed information includes names,
(US)hospital account numbers, dates of services, insurance type, and
more. Some patients also had their dates of birth and medication
information exposed.

Here’s the top 10 list of CVEs released by Microsoft for January 2022:

Trending Vulnerable Products

Trending Vulnerable Products

Malware mentioned in Banking.