fbpx

InForce Cyber

Threat Report July 2022

Hackers steal $6 million from blockchain music platform Audius

The decentralized music platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.

Audius is a decentralized streaming platform hosted on the Ethereum blockchain where artists can earn AUDIO tokens by sharing their music, and users can earn tokens by curating and listening to content.

After a hacker stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.

Chinese APT Group Taking Over Belgian Ministries

Multiple Chinese state-sponsored threat groups are believed to have targeted Belgium’s ministries. The claim regarding these attacks has been made by the Minister for Foreign Affairs of Belgium.

The attacks on Belgium

Belgium’s foreign minister has exposed malicious cyber activities that targeted the ministries of defense and interior.

The malicious cyber activities that were aimed at the Belgian Ministry of Defence have been associated with the threat actor Gallium.  

The cyber activities targeting FPS Interior have been linked with multiple APT groups – APT27, APT30, and APT31.

Although the ministry did not provide any further details about the attacks, it mentioned that the attacks had impacted the key characteristics of Belgium, including sovereignty, democracy, security, and society.

 

  Digital security giant Entrust breached by ransomware gang

Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.

Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions.

Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for identity management and authentication.  

This includes US government agencies, such as the Department of Energy, Department of Homeland Security, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture, and many more.

Oklahoma City Housing Authority Provides Notice of Data Breach

OKLAHOMA CITY, July 22, 2022 /PRNewswire/ – Oklahoma City Housing Authority („OCHA“) is notifying individuals of data incident. To date, we have no evidence of actual or attempted misuse of information as a result of this incident. This notice provides details about the incident, our response, and resources available to help protect information.

What Happened? On December 21, 2021, OCHA discovered unauthorized emails were sent from an OCHA email account. We quickly launched an investigation with the assistance of third-party forensic specialists to determine what may have happened. Through the investigation, we could not rule out the possibility that an unauthorized actor accessed OCHA email accounts between November 30, 2021 and December 21, 2021.  As a result, it is possible the unauthorized actor accessed certain files. We reviewed those files to determine what, if any, sensitive information was contained therein. This review was completed on June 7, 2022. Thereafter, we worked to locate address information for impacted individuals in order to notify them of this event, which was completed on June 16, 2022.   

A small Canadian town is being extorted by a global ransomware gang

The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted.

City advising past, current employees of potential data loss

NEWPORT, R.I. (FRIDAY, JULY 22nd, 2022) – After an exhaustive investigation following the discovery of a suspicious email on one of the City’s internal networks, current and former municipal employees are being notified of a suspected security incident that may have left certain personal information compromised.

Due to the City’s network architecture, no external customer data is believed to have been impacted by the incident, and all online City functions are operating normally.

All potentially impacted parties – including family members – will be notified via written correspondence beginning this week.

This particular incident was discovered on June 9th following a report of unusual network activity. The City immediately initiated its response plan, powered down or isolated certain devices and systems, and launched an investigation. In addition to working with its own IT staff, the City notified state and federal law enforcement and worked to support its investigation.

Through the investigation, the City learned that there was unauthorized activity in its network beginning June 8, 2022 through June 9, 2022. During that time, an unauthorized party obtained files stored on the City’s file servers.

The City began a careful review of the files involved and determined, on July 12, 2022, that the files containedinformation used for human resources and benefits purposes for certain current and former employees and their spouses and/or dependents, including names, addresses, dates of birth, Social Security numbers, financial account numbers used for direct deposit, and information related to group health insurance.

Hacker selling Twitter account data of 5.4 million users for $30k

Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000.  

Yesterday, a threat actor known as ‘devil’ said on a stolen data market that the database contains info about various accounts, including celebrities, companies, and random users.

„Hello, today I present you data collected on multiple users who use Twitter via a vulnerability.

(5485636 users to be exact),“ reads the forums post selling the Twitter data.

„These users range from Celebrities, to Companies, randoms, OGs, etc.“

Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy’s Health

Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill.

„Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk,“ the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said in an update.

The Kyiv-based holding company oversees nine major radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar.

Leaks and Breaches

Company

Information

Affected

 

Eastern Health (Canada)

The health authority notified individuals that their personal information was compromised in an October 2021 data breach. The number of affected individuals could potentially still rise.

37,800

 

St. Marys,

Ontario

(Canada)

On July 20th, 2022, the town was hit by a ransomware attack that locked staff out of internal systems, and encrypted data. LockBit operators added the town to their dark web site on July 22nd, 2022, and published previews of allegedly stolen files.

Unknown

 

WMTEK (US)

On July 21st, 2022, pro-choice hacktivists leaked over 74GB of data from over 120 databases connected to evangelical organisations that supported the Dobbs v. Jackson ruling reversing Roe v. Wade. The files were allegedly obtained by hacking the Florida company

WMTEK, which offers web design and development, as well as ‘donor management services’.

Unknown

 

Multiple

Organisations

(Australia)

Multiple arts organisations in Western Australia have been subject to a data breach that compromised customers’ personal information. Potentially exposed data includes names, email addresses and phone numbers. The impacted companies include Barking Gecko

Theatre Company, Black Swan State Theatre Company, Co3

Contemporary Dance, Perth Festival, Tura New Music, West

Unknown

 

 

Australian Ballet, West Australian Opera, and the Yirra Yaakin Theatre Company.

 

Newport, Rhode Island (US)

Unauthorised activity occurred on the city’s network between June 8th and June 9th, 2022. Potentially compromised data on current and former employees includes names, addresses, dates of birth, Social Security numbers, financial account numbers, and information relating to group health insurance.

Unknown

Tooele County

School District

(US)

The district suffered a data breach after a ‘technical problem’ occurred during a software transition. Users logging into their new Skyward accounts found the personal information of other students attached. The exposed data includes pictures, addresses, student IDs, and personal data.

~ 1,000

Policybazaar (India)

Multiple vulnerabilities on the company’s IT systems resulted in unauthorised access. At present, no significant customer data is believed to have been exposed.

Unknown

Bellingham

Public Library

(US)

A recent data breach at Whatcom County Library System also resulted in the unauthorised downloading of patron data of Bellingham Public Library. The data of patrons was downloaded, including names, birthdates, library card numbers, and library passwords.

735

Twitter (US)

A Breached Forums user is advertising a Twitter database allegedly containing the data of millions of users for $30,000. The data was reportedly collected in December 2021 by exploiting a vulnerability in Twitter’s Android client. Twitter is currently investigating the authenticity of the hacker’s claims.

5,400,000

Entrust (US)

The company was hit by a cyberattack on June 18th, 2022, in which the attackers stole corporate data. Whilst Entrust did not state whether ransomware was involved, BleepingComputer reported that a well-known ransomware group was behind the attack.

Unknown

 

CVE

Title

Severity

CVSS

 

Public

CVE-2022-22047

Windows CSRSS Elevation of

Privilege Vulnerability

Important

7.8

 

No

 

 

CVE-2022-22038

Remote Procedure Call Runtime

Remote Code Execution

Vulnerability

Critical

8.1

 

No

 

Here’s the top 10 list of CVEs released by Microsoft for July 2022:

 

 

 

 

                                                                                          

 

Trending Vulnerable Products

CVE-2022-30221

Windows Graphics Component

Remote Code Execution

Vulnerability

Critical

8.8

No

 

CVE-2022-22029

Windows Network File System

Remote Code Execution

Vulnerability

Critical

8.1

No

 

CVE-2022-22039

Windows Network File System

Remote Code Execution

Vulnerability

Critical

7.5

No

 

CVE-2022-30215

Active Directory Federation Services

Elevation of Privilege Vulnerability

Important

7.5

No

 

CVE-2022-23816 *

AMD: CVE-2022-23816 AMD CPU

Branch Type Confusion

Important

N/A

No

 

CVE-2022-23825 *

AMD: CVE-2022-23825 AMD CPU

Branch Type Confusion

Important

N/A

No

 

CVE-2022-30181

Azure Site Recovery Elevation of

Privilege Vulnerability

Important

6.5

No

 

CVE-2022-33641

Azure Site Recovery Elevation of

Privilege Vulnerability

Important

6.5

No