David
FTC Fines Avast $16.5M for Selling User Data – February 23rd
The U.S. Federal Trade Commission (FTC) filed a complaint against Avast for selling user data, along with a $16.5M fine. The FTC's complaint claims "Avast unfairly collected consumers' browsing information through the company's browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and consumer consent."
I-Soon Leak Offers Glimpse Into Chinese Hacking Campaigns – February 22nd
The Chinese Police reported on a nation-state sensitive data leak on Chinese company, I-Soon. The data uncovers in detail, methods used by Chinese authorities to surveil dissidents, and hacking networks across Central and Southeast Asia.
Ransomware Attacks Decline by 11% in 2023 – February 21st
IBM X-Force released a report, disclosing that ransomware attacks declined by 11.5% in 2023, compared to 2022. IBM says the decline in ransomware attacks is largely due to the new cybercrime focus of infostealing tactics which rose by 32%. IBM X-Force's report gathered data for the report based on 150 billion daily security events from 130 countries last year.
International Law Enforcement Seizes LockBit’s Website – February 20th
U.S. and U.K. authorities announced the seizure of the LockBit ransomware gang's extortion website. The "Operation Cronos" campaign was led by the UK's National Crime Agency, the US Federal Bureau of Investigation, and Europol, in collaboration with a coalition of police agencies from 9 countries globally. However, LockBit posted messages on an encrypted messaging app saying its backup servers were unaffected.
‘Ransomania’ Ransomware Repository Launches – February 19th
Cyberint announced the launch of 'Ransomania' a free-to-use ransomware attack repository featuring thousands of recorded ransomware attacks. Ransomania allows users to browse a global map of ransomware hotspots, filtered by region, industry, and time of attack.
iOS Trojan Steals Facial Recognition Data – February 16th
Group-IB discovered a new iOS Trojan named "GoldPickaxe.iOS" that was built to steal facial recognition data from infected iOS devices. The 'GoldPickaxe' Trojan abuses the TestFlight exploit, which sends users innocent URLs that downloads the malware when clicked. According to Group-IB, the stolen biometric data is used to gain unauthorized access to banking accounts.
11 Romantic AI Chatbots Fail Security Tests – February 15th
The Mozilla Foundation released research that unveils that all 11 romantic AI chatbots tested, failed security and privacy tests. All 11 chatbots feature data privacy concerns, pulling much more data than is needed from the collective 100 million users of these chatbots. Mozilla urges these chatbots to minimize exploiting vulnerable users through more transparent data privacy practices.
Facebook Marketplace User Data For Sale – February 14th
A cyber-criminal known as "algoatson" placed the data of over 200,000 Facebook Marketplace users for sale on Breach Forums, an illicit marketplace. The Facebook Marketplace compromised user information including full names, passwords, Facebook IDs, emails, and phone numbers, which was claimed to be stolen on October 2023.
US Adults Lose Over $10B to Fraud in 2023 – February 13th
According to the US Federal Trade Commission (FTC), US adults lost over $10B to cyber fraud incidents in 2023, led by investment scams. Marking a historic rise, the rates of US fraud incidents rose by 14% compared to 2022. Leading fraud incidents consist of investment scams, e-commerce fraud, fake prize scams, and business and job opportunity scams.
UK Claims e-Visas to be an ‘Enhanced Security’ Measure – February 12th
In the UK's move to phase out physical immigration documents by 2025, the UK’s Home Office claims the implementation of e-Visas to be not only for convenience and cost safety but also for 'enhanced security'. Although not much information is known on the newly implemented e-visa, the UK Home Office claims the e-visa to be securely linked with biometric information for enhanced security measures.
Blocked IP Addresses Increase by 116% – February 9th
According to a report by Qrator Labs, blocked IP addresses associated with malicious activity increased by 116% in Q3 2023. The increase in blocked IP addresses is credited to threat actors attempting to bypass geo-blocking. Top top 5 countries originating these blocked IP addresses consist of the United States (5.66 million), China (4.97 million), Germany (1.39 million), Indonesia (1.32 million), and Singapore (1.03 million).
Ransomware Payments Reach a Collective Payout Estimated at $1B in 2023 – February 8th
According to Chainalysis, the estimated total value received by ransomware attackers reached $1.1B in 2023. The Chainalysis report also states that the estimated $1.1B only pertains to ransomware demands collected, and does not account for operational and third-party disruption costs.
Chinese Malware Breaches Dutch Defense Department – February 7th
Specialists from the Netherlands' Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) announced a Chinese nation-state-sponsored malware 'Coathanger' and its breach on the Dutch Ministry of Defense (MoD). The stealthy 'Coathanger' malware's code revealed a remote access trojan (RAT) specifically built to infiltrate Fortinet's FortiGate firewalls through the 'CVE-2022-42475' vulnerability, which resulted in stolen user account credentials from the Dutch MoD's servers.
DDoS Attack on Pennsylvania Fails to Halt City Government – February 6th
Officials from the Administrative Office of Pennsylvania Courts announced their website was hit by a Distributed Denial of Service (DDoS) attack, which the city says did not compromise data or halt government operations. The attack is now being investigated by the U.S. Department of Homeland Security and the Federal Bureau of Investigation to uncover the hackers behind the attack and to ensure it is not a symptom of a larger-scale ransomware attack.
US Sanctions 6 Iranian Officials for Cyber Espionage Attacks – February 5th
The US Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions placed on six Iranian officials behind cyberattacks on US critical infrastructure entities. The Treasury Department further stated all six officials have strong involvement in US critical infrastructure attacks using Israel-made programmable logic controllers and are suspected to span the water, healthcare, and public sectors.