2021 has been a crazy year in terms of cybersecurity so far. There have been hundreds if not thousands on attacks on corporates small and large from all across the world; there have been political cyberspace attacks and some to torment the general consumer.
June saw over 2,00,000 students’ details getting leaked as a pro-Palestinian Malaysian hacker group known as DragonForce hacked into AcadeME. On June 14, the Hive Ransomware gang leaked Altus Group’s files following their data breach.
And if that wasn’t bad enough, one of the world’s biggest web hosting providers — DreamHost, leaked 814 million records online, including customer data. Over three years of data, amounting to 86.15 GB, including WordPress login URLs, first and last names, email addresses, usernames and roles, were leaked.
And that’s just the tip of the iceberg. Here are 13 of the biggest cybersecurity attacks that took place last month.
In the News: Facebook launches Bulletin, a publishing platform for independent writers
Data for 700 million LinkedIn users goes on sale
An advertisement posted on June 22 by a hacker named ‘GOD User TomLiner’ stated that they had access to over 700 million records from LinkedIn and even posted a sample of 1 million users as proof on a popular hacker forum.
This isn’t the first data breach happening to LinkedIn this year, either. The company suffered another data breach consisting of records of 500 million users earlier in April. But, in typical corporate fashion, LinkedIn has denied both times that their servers were even compromised.
UC Browser leaking data, even in incognito mode
UC browser has long been the subject of controversy over its data collection practices. However, these controversies were much more consolidated when security researchers Gabi Cilrig and his friend Nicolas Agnese found out that the UC browser was tracking its users’ web activity and pinging it back to Alibaba’s servers.
The tracking was going on over incognito mode as well. The data sent back included the URLs a user visited and other information such as the serial number of the device, timestamp of the navigation, geolocation data and IMEI/MAC addresses.
Swedish COVID-19 lab gets breached
Another shocking incident came to light when InfoSolutions, an IT solutions provider, reported that they caught hackers breaching a COVID-19 test results database. The incident came to light on June 22, and the database was employed by 15 out of the 21 Swedish regions.
Although initial investigations revealed that the data wasn’t modified or deleted, it’s impossible to say whether or not it had been read. Swedish media reports state that the data, which includes social security numbers and likely data on COVID-19 results, was accessible for less than 24 hours.
Belgium’s third-largest city hit by ransomware
On the same day, Liege, Belgium’s third-largest city, was hit by a massive ransomware attack that disrupted the municipality’s IT network and other online services.
While city officials reported the attack as a ‘computer attack’, two of the countries radio and TV stations reported that the attack was, in fact, the work of the Ryuk ransomware gang.
In the News: Google Messages to get Auto-Delete OTPs and Categories features in India
700 GB data leaked in Ragnar Locker ransomware attack on ADATA
The Ragnar Locker ransomware gang on June 21 published download links for about 700GB of data stolen from Taiwanese memory and storage chip maker ADATA. The dataset consisted of 13 archives, all containing sensitive documents, financial files, NDAs and whatnot.
The files were hosted on Mega, a cloud-based storage service but were quickly taken down. The attack originally happened on ADATA on May 23, but the company refused to pay the ransom and restored their systems on their own.
Denmark’s national bank compromised by Russian hackers for months
As part of the SolarWinds cyber-espionage campaign attributed to the SVR, a Russian Foreign Intelligence Service by the US, Russia’s state hackers had gained access to Denmark’s central bank and planted malware that gave them network access for about six months without being detected.
The hackers are believed to be a part of the SVR’s hacking division, often known as APT29, The Dukes, Cozy Bear, or Nobelium. The breach came into the spotlight after Version2, a technology publication, obtained official documents from the Danish central bank through a freedom of speech request.
Audi and Volkswagen suffer data breach affecting 3.3 million customers
After a vendor exposed unsecured data regarding customer information on the internet, Volkswagen Group of America Inc found a data breach affecting around 3.3 million customers. Over 97% of the victims were either Audi customers or interested buyers.
Around 90,000 customers faced sensitive data leaks, including eligibility for purchase, loan, or lease, driver’s license numbers, dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers. Volkswagen is offering free credit protection and monitoring services for those affected.
Peloton Bike+ suffered from complete takeover vulnerabilities
McAfee security researchers Sam Quinn and Mark Bereza found a pretty gaping hole in the Peloton Bike+ where an attacker could infiltrate the bike’s main computer, a simple Android tablet and run just about any Android app on it. In contrast, the bike continued to function like normal.
Peloton was notified of the bug by McAfee and has since then patched the vulnerability. While the vulnerability might’ve required physical access to the bike, it wasn’t tough to exploit. It could’ve given threat actors complete control over the bike, including its camera and mic systems.
In the News: Investigations reveal hackers exploited 0-day to wipe WD devices
US nuclear weapon contractor hit by ransomware
Sol Oriens, a US unclear weapons contractor, was hit by a ransomware attack allegedly by the REvil Ransomware gang. The gang also claimed to be auctioning the stolen data online.
The gang claims to have stolen business and employee data, including salary details and social security numbers. As proof, the group also published images of a hiring overview and payroll document and a wages report.
Spanish Ministry of Labor and Social Economy cyberattacked
In what the officials reported to be a simple ‘computer attack,’ Spain’s Ministry of Labour and Social economy’s communications office and multimedia room were down. However, the Ministry’s website continued functioning as normal.
CVS health’s misconfiguration exposes billions of health records online
Researcher Jeremiah Fowler and WebsitePlanet revealed an online database belonging to CVS Health containing over a billion health records on June 15. The database wasn’t password protected and had no other type of authentication to protect it from unauthorised use.
The database was over 204GB in size and was exposed simply because of misconfigured cloud services. CVS reported that an unnamed vendor managed the database on their behalf, and public access was restricted as soon as they were notified of the exposure by WebsitePlanet.
In the News: Slack unveils Huddles, Atlas, recording and scheduling features
Israeli Cheif-of-Staff hacked by Iran’s state-sponsored cybercriminal
A state-sponsored cybercriminal working for Iran and identified as Yaser Balaghi attacked the computer of a former Israeli Defence Force chief and gained access to his entire database.
Unknowingly, the hacker later left behind a trail of his identity as he went about bragging of the hack, eventually being identified and forcing Iran to shut down a cyber operation targeting 1800 people worldwide, including Israeli army generals, Persian Gulf human rights defenders, and academics.
Electronic Arts get tricked into infiltration
Popular video game publisher, EA, was tricked into infiltration after a group of hackers gained access to its Slack channel, tricked the company’s IT support into request a multifactor authentication token to gain access to EA’s corporate network.
The hack resulted in 708 GB worth of data, including FIFA 21’s source code and tool FIFA 22 API keys, SDK and debugging tools, among other tools, SDK and API keys being sold online in a cybercriminal forum.
More on cybersecurity attacks in June 2021
Many other attacks took place all across the month, both on small and large scales. Microsoft’s Halo dev site was breached using a dependency hijacking method by a researcher who had ethically hacked over 35 major tech companies.
A hacker tried to extort a Dutch pizza chain — New York Pizza, which led to disclosing the breach. American supermarket chain Wegmans also saw a similar breach, disclosing that a breach had leaked customer data. And while we’re still on the topic of food companies, Eggfree Cake Box also reported that a data breach had exposed customer’s credit card numbers.
Microsoft wasn’t spared any breath in the last month, seeing multiple attacks. Scammers bypassed Office 365 authentication in BEC attacks, while SEO poisoning was used to backdoor their systems and steal sensitive information. Windows 10 was targeted by PuzzleMaker hackers using a Chrome 0-day vulnerability, and the Office MSGraph vulnerability was exposed as well.
Several cities, municipalities and a bunch of other organisations came under fire from cyberattacks as well. A ransomware attack hit Massachusetts’ largest ferry service while Chinese threat actors hacked the NYC MTA using a Pulse Secure 0-day vulnerability. Pakistan-linked hackers also got their hands in on the action when they targeted an Indian power company with ReverseRat.
In the News: Instagram is no longer a photo-sharing app: Adam Mosseri
Great content! Keep up the good work!