It’s been another busy week for hackers. They continue to wreak havoc around the globe, from a new targeted malicious attack on an annual whiskey auction, to a data breach at fitness tech company Kinomap, to a posting of nearly 25,000 email addresses and passwords allegedly belonging to the NIH, WHO, and the Gates Foundation. Also, late last weekend it was revealed that IT services firm Cognizant was attacked by the Maze ransomware group. The group is known for blackmailing its victims into paying in order to decrypt stolen files. All very tough stuff.
On a positive note, there’s a growing army of volunteers fighting Coronavirus crime. And 2,000 coronavirus scammers were recently taken offline in major phishing crackdown.
Feel a little better now? I hope so!
Read on for all the news in this week’s blog post. Stay healthy!
Top Global Cybersecurity News Stories
CISO Mag (April 23, 2020) French Fitness Tech Firm Kinomap Suffers Data Breach; Exposes 42 Mn User Records
An unsecured database is a reason for yet another major data breach incident. Researchers at vpnMentor found an open database, which belongs to fitness tech company Kinomap, exposing 42 million records (40GB data) of its users for at least a month. The database includes personal identity data (PII) of users from across 80 countries, including North America, Australia, Japan, the U.K., Belgium, Finland, Hungary, Portugal, France, Germany, the U.S., Canada, and South Korea.
The exposed PII included full names, home country, email addresses, usernames, Kinomap account details, gender, timestamps for exercises and the date they joined Kinomap. vpnMentor stated that it notified the French firm on March 28, 2020, immediately after the discovery. The database was fixed on April 12, 2020, after the French data protection regulator had been informed.
Kinomap creates interactive workout videos with various types of fitness machines, including Peloton products, along with coaching, and personal trainer videos, which are uploaded by Kinomap users and professional trainers from around the world.
Washington Post (April 22, 2020) Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online
Unknown activists have posted nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other groups working to combat the coronavirus pandemic, according to the SITE Intelligence Group, which monitors online extremism and terrorist groups.
While SITE was unable to verify whether the email addresses and passwords were authentic, the group said the information was released Sunday and Monday and almost immediately used to foment attempts at hacking and harassment by far-right extremists. An Australian cybersecurity expert, Robert Potter, said he was able to verify that the WHO email addresses and passwords were real.
The risk of new intrusions from the publication of email addresses and passwords is hard to measure because government and business organizations often use multi-factor authentication, which requires a temporary code or a physical token to access a computer system — even when an attacker has a valid password. U.S. government agencies use multi-factor authentication widely, though not universally, with the most sensitive computer systems most likely to have this extra layer of protection against intruders, say people familiar with federal information technology guidelines.
TechRepublic (April 22, 2020) Cyberattack on IT services giant Cognizant impacts clients
IT services firm Cognizant suffered a cyberattack on its internal systems by the Maze ransomware group, causing disruption for some of its global clients. The firm said in a statement that its "internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident."
Affected clients have been notified, and Cognizant has provided them with available indicators of compromise and other technical information, the firm said.
Cognizant is one of the largest IT-managed services companies in the world and has close to 300,000 employees and over $15 billion in revenue. It provides IT services to companies in several verticals, including manufacturing, financial services, oil and gas, technology, and healthcare.
HealthITSecurity (April 22, 2020) Sens. to DHS CISA: Issue COVID-19 Cyber Threat Guidance for Healthcare
In light of the rapid increase in COVID-19 cyber threats, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the US Cyber Command are being asked to develop and issue cybersecurity guidance to support the healthcare sector during the pandemic.
The letter, led by Sens. Richard Blumenthal, D-Connecticut and Mark Warner, D-Virginia, as well as three other Senators, raises “profound concerns” about the “unprecedented and perilous campaign of sophisticated hacking operations” from both domestic and foreign threat actors.
“The cybersecurity threat to our stretched and stressed medical and public health systems should not be ignored,” the Senators argued. “Prior to the pandemic, hospitals had already struggled to defend themselves against an onslaught of ransomware and data breaches. Our hospitals are dependent on electronic health records, email, and internal networks that often heavily rely on legacy equipment.”
ZDNet (April 22, 2020) Ransomware is now the biggest online menace you need to worry about - here's why
Ransomware attacks have become more commonplace than payment card theft incidents for the first time, as cyber criminals alter how they go about their malicious operations in an effort to gain the biggest financial reward for the least amount of effort.
Analysis of more than a trillion security events over the past year and hundreds of breach investigations by researchers at cybersecurity company Trustwave found that ransomware attacks have become the most common security incident.
Almost one in five – 18% – of incidents throughout 2019 involved ransomware attacks, where organisations found part or all of their environment compromised by network encrypting malware – and then faced a financial demand from hackers to regain access to the data.
Bleeping Computer (April 21, 2020) DoppelPaymer Ransomware hits Los Angeles County city, leaks files
The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.
The attackers are demanding a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files.
The City of Torrance is a suburb of Los Angeles located in the South Bay along the Pacific coast, with a population of approximately 150,000 people.
Other Industry News
Cyber Attack Targets Sale Of The World’s Most Expensive Whisky
The Volunteer Online Army Fighting Coronavirus Crime
2,000 coronavirus scammers taken offline in major phishing crackdown
GCHQ calls on public to report coronavirus-related phishing emails
Domain Registrars Under Pressure to Combat COVID-19-Related Scams
New Mozi Malware Family Quietly Amasses IoT Bots
Here's a list of all the ransomware gangs who will steal and leak your data if you don't pay
Weeks before US oil contract prices went negative, a spear-phishing crew went after oil firms. What did they get?
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.