[German]There's a lot of trouble on in the cybersecurity area. There is a TikTok leak of source code and user data, and US authorities have seized the WT1SHOP website, which sells stolen user data (ID numbers, credit card data, etc.). Chocolate manufacturer Läderach (Switzerland), InterContinental Hotels Group, and the district capital Feldbach (Austria) have been affected by ransomware. The same is true for a U.S. school district in Los Angeles. Here's an overview of the "daily madness" in cybersecurity.
Advertising
Ransomware incidents of the week
Currently, you can assume that new ransomware infections occur somewhere every day. Here is an overview of cases that have come to my attention over the past few days
Ransomware attack on InterContinental Hotels Group (IHG)
The colleagues at Bleeping Computer point out the successful ransomware infection of the InterContinental Hotels Group (IHG) booking system in the following tweet. InterContinental Hotels Group PLC (IHG) is a British multinational company that currently operates 6,028 hotels in more than 100 countries. Its brands include hotel chains such as InterContinental, Regent, Six Senses, Crowne Plaza, Holiday Inn and many others.
writes that parts of the company's technical systems have been the subject of unauthorized activity. IHG's booking channels and other applications have been significantly disrupted and this is ongoing, it said. Bleeping Computer suspects a ransomware infection based on this information and other indications in this article.
District capital Feldbach (Austria) affected
The Styrian district capital of Feldbach (Austria) has also been affected by cyberattack, as reported by the following tweet. Austrian media DerStandard reports here, that 10 terabytes of data were encrypted in the attack. The city has received a ransom demand from the ransomware group.
Advertising
The attack took place over the weekend (in the US it was long weekend, Labor Day), then affected institutions outside the US as well. The first signs of problems were already there over the weekend, Monday the ransomware attack was clear. The city does not want to pay a ransom, and it is not yet clear whether citizens' data has been leaked.
Swizz chocolate manufacturer Läderach affected
According to the following tweet, chocolate manufacturer Läderach in Switzerland was affected by a ransomware attack. According to the post, an infection was detected on the morning of September 5, affecting the chocolatier's production, logistics and administration.
The sales and order pages seem to still be working and operations also seem to be starting up again.
Los Angeles Unified School District affected
It's an attack that is making quite a few waves in the US right now. The second largest school district in the US, Los Angeles Unified School District has been hit by a ransomware attack and has been effectively paralyzed. IT detected unusual activity in its IT systems over the weekend, which was confirmed as an external cyberattack after an initial review, according to a statement here. Despite this significant infrastructure disruption, schools opened as scheduled on Tuesday, Sept. 6. According to this tweet, the White House has engaged the Department of Education, FBI and CISA in response to the incident. Could well still hear there at some point that perpetrators have been apprehended.
Cost of HSE attack: 52 million euros
In 2021, there was a successful attack on the Irish health system HSE (Health Service Executive), and they were not operational for weeks. Now it has been revealed that the follow-up costs of this attack probably amount to at least 52 million euros.
Security expert Brett Callow points to this article with details from the Irish Times in the above tweet.
FBI and DOJ Seize WT1SHOP
FBI and DOJ have announced that they have seized four domains from WT1SHOP. It is a personally identifiable information (PII) marketplace that traded more than 5.85 million records.
Above tweet links to this US Department of Justice notice where details can be read. The criminal complaint states that Nicolai Colesnicov, 36, from the Republic of Moldova, operated WT1SHOP. The online market allowed sellers to sell stolen credentials and other personal data. Among them were about 25,000 scanned driver's licenses/passports, 1.7 million credentials for various online stores, 108,000 bank accounts and 21,800 credit cards.
The TikTok data and source code leak
Then there was the case of the source code and user data of the Chinese video platform TikTok becoming public through a leak. Colleagues write in the following tweet and this article, that the operator Bytedance denies that there was a security incident.
Last Friday, a hacker group called "AgainstTheWest" created a post on a hacking forum. There they claimed to have broken into both TikTok and WeChat. Screenshots were shared of a purported database of Bytedance that was allegedly tapped from an Alibaba cloud instance. The database contained data on TikTok and WeChat users. However, TikTok denied this to Bleeping Computer.
Security researcher Bob Diachenko writes in the above tweet, that the repros contain real data. The data probably comes from Hangzhou Julun Network Technology Co, Ltd rather than TikTok. But the whole thing raises questions, of course.
Mirai botnet targets D-Link devices
The tweet below from The Hacker News links to this article and indicates that MooBot, a new variant of Mirai Botnet has been discovered. This variant attacks unpatched D-Link devices to include them in its denial of service botnet.
And finally: According to this tweet, the database with all citizens of Indonesia (105 million) was posted by an attacker on the dark net. IT security is a night mare at the moment.
Advertising
