Welcome to our weekly dose of critical cyber stories. So what are the top cybersecurity stories from the third week of August 2023?
In one of the most surprising incidents, Norfolk and Suffolk Police in the UK have accidentally released thousands of personal data belonging to victims and witnesses. We’ve also seen a new wave of ransomware attacks, and disruptions in the real estate industry.
Here are this week’s top stories:
Norfolk and Suffolk police accidentally cause major data breach
In a significant data breach, Norfolk and Suffolk constabularies inadvertently released raw data, which included personal details from crime reports. This breach affected 1,230 individuals, revealing personal identifiable information of victims, witnesses, and suspects, along with descriptions of various offences.
BREAKING: The personal information of 1,230 people – including victims of crime and witnesses – were included in Freedom of Information responses issued by Norfolk and Suffolk Police.https://t.co/PAiZ4D1jU3
📺 Sky 501, Virgin 602, Freeview 233 and YouTube pic.twitter.com/zr38ockVuQ
— Sky News (@SkyNews) August 15, 2023
The data was unintentionally sent out in response to Freedom of Information (FOI) requests for statistics between April 2021 and March 2022. Although the raw data was hidden from anyone accessing the files, it should not have been included. The police are now in the process of contacting those affected, with the aim of completing this by the end of next month. The Information Commissioner’s Office (ICO) has been informed and is currently investigating the situation.
Knight Ransomware distributed as TripAdvisor complaints
The Knight ransomware, a recent rebrand of the Cyclop Ransomware-as-a-Service, is being disseminated through a spam campaign disguised as TripAdvisor complaints. Originating as the Cyclops ransomware operation in May 2023, the ransomware underwent a name change at the end of July 2023. The current spam campaign, identified by Sophos researcher Felix, sends out emails with ZIP file attachments labeled ‘TripAdvisorComplaint.zip’.
These ZIP files contain an executable named ‘TripAdvisor Complaint – Possible Suspension.exe’. A newer version of this campaign has an HTML attachment that, when opened, uses a phishing technique to display a fake TripAdvisor browser window. Clicking on the ‘Read Complaint’ button in this window downloads an Excel XLL file that, when opened, triggers the Knight Lite ransomware encryptor. The ransom note demands a $5,000 payment in Bitcoin, but it’s advised not to pay as there’s no guarantee of receiving a decryption tool.
Real Estate markets disrupted by a cyberattack on listings provider
The US real estate sector has been grappling with disruptions for five days due to a cyberattack on Rapattoni, a California-based company that offers a vital online service for tracking home listings. This attack, initiated last Wednesday, targeted Rapattoni, which provides Multiple Listing Services (MLS) to regional real estate groups across the country.
MLS is pivotal for offering immediate data on upcoming market listings, offers to purchase, and sales of listed properties. Peg King, a real estate agent from California’s Sonoma County, highlighted that the cyberattack has rendered real estate MLS systems across the nation inoperative since Wednesday. As a result, new homes can’t be listed, prices can’t be changed, and open houses can’t be marked. While Rapattoni has acknowledged the cyberattack, it is widely speculated to be a ransomware attack. The incident underscores the tangible disruptions cyberattacks can inflict on services that many rely on.
Cybercriminals fall victim to their own malware
In an ironic twist, approximately 120,000 computers infected by stealer malware have been linked to credentials associated with cybercrime forums, many of which belong to the hackers themselves. This revelation comes from Hudson Rock, which analyzed data from compromised computers spanning 2018 to 2023. Cybercriminals typically infect computers by promoting fake software results or through misleading YouTube tutorials.
However, some hackers have inadvertently infected their own systems. The data obtained from these compromised machines can be extensive, revealing hackers’ real-world identities through various indicators. Information stealers have significantly contributed to the malware-as-a-service (MaaS) ecosystem, making them a primary initial attack vector for threat actors. The cybercrime forum with the highest number of infected users was identified as Nulled.to, followed by Cracked.io and Hackforums.net. Interestingly, passwords from cybercrime forums were found to be stronger than those used for government websites.