What’s in the paper for this week’s top cybersecurity news? Cybercriminals are ending the first quarter of 2023 with a bang. From increasing ransomware threats in the transport sector to malicious scams targeting thousands of Microsoft consumers, it’s been a rather busy week in the world of cybersecurity. Here are the most notable cybersecurity incidents of the week:
Crown Resorts are investigating a global data breach
Crown Resorts is investigating a potential global data breach following a notification from a hacker group claiming to have obtained company files. The gaming and entertainment group has confirmed that it was recently contacted by a ransomware group, which claims to have illegally accessed a limited number of Crown files through the breach of a third-party file transfer service, GoAnywhere.
According to Crown Resorts, no customer data has been compromised, and business operations have not been impacted. The company has notified gaming regulators and is continuing to work with law enforcement to resolve the matter.
In recent weeks, several global firms and government institutions have reported cybersecurity incidents linked to GoAnywhere, including Rio Tinto. Managed file transfer software offered by US cybersecurity firm Fortra is used by major companies to share sensitive information via the internet.
Victoria Police has confirmed that it is investigating a report of a cyber attack “involving a gaming and entertainment group based in Melbourne.” As the investigation is ongoing, the police authorities have declined to comment further at this time.
US confirms cyber operations in Albania
In response to last year’s cyber attacks against the Albanian government, US Cyber Command operators have confirmed that they carried out an online defensive mission in Albania. The three-month deployment saw Cyber National Mission Force (CNMF) troops collaborating with their Albanian counterparts to hunt for cyber threats and identify vulnerabilities on networks in the NATO country.
It is worth noting that those attacks are believed to have been instigated by Iran, prompting Albania to consider invoking Article Five, which would have brought all NATO member states, including the US, into a confrontation with Iran.
Nathaniel Fick, US ambassador-at-large for cyberspace and digital policy, commented on the cyber mission in Albania, saying, “The United States is committed to working with Albania on securing its digital future, and ensuring that connectivity is a force for innovation, productivity, and empowerment.”
SharePoint phishing scam targets 1600 users
A new phishing scam that exploits Microsoft’s collaborative platform SharePoint has been identified. The scam has targeted at least 1,600 individuals across Europe, the US, and other countries, using a native notification mechanism. Cybercriminals have used the scam to steal credentials for various email accounts, including Yahoo!, AOL, Outlook, Office 365, and others.
According to Kaspersky security researchers, victims of the scam receive a standard notification about someone sharing a file through SharePoint. This is unlikely to arouse suspicion because it is a real notification. Upon clicking the link, victims are directed to a genuine SharePoint server hosting a OneNote file that includes another link, which is a malicious one.
The malicious link then opens a standard phishing site that mimics the OneDrive login page, and steals credentials for Yahoo!, AOL, Outlook, Office 365, or any other email service.
Ransomware attacks targeting the transport sector have doubled
According to the European Union (EU) security agency ENISA, ransomware and data breaches were the most significant cyber threats impacting Europe’s transportation sector last year, with incidents of the former almost doubling in volume. In ENISA’s first-ever threat landscape report for the sector, covering the period from January 2021 to October 2022, it revealed that ransomware incident reports increased from 13% of the total in 2021 to 25% in 2022.
However, data-related threats remained the second most prolific category over the period, after ransomware. Attackers targeted credentials, employee and customer personal information, and intellectual property. Over half (55%) of incidents tracked by ENISA over the period were traced to cyber-criminals, who were likely to be financially motivated.
South Korean Intelligence Service reports vicious Chrome malware
Users of Gmail and Chrome on their PCs should be wary of a new cyber attack that puts personal emails at risk of interception and unauthorized access by hackers. This new threat involves a fake Chrome browser extension called AF that infects computers and starts the data-stealing process from Gmail inboxes.
The malicious software was discovered by the joint cybersecurity team from the German Federal Office for the Protection of the Constitution and the National Intelligence Service of the Republic of Korea, with experts warning users to be on high alert.
It appears that victims are being deceived into installing the fake Chrome extension through scam emails, with the latest campaign initially targeting South Korea before spreading to the US and Europe.
Once the fake extension is installed, the malware hijacks accounts and gives online criminals the ability to read highly personal messages.