AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/1/2024

Two More Individuals Charged for DraftKings Hacking 

Two more individuals have been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website. The individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches, and attempted to sell access to the accounts. A third co-conspirator, Joseph Garrison, was indicted on May 18, 2023 for his involvement in the scheme. Garrison surrendered himself on the same day and pleaded guilty in November. He is scheduled for sentencing on February 1.  


Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider 

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. Prosecutors say Noah Michael Urban of Palm Coast, Fla., stole at least $800,000 from at least five victims between August 2022 and March 2023. In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. 


Johnson Controls says ransomware attack cost $27 million, data stolen 

Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, air conditioners, and fire safety equipment. As first reported by BleepingComputer, Johnson Controls suffered a ransomware attack in September after the firm’s Asia offices were initially breached, and the attackers spread throughout their network. The attack forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems. 


Europcar denies data breach of 50 million users, says data is fake 

Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers. On Sunday, a person claimed to be selling the data for 48,606,700 Europcar.com customers on a popular hacking forum. The post included samples of the stolen data for 31 alleged Europcar customers, including names, addresses, birth dates, driver’s license numbers, and other information. However, after contacting Europcar last night, BleepingComputer was told that the breach was fake and that the data was fabricated using artificial intelligence. 


Cisco’s head of security thinks that we’re headed into an AI phishing nightmare 

Cybersecurity attacks are an increasingly costly nightmare for companies, and AI will only make it easier for victims to fall for their most common form: phishing scams. Generative AI tools like ChatGPT are capable of producing written work that humans have difficulty detecting. And as these tools evolve, phishing attackers may use the technology to send email traps disguised as work messages that even some of the most cautious people may have trouble discerning as fake. “It’s going to get harder for humans to distinguish between legitimate activity versus a malicious attack,” says Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration. 


Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack 

As a result of speculations surrounding the hacking, Ripple’s XRP token fell over 4% to $0.50. However, reports suggest the funds were stolen from Ripple co-founder Chris Larsen’s personal wallet and not from cryptocurrency firm Ripple itself. According to Ripple’s co-founder Chris Larsen’s post on X (Twitter), on Tuesday (30th January 2024) unauthorized access to some of his “personal XRP accounts (not Ripple)” occurred. He categorically denied attackers targeting any of Ripple network’s accounts. Ripple CEO Brad Garlinghouse clarified that the incident was an individual security breach and should not be considered a Ripple security breach. 

Related Posts