Toronto Zoo says credit card info ‘leaked on the dark web’ in cyber attack
The Toronto Zoo says transaction data, including credit card information, was “leaked on the dark web” following a cyber attack more than a year ago. The zoo published a final update this weekend on the January 2024 incident, saying information about all guests and members who paid general admission and made membership purchases between 2000 and April 2023 was obtained in the ransomware attack. The data that was compromised includes first and last names and, in some records, street addresses, phone numbers and email addresses. For guests and members who made credit card transactions between January 2022 and April 2023, the last four digits of their credit card and expiration dates were taken.
Indian Stock Broker Angel One Discloses Data Breach
Indian stock brokerage firm Angel One on Friday disclosed a data breach impacting client information stored in its Amazon Web Services (AWS) account. The incident, the company said, was discovered after it received an email alert from a ‘dark web monitoring partner’ on February 27, regarding a ‘data leakage post’. “After analyzing the post, it was ascertained that some of Angel One’s AWS resources were compromised,” the company said. Angel One says it immediately changed the passwords for its AWS cloud and related applications, and that it retained external experts to investigate the incident, assess the scope of the data breach, and identify its root cause.
Several local governments struggling with cyberattacks limiting services
Government services offered by one of the largest counties in Maryland are still being limited more than a week after it was targeted by a cyberattack. Anne Arundel County, home to nearly 600,000 people and the state capital of Annapolis, first announced the incident on February 23 and as of Monday is warning residents that multiple services are still down. 911 and 311 call centers are operational but County Executive Steuart Pittman said many other services are impacted by the shutoff of internet access — an action taken to “ensure the safety” of government systems. County officials initially said the attack was “of external origin” and was considered a “multi-day event.”
Hackers launder most of Bybit’s stolen crypto worth $1.4B
The hackers who stole around $1.4 billion in cryptocurrency from crypto exchange Bybit have moved nearly all of the robbed proceeds and converted them into Bitcoin, in what experts call the first phase of the money-laundering operation. On February 21, Bybit said that a “sophisticated attack” on one of the company’s wallets resulted in the theft of 401,346 Ethereum, worth around $1.4 billion at the time, in what is the largest crypto theft in history and possibly the largest heist of any kind ever. Blockchain monitoring firms and researchers, as well as the FBI, have accused the North Korean government of being behind the hack.
Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
The Splunk Threat Research Team discovered a mass exploitation campaign from Eastern Europe targeting ISPs in China and the U.S. West Coast to deploy info stealers and crypto miners. Threat actors use weak credential brute force to gain access to target systems, then deploy cryptocurrency miners and crimeware with capabilities like data exfiltration, persistence, self-termination, and pivot attacks. The malware disables remote access to entrench itself further. “The Splunk Threat Research Team observed actors performing minimal intrusive operations to avoid detection, with the exception of artifacts created by accounts already compromised. This actor also moves and pivots primarily by using tools that depend and run on scripting languages (e.g., Python and Powershell), allowing the actor to perform under restricted environments and use API calls (e.g., Telegram) for C2 operations.” reads the report published by Splunk. “The IP CIDR ranges observed indicate specific targeting of ISP infrastructure, likely with the purpose of performing cryptomining operations (XMR).”
Two Venezuelans Arrested in US for ATM Jackpotting
The US Justice Department announced on Tuesday that two Venezuelan nationals were arrested and charged recently over their role in an ATM jackpotting scheme. In ATM jackpotting attacks, an ATM is hacked by installing a piece of malware on its hard drive or by replacing the drive with an infected device. The malware gives the attacker control over the ATM and causes it to dispense cash without the need to target a specific bank account. The latest suspects identified and arrested by US authorities for conducting ATM jackpotting are David Jose Gomez-Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, both of Venezuela.
