We have rounded up the week’s most important cybersecurity news.
- Robinhood suffered a data breach affecting its customers, the data later surfaced on the dark web.
- «Gosuslugi» came under a DDoS attack, and the Gosuslugi chatbot started denying the existence of the coronavirus, as well as talking about plans for a “world government”.
- U.S. authorities and Europol have stepped up the hunt for those involved in ransomware attacks.
Data on Russians who bought fake vaccination certificates are on sale online
In darknet and Telegram channels, databases containing citizens who allegedly purchased fake vaccination certificates for COVID-19 vaccination and PCR tests were put up for sale, according to «Ъ».
A database of a thousand entries costs $120. It contains passport details, SNILS, phone numbers and addresses, and information about the date of certificate issuance.
In the largest database there are data on more than 500,000 people; the price per person is about 30-40 rubles. For now, the data set includes information only from the Moscow region.
Experts forecast that criminals may start extorting those in the database, even if they did not purchase fake certificates. Under Article 327 of the RF Criminal Code, the purchase, storage, transport for use or sale, or use of a knowingly forged COVID-19 vaccination certificate is punishable by up to one year in prison.
Gosuslugi came under a powerful DDoS attack
The Gosuslugi site was the target of a DDoS attack for two days, the most powerful in the history of the resource, according to the Russian Ministry of Digital Development.
As a result, the site was inaccessible to many users. In addition, the Gosuslugi chat bot began to say that the coronavirus does not exist, and that QR codes are part of plans by a world government to segregate the population and to enhance total digital control.
Europol arrested suspects in REvil hacking group involvement
In a joint operation across 17 countries, five people were detained, suspected of involvement with the hacker group REvil.
Romanian authorities arrested two suspects. According to Europol, the criminals are linked to around five thousand attacks in which they obtained about €500 000.
Also since February, authorities have detained three more suspects with ties to REvil. This year, two more people were arrested for belonging to the GandCrab hacker group.
Europol suspects all those detained are implicated in around 7 000 cyberattacks and attempts to extract more than €200 million from victims.
Hackers blackmailed Instagram users and forced them to film videos to lure victims into fraud scheme
In the wild, a new scheme by cryptocurrency scammers has spread. The attackers gain access to Instagram accounts via phishing links, then force their victims to shoot videos where they urge others to invest in cryptocurrencies through a particular person or service.
According to Motherboard, several victims have already fallen for it. To regain access to the account, victims are forced to record a video and then post it to their own page, continuing to spread phishing links. The hackers also gain access to emails and accounts on other platforms.
On Instagram, users were advised to create strong, unique passwords not used on other services and to enable two-factor authentication.
Robinhood client data put up for sale
The hackers gained access to the personal data of Robinhood clients. The company acknowledged the breach.
Later, data on Robinhood clients appeared on the dark web. The seller claims the database contains 5 million email addresses and the full names of 2 million users.
U.S. officials describe Russia’s next steps based on cybercrime information as a ‘test of readiness to act’
The United States expects Russia to take measures based on information provided by the U.S. about hacker attacks, said Deputy National Security Advisor Anne Neuberger, per RIA Novosti.
In November, the United States placed on the sanctions list the addresses of the Telegram bot Chatex, as well as affiliated companies Izibits OÜ, Chatextech SIA and Hightrade Finance Ltd. They pointed to ties between Chatex and the Russian exchange Suex. A co-founder of both companies is Russian Egor Petukhovsky.
Additionally, sanctions were imposed on Russian Evgeny Polyanyin and Ukrainian Yaroslav Vasinsky, who are accused of cooperation with the REvil group. The FBI has issued Polyanyin a warrant. American authorities believe he is in Barnaul.
As a reminder, in July, President Joe Biden urged Vladimir Putin to curb ransomware attacks launched from Russia against American companies.
Ministry of Digital Development announced a tender to monitor hacker forums to combat data leaks
The Ministry of Digital Development of the Russian Federation published a tender for collecting information about data leaks. The contractor will monitor hacker forums, Telegram channels, chats and other resources where such information may be sold.
The contractor will report daily statistics on the data trade, including supply and demand volumes. The contract value is over 68 million rubles.
Also on ForkLog:
- Experts said that Russian businesses have started paying ransoms to malware operators more frequently.
- Synapse Bridge cross-chain protocol prevented an $8 million hack.
- FinCEN released updated recommendations for fighting ransomware.
- Hackers attacked MediaMarkt and demanded a $50 million ransom in bitcoin.
- Experts reported a rise in the number of DDoS attacks by almost 24% in Q3 2021.
What to read this weekend?
Authorities in various countries, especially the United States, have recently stepped up efforts to identify those involved in ransomware attacks. We explain why ransomware has become such a serious threat and what consequences this may have for the cryptocurrency industry.
Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.