We have gathered the week’s most important cybersecurity news.
- Google has announced the launch of its own VPN service. It will initially be available to a limited set of users.
- The Ragnar Locker ransomware attacked game developer Capcom and beverage maker Campari.
- Apple and Google reported fixes for several vulnerabilities.
Researchers detail prices on the Russian market for doxxing data
DLBI published a study on the Russian market for doxxing individuals in the dark web.
The median price for obtaining information from banking databases in 2020 rose by 20%. A bank account/card statement for an individual for a month costs on average from 5,000 to 12,000 rubles.
The price of doxxing subscribers of operators — namely, call and SMS details for a month — ranges from 1,500 to 15,000 rubles depending on the operator.
To obtain data about a person from government databases (ownership information of a vehicle from the traffic police, movement data from the Rozysk-Magistral system, and passport data from the AS “Russian Passport”) an average of 1,000-1,700 rubles is paid.
For more on how the data black market operates, read ForkLog’s exclusive.
Google to launch its own VPN
Google announced the launch of its own VPN service. Access will be available to Google One subscribers for Android. Initially, availability will be limited to the United States, with support for other countries and operating systems to be added later.
Remote access to 7,500 organizations for sale
On Russian hacker forums there appeared an advertisement offering access to 7,500 organizations, mostly educational. The seller offers access to compromised networks via the remote desktop protocol.
The attacker organized an auction — the starting bid for the entire package starts at 25 BTC, and the “Buy Now” option can be purchased for 75 BTC.
Ragnar Locker ransomware attacked Capcom and Campari
The famous Italian beverage maker Campari Group, Cinzano and Appleton became a victim of Ragnar Locker ransomware. The attackers allegedly stole 2 TB of confidential data and demanded a $15 million ransom to restore the encrypted files.
In addition to Campari Group, the malware also attacked the Japanese game developer Capcom, known for Street Fighter, Resident Evil, Devil May Cry, Monster Hunter and Mega Man. The hackers claim they stole 1 TB of data.
The company did not disclose details of the attack; however a cybersecurity researcher going by the handle Pancak3 confirmed that the Ragnar Locker operators were behind it.
I can confirm that Capcom was infected with Ragnar Locker https://t.co/ily9RAzvMg
— панкак3 (@pancak3lullz) November 5, 2020
Russia to introduce fines for violations of critical information infrastructure protection
The Government of the Russian Federation has submitted a bill to the State Duma bill proposing hefty fines for violations of security requirements for critical information infrastructure and for failing to provide timely information to the authorities responsible for cyberattack response.
The fines are expected to reach up to 500,000 rubles.
US authorities reveal new malware families and step up hunt for foreign hackers
U.S. Cyber Command, in conjunction with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) detected new forms of malware ComRAT and Zebrocy, which, according to authorities, were used in attacks on government networks.
According to the report, they are used by the Turla and APT28 hacker groups, which are linked to Russia.
Beyond tracking Russian hackers, Cyber Command has in recent years, and especially ahead of the presidential elections, focused on identifying cybercriminals from China and Iran.
Apple and Google fixed several already-exploited vulnerabilities
Apple announced updates for iOS and iPadOS addressing zero-day vulnerabilities.
Google also outlined several updates aimed at patching 0-day vulnerabilities.
Should also clarify that this new 0day was seen in targeted exploitation and this is not related to any US election related targeting.
— Shane Huntley (@ShaneHuntley) November 3, 2020
Experts urged users to update their devices as soon as possible.
Brazilian Supreme Court halts operations due to ransomware attack
The Brazilian Supreme Court faced a ransomware attack, forcing it to take its systems offline. Experts suspect the attack was carried out by the RansomExx hackers.
Sites of many other government agencies were also taken offline, though it is not known whether they were attacked by the same hackers.
Private-prison operator reports ransomware attack
The GEO Group, known for its private prisons and detention centers for illegal immigrants in the United States and other countries, was subjected to a ransomware attack in the summer.
Hackers gained access to the personal data of inmates and staff at several centers in the United States.
Also on ForkLog:
- Online, discovered a database with 34 million user records from 17 companies.
- Media reported that hackers put up for sale 10,000 Robinhood user passwords.
- Researchers exposed hackers for double extortion and data storage.
- According to ESET data, in Q3 2020 the activity of stealth mining software rose.
What to read this weekend?
How Palantir works — the company that armed the intelligence services with algorithms for mass surveillance
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full stream of news, ForkLog — the most important news and polls.