Tag Archive for: credit

OODA Loop – Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax

/in


The Rhysida ransomware group has claimed responsibility for a recent cyberattack on boat dealer MarineMax and is offering to sell allegedly stolen data from the company for a significant sum, starting at 15 bitcoin ($950,000). MarineMax, one of the largest retailers of recreational boats and yachts globally, reported being targeted in a cyberattack that caused some disruption, as disclosed in an SEC filing. Although MarineMax has not provided extensive details about the incident, screenshots of financial documents and spreadsheets have been published by the cybercriminals to demonstrate the theft of valuable data. However, MarineMax stated in its regulatory filing that sensitive data is not stored in the compromised environment. The Rhysida ransomware group, known for targeting various sectors including government, IT, manufacturing, healthcare, and education, encrypts files on compromised systems and demands ransom. Despite researchers developing a decryption tool for Rhysida in February 2024, it is uncertain if the cybercriminals have since updated the malware to render the tool ineffective. The extent of file encryption or data theft in the MarineMax attack remains unclear, and further information from the company is awaited.

Read more:https://www.securityweek.com/ransomware-group-takes-credit-for-attack-on-boat-dealer-marinemax/

Source…

Hackers Are Selling Off Stolen Roku Accounts With Credit Card Details For 50 Cents Each

/in


roku compromised accounts sold online

Account credentials and personal data are hot commodities online, which often going up for sale at low prices so shady characters can move thousands of accounts quickly. This is reportedly what has happened to just over 15,000 Roku customers who had their accounts compromised due to credential stuffing attacks that occurred from December 28th, 2023, to February 21st, 2024. Thankfully, these attacks were detected and eventually halted, but not before threat actors made off with some valid information, allowing malicious data buyers to access the compromised accounts.

On January 4th this year, Roku detected and observed suspicious activity, indicating that some accounts may have been accessed without authorization. This triggered an investigation into the compromise, which found that threat actors were seemingly leveraging third-party sourced breach data and spraying those credentials against Roku to see what would work in a credential-stuffing attack. Of all the accounts attempted, 15,363 people had used the same email and password with Roku and whatever other platform was breached to gain the credentials.

The data breach notice explains that “after gaining access, [threat actors] then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.” Subsequently, Roku has moved to re-secure the compromised accounts and is stopping any unauthorized purchases or subscriptions made on the account. However, it would seem that Roku’s security team may not have caught some of these accounts, as Bleeping Computer reports that some are still available to purchase online for as low as $0.50 per account.

As such, the breach notice recommends that Roku users review all subscriptions on, and devices linked to, their accounts. Further, using a strong and unique password for accounts is good to prevent this sort of thing from happening elsewhere. If you believe you were compromised, it is also good security hygiene to monitor your credit accounts and other information just in case your identity is stolen or compromised.

(Hero Image Source: Roku)

Source…

Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar

/in


Over nearly a decade, the hacker group within Russia’s GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine’s power grids, financial system, media, and government agencies. Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.

On Tuesday, a cyberattack hit Kyivstar, one of Ukraine’s largest mobile and internet providers. The details of how that attack was carried out remain far from clear. But it “resulted in essential services of the company’s technology network being blocked,” according to a statement posted by Ukraine’s Computer Emergency Response Team, or CERT-UA.

Kyivstar’s CEO, Oleksandr Komarov, told Ukrainian national television on Tuesday, according to Reuters, that the hacking incident “significantly damaged [Kyivstar’s] infrastructure [and] limited access.”

“We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” he continued. “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war.”

The Ukrainian government hasn’t yet publicly attributed the cyberattack to any known hacker group—nor have any cybersecurity companies or researchers. But on Tuesday, a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, pointed out in a message to reporters that a group known as Solntsepek had claimed credit for the attack in a Telegram post, and noted that the group has been linked to the notorious Sandworm unit of Russia’s GRU.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems,” reads the message in Russian, addressed to Ukrainian president Volodymyr Zelenskyy and posted to the group’s Telegram account. The message also includes screenshots that appear to show access to Kyivstar’s network, though this could not be verified. “We attacked Kyivstar…

Source…

Ransomware attack takes down systems at 60 credit unions across country

/in


SALT LAKE CITY (KUTV) — Dozens of credit unions across the country are dealing with outages due to a ransomware attack.

Credit unions report the attack affected part of Trellance, a cloud computing firm used by many credit unions across the country.

At least 60 credit unions have been affected.

One credit union in New York facing outages due to the ransomware attack says online and mobile banking are down but that other services like debit cards are working normally.

The National Credit Union Association said the accounts of all customers are safe and are federally insured up to $250,000.

Recently hospitals, fuel pipelines and schools have all been disrupted by the ransomware attacks that lock up files unless someone pays up.

Source…