Archive | Cyber Threat Alert RSS for this section

Cyberattack Strikes T-Mobile and Causes a Major Data Breach Targeting 40 Million Customers

Cyber Attack Alert

More than 40 million T-Mobile customers have been hit by a US data breach, the company has admitted.

It blamed the breach on a “highly sophisticated cyberattack”.

It said it is “taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack”.

The firm said that while criminals stole personal information, no financial details were leaked as a result.

The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The US telecom giant confirmed that hackers had gained access to its systems on Monday.

“Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems,” it said.

“We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.

“We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”

The company said its investigations identified approximately 7.8 million current T-Mobile postpaid customer accounts’ information in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.

It said that approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but that it had reset all of the PINs on the accounts to protect customers.

It added that no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of customers or prospective customers.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the company said.

“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.

There is no indication yet that former UK customers of T-Mobile have been hit by the data breach.

The company’s UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

Courtesy of BBC News

https://tinyurl.com/nkvjr9c7

SolarWinds Hackers Breach US Nuclear Weapons Agency

Cyber Attack Alert

Department of Energy is responding to a cyber incident related to the SolarWinds compromise in coordination with our federal and industry partners. The investigation is ongoing and the response to this incident is happening in real-time. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network. — Shaylyn Hynes, DOE Spokeswoman

Additional background: As part of its ongoing response, DOE has been in constant communication with our industry partners, including the leadership of the energy sector Subsector Coordinating Councils, and is also in regular contact with Electricity, Oil & Natural Gas (ONG), and Downstream Natural Gas (DNG) Information Sharing and Analysis Centers (ISAC).

Nation-state hackers have breached the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE).

NNSA is a semi-autonomous government agency responsible for maintaining and securing the US nuclear weapons stockpile.

The NNSA was established by the US Congress in 2000 and it is also tasked with responding to nuclear and radiological emergencies within the Unites States and abroad.

Officials familiar with the matter told Politico that federal investigators have found evidence of hackers gaining access to US DOE and NNSA networks as part of the ongoing US govt compromise campaign.

The Federal Energy Regulatory Commission (FERC), the Office of Secure Transportation, the Richland Field Office of the DOE, and Sandia and Los Alamos national laboratories were all hit according to the report.

The hackers have mainly focused their efforts at FERC according to the DOE officials, but they did not provide more details on the incident.

This series of attacks has led to the hacking of multiple US government networks as officially confirmed by the FBI, CISA, and the ODNI for the first time in a joint statement issued earlier today.

The list of US government targets compromised so far in this campaign also includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, and the US Department of Homeland Security.

The group behind this compromise campaign, suspected to be the Russian state-sponsored APT29 (aka Cozy Bear), was present on the networks of hacked organizations for long periods of time according to a CISA alert from earlier today.

“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the agency said.

“CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

The backdoor used in these attacks, tracked as Solarigate or Sunburst, was distributed via SolarWinds’ auto-update mechanism onto the systems of roughly 18,000 customers.

SolarWinds’ customer list [1, 2] includes more than 425 US Fortune 500 companies, all top ten US telecom companies, as well as several government agencies including the US Military, the US Pentagon, the US Department of Justice, the State Department, NASA, NSA, Postal Service, NOAA, and the Office of the President of the United States.

However, CISA also said that it has “evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated.”

CISA has also issued an Emergency Directive following the string of confirmed US govt hacks asking federal civilian agencies to immediately disconnect or shut down affected SolarWinds Orion products on their networks.

Additionally, since the campaign was discovered, Microsoft, FireEye, and GoDaddy created a kill switch for the SolarWinds Sunburst backdoor that will terminate the infection on victims’ networks.

Courtesy of bleepingcomputer.com

https://tinyurl.com/y8bmbdvo

Manchester United hit by ‘sophisticated’ cyber attack but say fan data is safe

Cyber Attack Alert

Manchester United have been hit by a cyber attack on their systems but say they are not “currently aware of any breach of personal data associated with our fans and customers”.

The club, who host West Bromwich Albion at Old Trafford on Saturday, confirmed the hacking on Friday evening and said all systems needed for the match remained secure.

In a statement, United said: “Manchester United can confirm that the club has experienced a cyber attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption.

“Although this is a sophisticated operation by organised cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. Our cyber defences identified the attack and shut down affected systems to contain the damage and protect data.

“Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers.

“We are confident that all critical systems required for matches to take place at Old Trafford remain secure and operational and that tomorrow’s game against West Bromwich Albion will go ahead.”

A spokesman for the club added: “These type of attacks are becoming more and more common and are something you have to rehearse for.”

United have informed the Information Commissioner’s Office and added that forensic tracing is being carried out in an attempt to establish further detail about the attack.

Courtesy of theguardian.com

https://tinyurl.com/yxrmcvn5

Hackney Council hit by ‘serious cyber attack’ London, UK

Cyber Attack Alert

Hackney Council says it has been hit by a “serious cyber attack”, which is affecting many of its services and IT systems.

The council says it is working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

It is not year clear what type of cyber attack has hit the council or whether residents’ data has been exposed.

In a statement on the council’s website, which is still up and running, Mayor Philip Glanville said: “Our focus is on continuing to deliver essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible.

“In the meantime, some council services may be unavailable or slower than normal, and our call centre is extremely busy,” he added.

“We ask that residents and businesses only contact us if absolutely necessary, and to bear with us while we seek to resolve these issues.”

Courtesy of Sky News

https://tinyurl.com/y6drw3nw

Twitter hack: Social media giant suffers ‘huge’ billing information data breach #Twitter #Hacked #CyberAttack

Cyber Attack Alert

In a message to business owners on the platform, Twitter reported a data breach while using its advertisement and analytics platform. This meant that prior to May 20, 2020 certain details would be stored within a web browser’s cache. Web cache is whereby documents or information of the pages a user has visited are stored on the web browser.

In a message to sent to business owners on the platform, Twitter said: “We are writing to let you know of a data security incident that may have involved your personal information on ads.twiiter and analytics.twitter.

“We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter the billing information may have been stored in the browser’s cache.

“Examples of that information include, email address, phone number, last four digits of cour credit card number.”

It is not clear how many businesses were affected by the security breach.

While there has been no confirmation as to whether this was a technical breach or sophisticated attack, cyber-attacks have increased during the coronavirus lockdown.

According to the data from cybersecurity company, Darktrace, attacks aimed at home workers increased from 12 percent of malicious email to more than 60 in May.

The attacks were aimed at exploiting the uncertainty of businesses amid and employees amid the virus pandemic.

Other attacks have also pinpointed those using platform such as Zoom.

JUST IN: China accused of ‘plotting mass terrorist cyber attacks ‘

He said: “Russia and other countries – and indeed non-state actors – see the challenges that Covid has created and are trying to exploit it.

“And we’re making sure we have got the resilience, the defence and the capabilities to prevent them from doing so.

“We certainly know Russia is engaged systematically in misinformation and propaganda, through cyber and other ways.

“Others engage in the same too, China and Iran, but I don’t think it had any outcome on the electoral process in the UK.”

Courtesy of financial-press.uk

https://tinyurl.com/y7vq97sk

#Hackers disrupt #website of #Russian #Embassy in #London, #UK for 20 hours

Cyber Attack Alert

Access to the website of the Russian Embassy in London remained unreliable for almost 20 hours after unidentified ‘hackers’ targeted it with a denial-of-service attack, the diplomatic mission said.

The attack started at about 16:30GMT on Monday, a spokesperson for the embassy told the media. By 12:00 on Tuesday, embassy IT staff managed to restore access, the report said.

“An investigation into what happened is underway,” the spokesperson said, adding that Russian diplomatic staff were apologizing to anyone whose plans may have been affected by the downing of the website.

Courtesy of rt.com

https://tinyurl.com/yxqoko7k

#Facebook images broken, #Instagram and #WhatsApp struggling too

Related image

Starting at about 8:00 AM EDT, Facebook began having issues displaying any new images. At about the same time, Facebook image-sharing network, Instagram and its communications program WhatsApp began having similar problems.

Facebook wouldn’t admit to any problem for hours. In the meantime, users from around the globe are reporting issues on Twitter and DownDetector. While Facebook continues to run, people are primarily reporting that they’re unable to upload or view images.

In a statement sent just before 4 PM EDT, a Facebook representative finally addressed the elephant on the internet: “During one of our routine maintenance operations, we triggered an issue that is making it difficult for some people to upload or send photos and videos. We’re working to get things back to normal as quickly as possible and we apologize for any inconvenience.” No time has been given for a fix.

At first, when I encountered the problem, I was unable to upload new photographs. Now I find I’m unable to view many older images. I’m far from alone.

Instagram users are also struggling. Since Instagram is all about images, the site is essentially down.

WhatsApp users are in the same sinking boat. They too can’t share photos or videos.

Several hours later Facebook Messenger users also started reporting similar problems.

In theory, all these social networks and messaging services are still on different platforms. In practice, clearly, they’re at least all sharing media storage mechanisms since they’re all suffering from the same kinds of problems.

Courtesy of zdnet.com

https://tinyurl.com/y3y84sol