Scammers are sneaking up on Black Friday’s best deal hunters and targeting FIFA World Cup Qatar 2022 fans. Cyberwar is being waged in uncharted and dangerous territory. Leaks, like the massive WhatsApp user record dataset exposure, put nearly everyone in peril.
Here's this week's recap – a brief summary of leaks, hacks, and threats Cybernews observed between November 21 – November 25, 2022.
1. FIFA World Cup Qatar 2022 fans targeted with malware
The World Cup is keeping security experts on the edge. According to Zscaler’s ThreatLabz, attackers set up fake streaming sites to harbor malware and scam campaigns to target fans looking to watch their favorite team in Qatar. These cyberattacks often use lottery and gambling mechanics to entice users into giving away credit card details or personal information.
As fans are spicing up their football experience by betting, attackers are targeting popular online gambling sites.
The American sports betting company DraftKings was hit by a credential stuffing attack this Monday, costing their customers up to $300,000. The common denominator for all hijacked accounts seems to be an initial $5 deposit.
The attackers then followed by changing the password, enabling two-factor authentication (2FA) on a different phone number, and withdrawing as much cash as possible from the victims' linked bank accounts. DraftKings intends to return all stolen money to the clients’ accounts.
2. Massive WhatsApp leak
How come whenever a dataset of social platform user records surfaces on the dark web, it always exposes data of somewhere around 500 million people?
We saw it happening with Facebook, LinkedIn, and now Meta-owned WhatsApp being under the spotlight, as a threat actor is selling a 2022 database of 487 million WhatsApp user mobile numbers from 84 countries.
A data sample investigated by Cybernews likely confirms this to be true. The threat actor told Cybernews they were selling the US dataset for $7,000, the UK’s – for $2,500, and Germany’s – for $2,000.
Such information is mostly used by attackers for smishing and vishing attacks, so we recommend users to remain wary of any calls and messages from unknown numbers.
3. Black Friday nightmare
Black Friday's best deals hunt, while exciting, might also be incredibly dangerous as fraudsters gang up on unattentive shoppers and e-commerce sites with lousy security practices.
There are so many things to be cautious about – from credit card thefts to fakes.
Zscaler ThreatLabz warned about threat actors targeting retailers in the US, UK, Australia, and Canada. They infect popular online stores with skimmer codes designed to capture credit card information. Get in touch with your payment card or banking authority in case you notice any suspicious payment with your credit card.
Another research by a privacy organization Incogni warned that many shopping apps are anything but harmless since many of them hold access to your location data, texts, contacts, and the audio recording function.
4. Cyberwar in full swing
This was an eventful week indeed, especially for the European Parliament, as their website got hit by a cyberattack from a pro-Kremlin threat actor group Killnet. Threat actors employed a DDoS attack to hit the website on Wednesday, briefly taking it down. Killnet carried out the attack after the European Parliament declared Russia “a state sponsor of terrorism.”
Another stellar example of how cyberwar causes collateral damage comes from the dark web, which is full of data leaks containing sensitive data of critical infrastructure companies, including nuclear facilities. Hacktivists and threat actors leverage this war to widen their attack surface, and nuclear facilities from Russia to South Africa are lucrative targets.
5. FBI joins the investigation into the Continental attack
This week, the FBI (Federal Bureau of Investigation) joined an investigation into a ransomware attack on Continental. The German tire and car parts company refused to pay the ransom, and so now, the notorious ransomware gang LockBit 3.0 is selling its data for $50 million.
Recently, Canadian authorities arrested Mikhail Vasiliev, a 33-year-old Russian national suspected of having ties with the notorious LockBit ransomware cartel. Vasiliev was no small catch, as Europol believes the Russian national’s ransom demands ranged between €5 to €70 million.
Cybernews sat down with experts to discuss whether individual arrests of LockBit affiliates can shake the foundation of the notorious ransomware cartel.
Subscribe to our newsletter