Booking.com attack may be widespread, ransomware operator calls it quits, and more.
Welcome to Cyber Security Today. It’s Monday, November 13th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
On my October 23rd podcast I told you about a fraudster who tried to con British security reporter Graham Cluley after he made a hotel reservation on Booking.com. What was odd is that the crook knew Cluley had made a reservation. Perhaps they hacked that one hotel? It turns out the incident may have been part of a wider cyber attack. According to a Japanese news site, hackers pretending to be travelers have been sending infected emails to Japanese hotels for a while. Compromised computers then reveal the hotels’ credentials for accessing Booking.com. That allows hackers pretending to be hotel staff to send messages to those making reservations, claiming advanced payment is required and asking for their credit card numbers. A Booking.com official told the Japanese news site that this scam is going on in other countries.
Among the people targeted by threat actors are cybersecurity reporters. One of them is American Brian Krebs. His account at the credit rating agency Experian was recently hacked. Messing up a person’s credit rating can be very painful, so it can be a good weapon. At Experian, Krebs reported last week, it seems to be relatively easy for a threat actor to create a new Experian account in someone’s name and therefore invalidate the one they created. Experian says it has a multilayered security process. But someone got around that to mess with Krebs’ account.
The operator of Ransomed.vc says they are walking away after six gang affiliates apparently were arrested. The news site The Record reports that the operator has been desperately trying for weeks to sell their ransomware builder, domain names, access to 11 breached organizations, databases of information and more. However, the operator’s final message last week suggests there were no takers. But a former FBI IT official now working in the private sector said the sale could be phony. The four-month-old Ransomed.vc claimed attacks on Sony, the state of Hawaii and more. However, several companies listed on the gang’s data leak site deny they’ve been hacked.
A cyber incident continues to affect operations at some of Australia’s biggest ports. The country’s national cyber security co-ordinator says the attack caused DP World Australia to disconnect IT systems from the internet. It may take a few days to get operations at ports in Melbourne, Sydney and Brisbane back to normal.
More American organizations are admitting they were direct or indirect of the hack of MOVEit file transfer servers. Among the latest: The state of Maine, which says the personal information of 1.3 million people was exposed. That includes names, driver’s licence numbers or non-drivers identification card numbers.
In other data breach news McLaren Health Care of Michigan, which includes 15 hospitals, is notifying over 2.1 million people that an attacker copied some of their personal data. That could have included their date of birth, Social Security number and medical condition. The incident took place between late July and late August. According to CyberNews, the BlackCat/AlphV ransomware gang has been posting what it says is data from McLaren Health care on its dark web blog.
An American union representing freight and passenger rail workers is notifying almost 63,000 members it suffered a data breach in September. The International Association of Sheet Metal Air Rail Transportation Workers is sending out notices of the data breach, which included names and Social Security numbers. The notice doesn’t detail how the data was stolen.
Cinfed Federal Credit Union of Ohio is notifying almost 58,000 depositors of a data breach. The hack took place in September. Data stolen includes names, Social Security numbers and financial account numbers.
Finally, tickets are now available for the second annual Ski and Snowboard Cybersecurity Conference north of Toronto. It will be held on Thursday, February 29th, it’s a one-day mix of winter events and presentations at The Heights Ski and Country Club near Barrie. For details go to www.thesscc.ca
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.