Security News Round-Up: Cybercriminals Launch 192,000 COVID-19 Attacks in a Week
Cybercriminals Launch 192,000 COVID-19 Related Attacks in a Week
Researchers saw a 30% increase in COVID-19 related cyberattacks, reaching an average of 192,000 per week over the past few weeks, says Tech Republic. The attacks often involve creating fake headlines promising brand new updates on the virus or even vaccines. Many of them use impersonation to pretend to be the World Health Organization or other important groups. A number of these attacks actually request donations that end up just being sent to the criminals’ bitcoin wallets, according to the article. Nearly 20,000 COVID-19 related domains were registered within the past three weeks, with a number of them being for malicious purposes.
Nearly Four Million Dating App Users’ Data Exposed
MobiFriends, a dating app based in Barcelona with nearly 4 million users, was breached in January 2019. However, the data was only recently discovered, as it was posted January of this year on the Dark Web and then altered to be free rather than for purchase, says Info Security Magazine. Included in the data are birth dates, phone numbers, web activity, usernames, MD5 hashed passwords, and email addresses. Making matters worse, the article notes, professional emails were also included in the data listed. So far, MobiFriends has yet to comment on the listening discovered by researchers and to respond to their communication efforts.
Maker of Railway Vehicles Struck by Malware
A Switzerland-based company that manufactures trains known as Stadler Rail became one of the latest victims of malware attacks, according to Security Week. Attackers made away with an amount of data that still remains unknown. The company, authorities, and a third party investigation firm are looking into the incident after Stadler Rail immediately began working to contain the incident, the article states. The criminals have threatened to publish the data if the company doesn’t pay the ransom and the type of malware used has not been revealed. The company has over 40 locations with around 11,000 employees in total, Security Week says.
Celebrity Data Exposed in Law Firm Ransomware Attack
According to Naked Security, law firm Grubman Shire Meiselas & Sacks was hit with ransomware, with attackers stealing more than 750GB of data on the firm’s celebrity clients. Amongst the stolen data were non-disclosure agreements, contact information, contracts, and more. Attackers reportedly used the REvil strain of malware to steal the data of Lady Gaga, Mariah Carey, Bruce Springsteen, Jessica Simpson, Madonna, and others, says the article. The same group has already exposed the data of a number of its passed victims who did not choose to pay the ransom as requested by the group.
LabCorp Sued by Shareholder Over Data Breaches
A LabCorp shareholder by the name of Raymond Eugenio filed a lawsuit against LabCorp along with the company’s directors and executives, according to Info Security Magazine, over two data breaches—one involving exposure of 7.7 million patients’ data and one that exposed 10,000 company documents this year. In the lawsuit, he argues that the 2020 data breach was not even disclosed or reported to the Securities and Exchange Commission. He also points out that LabCorp’s poor cybersecurity practices served as the direct cause of both incidents, the article states. LabCorp was hit with $11.5 million in remediation costs after the breach.