A Canadian city was attacked by ransomware, and the municipal government platform was paralyzed
According to the City of Westmont, the city’s email service was down due to an unexplained computer glitch that also affected other municipal services. It was later confirmed that the failure was caused by a targeted cyber attack.
Westmont Mayor Christina Smith said in a statement: “Cyberattacks are unfortunately becoming more and more prevalent and sophisticated in our society, and despite all the measures we put in place, public administrations are not completely immune to this sad reality,” Westmount Mayor Christina Smith says in a statement. “I want to reassure all Westmounters that our teams are working seriously and diligently to remedy this situation, and we will keep residents informed.” .
The LockBit 3.0 ransomware group claimed responsibility for the attack, saying they have successfully downloaded 14 megabytes of sensitive data and will release the stolen data if the ransom is not paid within the next two weeks.
Data of 5 million AirAsia passengers and employees were stolen
The internal system of Malaysia’s low-cost airline AirAsia was attacked by a ransomware group, and the personal data of about 5 million passengers and employees were leaked. It is reported that the black hand behind this cyber attack is a ransomware gang named Daixin. After successfully obtaining a large amount of internal data of AirAsia, the gang released some data samples. The stolen data included passenger ID numbers, names and booking numbers, as well as employee information, according to samples uploaded to the leaked website.
Russia’s RansomBoggs ransomware “targets” Ukrainian entities
The Hacker News website disclosed that Ukraine has suffered a new round of ransomware attacks. The Slovakian cybersecurity company ESET called the new ransomware RansomBoggs and stated that the attacks against Ukrainian entities were first discovered on November 21, 2022.
In a series of tweets last week, ESET highlighted that while the malware written in .NET is new, its deployment pattern is very similar to previous Sandworm attacks.
It is worth mentioning that the Sandworm group tracked by Microsoft as Iridium is suspected of using another ransomware called Prestige to launch a series of attacks on the Ukrainian and Polish transportation and logistics sectors in October 2022.
The RansomBoggs campaign is understood to be using a PowerShell script to distribute the ransomware that is “virtually identical” to the script used in the Industrial2 malware attack that was exposed in April.
Facebook was fined 265 million euros for leaking privacy data of 533 million users
According to news from BleepingComputer on November 28, recently, the Irish Data Protection Commission (DPC) issued a huge fine of 265 million euros (about 2 billion yuan) to its parent company Meta due to Facebook’s large-scale data breach in 2021.
In April 2021, hackers leaked the private data of 533 million Facebook users to hacker forums, including mobile phone numbers, Facebook IDs, names, genders, locations, relationships, occupations, dates of birth, and email addresses. On April 14, 2021, the DPC formally launched an investigation into Meta’s possible violations of the relevant provisions of the General Data Protection Regulation (GDPR).
World Cup-related fraud cases increased
According to Zscaler, there has been an increase in newly registered domain names related to the World Cup, although not all of them are malicious, which is also cause for concern.
There has been a surge in fake streaming sites and other scam sites claiming to offer free live streaming of World Cup matches. However, it actually redirects the user to another webpage, prompting the user to enter their bank card information. A similar streaming website template also appeared during the 2020 Tokyo Olympics.
These fake websites usually use newly registered malicious domain names, and some also abuse benign services or provide external redirection link addresses.