Cyber threats continue to evolve this week as attackers target huge ticketing platforms, stealing hundreds of millions of people’s information. Large social media platforms like TikTok were also vulnerable to cyber issues this week. TCE Cyberwatch continues to ensure the highlights of the cybersecurity industry are conveyed to our readers. And remember, vigilance is important.
Staying informed on what could affect you as well as knowing of the measures that are being taken is essential.
TCE Cyberwatch: Weekly Round-Up
Free Office Suite Turns Malicious: Pirated Downloads Spreading Malware in South Korea
South Korean researchers have found that pirated copies of productivity software like Microsoft Office and Hangul Word Processor are being used to spread malware. This malware maintains persistence by regularly updating itself, often several times a week. Distributed through file-sharing platforms, these malicious copies appear as cracked installers. Attackers use Telegram or Mastodon channels to provide encrypted instructions leading to malicious payloads hosted on Google Drive or GitHub.
The malware includes strains like OrcusRAT, XMRig Cryptominer, 3Proxy, and PureCrypter, which perform various malicious activities, including keylogging, cryptomining, and disabling security products. The malware’s ability to update and re-infect systems makes it difficult to remove. Researchers urge users to download software from official sources and update antivirus programs to prevent infection. Read More
Spanish Police Bust Illegal Streaming Network Serving 14,000 Subscribers
Spanish police dismantled an illegal media distribution network that had generated over 5.3 million euros since 2015. The operation began in November 2022 after a complaint from the Alliance for Creativity and Entertainment (ACE), targeting the IPTV service ‘TVMucho’ (also known as ‘Teeveeing’). TVMucho/Teeveeing, with over 4 million visits in 2023, offered over 125 channels, including BBC and ITV.
Eight individuals were arrested across various cities, and authorities seized a vehicle, and computers, and froze 80,000 euros in bank accounts. Sixteen related websites were blocked. The network, led by Dutch nationals, decrypted and distributed content from over 130 channels. The crackdown disrupted a service with 14,000 subscribers, causing significant financial damage to content creators. Read More
Millions at Risk: Ticketmaster Confirms Huge Data Breach
Live Nation, Ticketmaster’s parent company, confirmed a data breach after hackers claimed to have stolen personal details of 560 million customers. The breach was disclosed in a U.S. Securities and Exchange Commission (SEC) filing. Live Nation detected unauthorized activity in a third-party cloud database on May 20, 2024, and began an investigation. The company is mitigating risks, notifying affected users and regulatory authorities, and cooperating with law enforcement.
The stolen data was hosted on Snowflake, a cloud storage firm. Snowflake and cybersecurity firms CrowdStrike and Mandiant are investigating, attributing the breach to identity-based attacks exploiting compromised user credentials. Recommendations include enforcing multi-factor authentication and resetting credentials. Live Nation asserts the breach has not significantly impacted its business operations. Read More
COVID Relief Fraud Busted: $5.9 Billion Botnet Scheme Unraveled
The DOJ charged Chinese national YunHe Wang with operating the “world’s largest botnet,” which stole $5.9 billion in Covid relief funds. Wang allegedly used the 911 S5 botnet to hack over 19 million IP addresses in nearly 200 countries from 2014 to 2022. The botnet also engaged in other crimes like fraud and harassment. Wang, who profited at least $99 million, faces up to 65 years in prison.
The DOJ, FBI, and international law enforcement dismantled the network and arrested Wang. The U.S. has been increasingly concerned about sophisticated cyber threats, particularly from China. In January, the FBI dismantled another Chinese hacking group targeting U.S. infrastructure. Wang’s arrest follows Treasury Department sanctions on him and his associated companies. Read More
Poland Boosts Cybersecurity with $760 Million Investment After Suspected Russian Attack
Poland will invest over 3 billion zlotys ($760 million) to enhance cybersecurity following a likely Russian cyberattack on state news agency PAP. With European Parliament elections imminent, Poland is vigilant against Moscow’s interference, especially after a false military mobilization article appeared on PAP. Poland, a key supporter of Ukraine, frequently accuses Russia of destabilization attempts, claims Russia denies.
Digitalization Minister Krzysztof Gawkowski announced the “Cyber Shield” initiative and highlighted Poland’s frontline position in the cyber conflict with Russia. Recent cyberattacks on critical infrastructure were blocked, reinforcing concerns about Russia’s intent to destabilize and benefit anti-EU forces. Poland has linked Russia to sabotage and espionage activities, prompting the re-establishment of a commission to investigate Russian influence. Read More
Russia Accused of Spreading Misinformation Ahead of European Parliament Elections
European governments accuse Russia of spreading misinformation ahead of the European Parliament elections from June 6-9. Alleged tactics include amplifying conspiracy theories, creating deepfake videos, and cloning legitimate websites to disseminate false information. The Czech Republic identified a pro-Russian influence operation led by Viktor Medvedchuk, while Belgium accused Russian officials of bribing EU lawmakers to promote propaganda.
Russia denies these accusations, claiming the West is waging an information war against it. European leaders, like Ursula von der Leyen, stress the importance of resisting authoritarian influence. The EU’s Digital Services Act mandates the removal of illegal content and transparency in content aggregation. Tech giants like Meta, Google, and TikTok are implementing measures to counter election-related disinformation. Read More
Deepfakes Target Businesses: $25 Million Scam Exposes AI’s Dark Side
Deepfake scams are increasingly targeting companies worldwide, exploiting generative AI for fraud. In a major case, a Hong Kong finance worker was deceived into transferring over $25 million to fraudsters using deepfake technology to pose as colleagues. UK engineering firm Arup confirmed involvement in this case, emphasizing a rise in such sophisticated attacks. OpenAI’s ChatGPT has popularized generative AI, lowering the barrier for cybercriminals. AI services can generate realistic text, images, and videos, aiding illicit activities.
Deepfake incidents have targeted financial employees, leading to substantial financial losses. Companies fear deepfakes could manipulate stock prices, defame brands, and spread misinformation. Cybersecurity experts recommend enhanced staff education, testing, and multi-layered transaction approvals to mitigate risks, stressing that cybercrime will likely escalate before effective defences are developed. Read More
Up to 7 Years Jail for Deepfake Porn in Australia: New Laws Crack Down on Online Abuse
Proposed new Australian laws will impose up to six years in jail for sharing non-consensual deepfake pornographic images, and seven years for creating them. Attorney General Mark Dreyfus will introduce the legislation to make it illegal to share these images via any platform. Dreyfus condemned the harmful nature of such material, which predominantly affects women and girls.
The laws aim to update legal protections in line with technological advances. Currently, creating such images isn’t illegal under federal law, but the new bill expands existing laws on using technology to commit crimes. The legislation also seeks to curb technology-facilitated abuse and will include measures addressing doxing and reviewing the Online Safety Act. These changes are part of efforts to combat violence against women. Read More
Zero-Click Hack Hits TikTok: High-Profile Accounts Hijacked
Recently, hackers exploited a zero-day vulnerability in TikTok’s direct messaging feature to take over high-profile accounts without victims needing to download anything or click links. This flaw, unknown to the software makers, allowed control of accounts belonging to CNN, Sony, and Paris Hilton.
TikTok’s security lead, Alex Haurek, stated that they are working to prevent future attacks and restore affected accounts. Although only a few accounts were compromised, TikTok has not specified the numbers. Read More
Wrap Up
This week has shown the multiple vulnerabilities in even the biggest and assumed to be highly protected companies. Like always, there are tensions surrounding cyber issues in the world of politics as well.
We over here at TCE hope that our readers know of the measures to be taken if ever affected by these breaches or hacks, as well as knowing the signs to look out for so as to not fall victim to cyberattacks. We are happy to see nations investing in the betterment of cyber security for their people.
