Cyber Bits · · 3 min read

Cyber Bits: July 8, 2024

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster struggling with a ransomware incident, hackers leaking Twilio data, and Cobalt Strike servers being shutdown by the feds.

Cyber Bits: July 8, 2024

Apologies to everyone for missing last week! It was a bit of a weird one with a storm BERYLing in (see what we did there?). In all seriousness though, we're thinking of everyone and their families across Caribbean that weren't as lucky as we were here in Cayman.

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster still struggling with recovering from a ransomware incident, hackers were able to associate and leak phone numbers to Twilio accounts, and malicious Cobalt Strike servers being shutdown by the feds.

Cloudflare BGP Hijacking Incident

Link: Bleeping Computer

Cloudflare attributed a recent outage to a Border Gateway Protocol (BGP) hijacking, disrupting services for many users. For those unfamiliar with a BGP, Cloudflare describes it as the postal service of the Internet, choosing the most efficient way to get data from one point to the next. This incident underscores the vulnerability of Internet-facing infrastructure to BGP misconfigurations and malicious activities.

Eldorado Ransomware Targeting VMs

Link: Bleeping Computer

The new Eldorado ransomware is actively targeting Windows and VMware ESXi virtual machines, emphasizing the growing threat to virtual environments. This new Ransomware as a Service (RaaS) variant leverages Go, allowing it to encrypt both Windows and Linux platforms through two distinct variants. Eldorado encrypts based on the specified drives, filetypes, and paths the attackers want (for Windows systems).

Ticketmaster Extortion Escalation

Link: Bleeping Computer

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift concert tickets and demanded a $2 million ransom to prevent further leaks. The attackers, known as ShinyHunters, previously sold data on millions of Ticketmaster customers. Ticketmaster confirmed that their SafeTix technology, which refreshes barcodes every few seconds, prevents the stolen tickets from being used. The company has not engaged in ransom negotiations and disputes claims of offering $1 million to delete the data.

Twilio's Authy App Exposes Phone Numbers

Link: The Hacker News; Twilio

Hackers accessed data related to Authy accounts by taking advantage of an unauthenticated endpoint, leading to phone numbers associated to accounts being published online by ShinyHunters. Twilio has secured the endpoint and advises users to update their Authy apps and state they will remain vigilant against phishing and smishing attacks. Despite the leak, there is no evidence of unauthorized access to Twilio’s systems or other sensitive data.

Global Police Operation Shuts Down Cybercrime Network

Link: The Hacker News

A coordinated international police operation, dubbed MORPHEUS, has successfully shut down nearly 600 servers linked to cybercriminal activities using the Cobalt Strike tool. The crackdown involved authorities from multiple countries, targeting illegal versions of the penetration testing software frequently misused by cybercriminals for ransomware and espionage. This operation highlights the global effort to combat cybercrime by dismantling infrastructure used for large-scale attacks and preventing further exploitation by malicious actors.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.