Cyber Bits · · 3 min read

Cyber Bits: July 8, 2024

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster struggling with a ransomware incident, hackers leaking Twilio data, and Cobalt Strike servers being shutdown by the feds.

Cyber Bits: July 8, 2024

Apologies to everyone for missing last week! It was a bit of a weird one with a storm BERYLing in (see what we did there?). In all seriousness though, we're thinking of everyone and their families across Caribbean that weren't as lucky as we were here in Cayman.

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster still struggling with recovering from a ransomware incident, hackers were able to associate and leak phone numbers to Twilio accounts, and malicious Cobalt Strike servers being shutdown by the feds.

Cloudflare BGP Hijacking Incident

Link: Bleeping Computer

Cloudflare attributed a recent outage to a Border Gateway Protocol (BGP) hijacking, disrupting services for many users. For those unfamiliar with a BGP, Cloudflare describes it as the postal service of the Internet, choosing the most efficient way to get data from one point to the next. This incident underscores the vulnerability of Internet-facing infrastructure to BGP misconfigurations and malicious activities.

Eldorado Ransomware Targeting VMs

Link: Bleeping Computer

The new Eldorado ransomware is actively targeting Windows and VMware ESXi virtual machines, emphasizing the growing threat to virtual environments. This new Ransomware as a Service (RaaS) variant leverages Go, allowing it to encrypt both Windows and Linux platforms through two distinct variants. Eldorado encrypts based on the specified drives, filetypes, and paths the attackers want (for Windows systems).

Ticketmaster Extortion Escalation

Link: Bleeping Computer

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift concert tickets and demanded a $2 million ransom to prevent further leaks. The attackers, known as ShinyHunters, previously sold data on millions of Ticketmaster customers. Ticketmaster confirmed that their SafeTix technology, which refreshes barcodes every few seconds, prevents the stolen tickets from being used. The company has not engaged in ransom negotiations and disputes claims of offering $1 million to delete the data.

Twilio's Authy App Exposes Phone Numbers

Link: The Hacker News; Twilio

Hackers accessed data related to Authy accounts by taking advantage of an unauthenticated endpoint, leading to phone numbers associated to accounts being published online by ShinyHunters. Twilio has secured the endpoint and advises users to update their Authy apps and state they will remain vigilant against phishing and smishing attacks. Despite the leak, there is no evidence of unauthorized access to Twilio’s systems or other sensitive data.

Global Police Operation Shuts Down Cybercrime Network

Link: The Hacker News

A coordinated international police operation, dubbed MORPHEUS, has successfully shut down nearly 600 servers linked to cybercriminal activities using the Cobalt Strike tool. The crackdown involved authorities from multiple countries, targeting illegal versions of the penetration testing software frequently misused by cybercriminals for ransomware and espionage. This operation highlights the global effort to combat cybercrime by dismantling infrastructure used for large-scale attacks and preventing further exploitation by malicious actors.

Read next

Cyber Bits: June 24, 2024
Cyber Bits ·

Cyber Bits: June 24, 2024

This week - VMware's urgent security patches, a UEFI vulnerability in Intel PCs, US sanctions on Kaspersky, ransomware attacks on old Android phones, and a breach of 1,590 crypto wallets by North Korean hackers. Stay updated with the latest cybersecurity news and tips.

Cyber Bits: June 17, 2024
Cyber Bits ·

Cyber Bits: June 17, 2024

London hospitals canceled 800+ operations due to ransomware, fake Chrome errors trick users into running malicious scripts, KeyTronic confirms a data breach after ransomware leaks, high-severity vulnerabilities affect ASUS routers, and Microsoft announces new security changes for Outlook.