Hacker Tracker | March in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

1. Samsung confirms Galaxy source code breach but says no customer information was stolen | 3.7.22

  • Samsung on Monday confirmed that the company recently suffered a cyberattack, but said that it doesn’t anticipate any impact on its business or customers.
  • South American hacking group Lapsus$ claimed it had stolen 190GB of confidential data, including source code, from the South Korean tech giant’s servers. The group also posted snapshots of the alleged data online.
  • However, Samsung confirmed while there was a cybersecurity breach, no personal client data was stolen.
  • Samsung did confirm that some employee credential and proprietary information was stolen, but also said it doesn’t expect disruption to its business.
  • View the Source

2. Automotive giant Denso confirms hack, Pandora ransomware group takes credit | 3.14.22

  • The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso supplies Toyota, General Motors, and Honda, etc.
  • Denso reported that someone had “illegally accessed”the firm’s network. When the intrusion was detected, they cut off the connection. 
  • While the incident is under investigation, Denso says that there is “no impact” on other facilities and no disruption has been caused to production plants or manufacturing schedules. 
  • The Pandora ransomware group has claimed responsibility. The group’s leak site, accessed by ZDNet via Kela’s Darkbeast engine, claims that 1.4TB of data has been stolen. 
  • View the Source

3. These fake crypto wallets want to steal from iPhone and Android users | 3.25.22

  • Cyber criminals are attempting to steal cryptocurrency from Android and iPhone users by luring them into downloading malicious apps posing as cryptocurrency wallet services. 
  • Cybersecurity researchers have identified over 40 copycat websites designed to look like those of popular cryptocurrency websites, but that actually trick users into downloading fake versions of the apps containing trojan malware.
  • The attackers use online advertising, posted to legitimate cryptocurrency and blockchain-related websites, to direct traffic to the malicious cryptocurrency wallet downloads. 
  • The criminals behind the attacks also use messaging app Telegram to search for affiliates to help spread the malware, with some of these links also being shared in Facebook groups, complete with step-by-step video tutorials on how the fake wallets work and how to steal cryptocurrency from victims. 
  • View the Source

Lessons Learned:

#1- From the Samsung attack, we are reminded that sensitive information is at risk as both a customer, and as an employee, regardless of which company you’re purchasing from or working for. It is as important as ever to be selective about sharing any unnecessary personal information with any company. 

#2- Large brands continue to be targets of cybercriminals, for obvious reasons (hint: more money to be stolen in ransom demands). However, we are also reminded that companies and IT security companies are continuing to evolve in their ability to continue operations in light of an attack on their organization. Such was the case with Denso, which, while admitting to be the victims of an attack, was able to leave customers unaffected by continuing normal operations. Working with a qualified IT security company allows organizations to have a contingency plan in place should an attack happen, which raises the likelihood they’ll be able to stay operational while an attack and investigation are underway.  

#3- In addition to the Samsung attack (#1), we are following a trend of targeting cell phone users, both Apple and Android. In today’s world, it is not uncommon for individuals to store sensitive financial information on their phone, in addition to financial apps such as banking apps, stock apps, and more. This is an important time to remind everyone of the importance of securing sensitive financial data and always use multi-factor authentication on financial apps and website logins. Especially in the case of cellphones, if you lose the device, you want to make it as difficult as possible for someone else to log in to your accounts. We talk more about the importance of multi-factor authentication here.

Questions? Contact PK Tech here.