12 days of CyberChristmas

The night of January 11 may have been silent, but it definitely was not holy when a China-based social media management company, Socialarks, suffered a data breach from an inadequately protected database. This lead to the accounts and PII of nearly 214 million users of social media giants such as Facebook, Instagram and LinkedIn being exposed. This PII leak included tens of millions of email IDs, phone numbers, addresses, usernames, profile pictures, and other sensitive information.

It was no joy to the world when the California DMV's Seattle-based billing contractor Automatic Funds Transfer Services (AFTS) was subjected to a ransomware attack. The data breach exposed the personal information from the last 20 months of California vehicle registration records, including names, addresses, license plate numbers, and vehicle identification numbers (VINs).

The DMV said that it has since stopped all data transfers to AFTS and has also initiated an emergency contract to prevent any downtime. AFTS is widely used around the United States to process payments and invoices, and several other municipalities have confirmed that the data breach may not have been limited to the California DMV.

Four zero-day exploits in the on-premises version of Microsoft Exchange Server gave hackers full access to email IDs and passwords along with administrator privilege on affected servers. They installed a backdoor, giving themselves entry to impacted servers, even after they were updated and invulnerable to the original attack. The data breach is said to have impacted over 18,000 organizations worldwide, with over 250,000 servers falling victim to the attack.

It was shown that hackers will live forever more when LinkedIn was yet again attacked and over 500 million user profiles were discovered on the dark web. Hackers sold 2 million of these records for only $2 to declare the authenticity of this stolen data. The stolen information included a variety of PII such as user names, email addresses, contact numbers, job profiles, and links to other social media applications.

Colonial Pipeline, a Houston-based jet fuel and gasoline provider for the eastern US, was victim of a hacking campaign carried out by DarkSide. As a result, the company was forced to halt all pipeline operations to contain the damage. The attackers demanded a ransom of 75 Bitcoins (approximately $4 million) in exchange for nearly 100GB of stolen data. As a result, gas prices rose by six cents per gallon and there was a shortage of gas due to panic buying.

New York City's law department was hacked and thousands of lawyers were locked out of their accounts. Hackers used a user's login credentials to break into the law department's network. The department immediately disconnected the affected devices from the city's network to avoid further damage. However, lawyers expressed concern since the law department holds access to sensitive data such as evidence, personal information of thousands of people, medical records, and Social Security numbers.

It was no tidings of comfort or joy when the National Security Agency (NSA) warned that the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, has been performing password spray attacks on US and other foreign agencies using a Kubernetes cluster. The NSA says that the attackers perform brute-force attacks through TOR and VPN services in an attempt to hide the origin of the attack. Once they gain access, they move laterally through the network and deploy a reGeorg webshell to remain anonymous and steal data.

IT giant Accenture could not go tell it on the mountain when LockBit, a ransomware group, used credentials stolen during the Accenture cyberattack to their advantage. The group compromised an airport that was using Accenture software and encrypted its systems. Initially, Accenture denied these claims but LockBit said that it had collected sufficient data to breach some of Accenture's clients. LockBit imposed a ransom of $50 million to stop the leak of 6TB of data.

Researchers with WebsitePlanet and security researcher Jeremiah Fowler discovered an unprotected database that contained fitness and sleep records of 61 million Fitbit and Apple users. Cybercriminals could literally see when affected users were sleeping and know when they're awake. The unprotected database belonged to GetHealth, an online and mobile tool that provides a unified platform to access health and wellness data from hundreds of wearables, medical devices, and apps.

Taiwanese electronic giant Acer suffered a major ransomware attack by a group of hackers called Desorden. The hackers claimed to have stolen over 60GB worth of data that included sensitive information about millions of Acer's clients including phone numbers, names, corporate financial data, and other personally identifiable information. This attack came not long after Acer was a victim of another ransomware attack by REvil during which the attackers demanded a $50 million ransom.

A cyberattack on Iran's second-largest airline, Mahan Air, has been reported by the Iranian state media. Though the airline's flight schedule was not affected by the attack, its official website was down. Officials said that the airline has been targetted on multiple occasions due to the country's important position in the aviation industry.

Domain registrar and web hosting giant GoDaddy was subjected to a cyberattack, and close to 1.2 million WordPress accounts were reported to be compromised. The Arizona-based company disclosed the breach in an SEC filing and confirmed that sensitive data including usernames, passwords, email addresses, and private SSL keys were stolen.