Activision games confirmed a significant amount of sensitive employee information was compromised after a successful SMS phishing attack caused a December data breach. In other cybersecurity news, web hosting company GoDaddy has struggled to contain malware that was introduced during a data breach and has caused redirects since December.
Hacktivists target Scandinavian Airlines in cyberattack
Scandinavian Airlines faced outages on both their website and mobile app after falling victim to a cyberattack that temporarily allowed active system users to view some personally identifiable information (PII) of other active users. Fortunately, Scandinavian Airlines doesn’t store excessive data on their customers. That means the impact of any potentially leaked data would be minimal, though the threat of phishing attacks is still present. The hacktivist group known as ‘Anonymous Sudan’ is taking credit for the attack, and claim it was done in response to a political protest last month in Sweden.
Europol shuts down BEC (Business Email Comprise) scammer group
A coordinated effort between multiple law enforcement agencies across Europe has finally concluded with the takedown of a highly prolific BEC scammer group, with most arrests in France and Israel. Amongst the asset seizures by police were high-end vehicles and millions of dollars from bank accounts in at least 5 different countries. This group is most known for their attack on a Parisian real estate firm, which netted them ~$41 million by impersonating a lawyer from a local accounting group.
HardBit ransomware 2.0 negotiates ransoms that will be covered by cyberinsurance
The newest version of HardBit ransomware now drops a ransom note that requests a negotiation to determine if the victim has cyberinsurance and sets the ransom amount according to their ransomware coverage policy. This odd turn is coming at a time where the total number of ransomware payouts is at an all-time low, but the amounts being paid per attack is on the rise. While HardBit does encrypt the victim’s entire system, they don’t currently have a leak site for uploading any stolen information. This goes along with their scheme of only trying to hurt the insurance corporations and not the initial victim.
Activision reveals December data breach
Almost 3 months after hackers were able to successfully gain access to internal systems by way of an SMS phishing attack, officials for Activision are finally confirming that a significant amount of sensitive employee information was compromised. The initial intrusion occurred on December 2, when the hackers compromised an employee’s Slack account and used it to send malicious links to other employees, along with stealing documents from an HR (Human Resources) team member. It is believed that Activision’s entire content release calendar was among the stolen documents and could show future game releases up to November of 2023.
Breach leaves malware on GoDaddy servers
Officials for the web hosting company, GoDaddy, have recently confirmed that the redirects their customers have been dealing with since December are the result of malware that was dropped on their servers during a breach. The investigation has revealed that the initial attack vector was the use of formerly compromised user credentials and would have used the hosting service to spread additional malware and phishing campaigns to many GoDaddy customers and their site visitors.
