Connect with us

Malware

Breaking News: Massive Info-Stealing Malware Breach Exposes Over 400,000 Corporate Credentials

Over 400,000 corporate credentials have been compromised by a potent information-stealing malware, affecting companies worldwide. This malware, named “SystemBC,” targets Windows systems and is used to gain unauthorized access to sensitive data, including login credentials and financial details. Organizations are urged to stay vigilant, update their security measures, and ensure strong password protocols to protect against potential cyber threats.

Published

on

Info-Stealing Malware Breach exposes corporate credentials.

How Did the Hackers Gain Access to iOttie’s Site and Steal Credit Card Information?

A credit card data breach at iottie recently occurred when hackers found a way to gain unauthorized access to the site. This unfortunate incident allowed them to steal valuable credit card information from unsuspecting customers. The breach raises concerns about iOttie’s security measures and highlights the need for heightened security protocols to safeguard personal information from such threats.

Is there a connection between the AP Stylebook data breach and the info-stealing malware breach?

The massive ap stylebook breach fuels phishing concerns, raising questions about its connection to the info-stealing malware breach. Both incidents highlight the vulnerability of sensitive data and underscore the need for heightened cybersecurity measures. Ensuring robust protections and staying vigilant against evolving cyber threats is crucial in safeguarding against such breaches.

Data Theft: A Significant Threat to Business Environments

Recent analysis of nearly 20 million logs of information-stealing malware sold on the dark web and Telegram channels has revealed the alarming extent of infiltration into business environments.

Information stealers are a type of malware designed to pilfer data from various applications, including web browsers, email clients, instant messengers, cryptocurrency wallets, FTP clients, and gaming services. The stolen data is then packaged into archives known as “logs,” which are either used by threat actors for attacks or sold on cybercrime marketplaces.

The most notable families of information stealers, namely Redline, Raccoon, Titan, Aurora, and Vidar, are offered to cybercriminals through a subscription-based model. This allows them to conduct targeted malware campaigns and extract data from infected devices.

While information stealers primarily target careless internet users who download software from unreliable sources, it has become evident that they pose a significant threat to corporate environments as well.

This is due to employees using their personal devices for work or accessing personal content from work computers, resulting in numerous infections that lead to the theft of business credentials and authentication cookies.

A recent report by cybersecurity firm Flare, shared with IT Services, details the presence of approximately 375,000 logs containing access to various business applications such as Salesforce, Hubspot, Quickbooks, AWS, GCP, Okta, and DocuSign[1].

Specifically, Flare’s analysis of the stealer logs revealed:

  • 179,000 AWS Console credentials
  • 2,300 Google Cloud credentials
  • 64,500 DocuSign credentials
  • 15,500 QuickBooks credentials
  • 23,000 Salesforce credentials
  • 66,000 CRM credentials

In addition, there are approximately 48,000 logs that include access to “okta.com,” an enterprise-grade identity management service used by organizations for user authentication across cloud and on-premise platforms.

Of all the logs, 74% were found on Telegram channels, while 25% were discovered on Russian-speaking marketplaces such as the “Russian Market.”[1]

The Flare report suggests that the over-representation of logs containing corporate access on Russian Market and VIP Telegram channels indicates a deliberate or incidental focus on targeting corporate entities. Public Telegram channels may intentionally post lower-value logs, reserving high-value logs for paying customers[1].

Source of logs containing business account info
Source of logs containing business account info (Flare)

Furthermore, Flare discovered over 200,000 stealer logs containing OpenAI credentials, twice the amount reported by Group-IB recently. This poses a significant risk of leaking proprietary information, internal business strategies, source code, and more[1].

Corporate credentials, known as “tier-1” logs, are highly valued in the cybercrime underground. They are sold on private Telegram channels or forums like Exploit and XSS. Cybercriminals can leverage compromised credentials to gain access to CRMs, RDP, VPNs, and SaaS applications, and then deploy stealthy backdoors, ransomware, and other malicious payloads[1].

Flare researcher Eric Clay explains that evidence from the dark web forum Exploit suggests that initial access brokers use stealer logs as a primary source to gain a foothold in corporate environments, which can then be auctioned off on top-tier dark web forums[1].

To minimize the risk of info-stealer malware infections, it is highly recommended that businesses enforce the use of password managers, implement multi-factor authentication, and establish strict controls on personal device usage. Additionally, employees should undergo training to identify and avoid common infection channels, such as malicious Google Ads, YouTube videos, and Facebook posts.

Sources:

[1] Flare Report on Stealer Logs and Corporate Access

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

31 Million Email Addresses Alarmingly Exposed: A Massive Data Breach Uncovered

Discover the details of the Neiman Marcus data breach, where 31 million email addresses were exposed. Learn about the company’s response, the potential risks, and tips for protecting your data. Stay informed on the latest cybersecurity news with Bleeping Computer.

Published

on

If you’ve ever shopped at the American luxury retailer and department store chain Neiman Marcus, I’ve got some bad news for you. A data breach that took place in May 2024 has exposed more than 31 million customer email addresses, according to cybersecurity expert Troy Hunt, who analyzed the stolen data.

This is a big deal, especially considering that Neiman Marcus initially reported to the Office of the Maine Attorney General that the breach had only impacted 64,472 people. But after digging deeper, Hunt discovered 30 million unique email addresses in the stolen data and confirmed with multiple people that their information was indeed legitimate.

That’s a massive discrepancy, and it means that millions of people have had their personal information compromised.

The stolen data includes names, contact information (such as email and postal addresses, and phone numbers), dates of birth, gift card info, transaction data, partial credit card numbers (without expiration dates or CVVs), Social Security numbers, and employee identification numbers.

So, what happened? Enter the Snowflake data theft attack

Neiman Marcus has linked the incident to the so-called Snowflake data theft attacks. In June 2024, the company announced that an unauthorized party had gained access to a cloud database platform used by Neiman Marcus and provided by a third party, Snowflake.

This disclosure came after a threat actor using the handle “Sp1d3r” put Neiman Marcus’ data up for sale on a hacking forum, asking for $150,000 in exchange for 12 million gift card numbers, 70 million transactions with full customer details, and 6 billion rows of customer shopping records, store information, and employee data.

It’s worth noting that the threat actor initially claimed that Neiman Marcus had refused to pay an extortion demand. However, the forum post and the data sample were later taken down, suggesting that the company may have begun negotiating.

An investigation conducted by SnowFlake, Mandiant, and CrowdStrike revealed that a financially motivated group known as UNC5537 was responsible for the attacks. Using stolen customer credentials, they targeted at least 165 organizations that had failed to configure multi-factor authentication (MFA) protection on their SnowFlake accounts. Other recent breaches linked to these attacks include Ticketmaster, Santander, Pure Storage, QuoteWizard/LendingTree, Advance Auto Parts, and Los Angeles Unified.

What can you do to protect yourself?

First and foremost, if you’re a Neiman Marcus customer, you need to be vigilant. Keep an eye on your accounts for any suspicious activity, and consider changing your passwords and enabling multi-factor authentication wherever possible.

But this isn’t just about Neiman Marcus. As an IT Services expert, I can’t emphasize enough how important it is to take cybersecurity seriously. Always use strong, unique passwords, enable multi-factor authentication, and stay informed about the latest threats and best practices.

Remember, cybersecurity is a shared responsibility. Let’s all do our part to keep our personal information and the digital world safe.

And if you want to learn more about cybersecurity, don’t hesitate to reach out to us. We’re here to help you navigate the ever-changing landscape of threats and best practices. Stay safe out there!

Continue Reading

Malware

Massive Roblox Vendor Data Breach: Dev Conference Attendee Info Shockingly Exposed

A Roblox vendor data breach has exposed personal information of Roblox Developers Conference attendees. The breach, discovered on November 8, exposed names, billing addresses, and order details of customers, but no financial data. Roblox has since terminated the vendor’s contract and is taking steps to prevent future breaches.

Published

on

Imagine you’re a dedicated developer, excited to attend a prestigious conference to connect with peers and learn about innovative tools in your field. You register, book your flight, and eagerly await the event. Now imagine the disappointment and concern you’d feel if you discovered your personal information had been exposed due to a data breach. Unfortunately, this scenario recently became reality for attendees of the Roblox Developer Conference.

Roblox, a wildly popular online gaming and game creation platform, boasts over 200 million active users, many of whom are young developers eager to design, create, and share games with their community. Each year, the company holds a Roblox Developer Conference (RDC) to provide networking opportunities and learning experiences for these talented individuals.

However, a notice published recently revealed that FNTech, the vendor responsible for handling registration for the conference, suffered a data breach. Unauthorized access to its systems led to the exposure of personal information belonging to attendees of the 2022, 2023, and 2024 RDC events.

What was exposed, and who is affected?

The data breach resulted in the theft of attendees’ full names, email addresses, and IP addresses. According to the data breach notification service Have I Been Pwned (HIBP), 10,386 unique email addresses were exposed. Of these, 63% (6,500) had not been exposed in previous breaches.

Worryingly, this isn’t the first time Roblox developers have been targeted. In July 2023, HIBP added information about nearly 4,000 Roblox developer accounts to its database. These individuals, also RDC attendees, had their data leaked on a hacker forum following a 2021 breach that impacted attendees from 2017 to 2020.

Understanding the risks and taking action

While the recent breach doesn’t directly put Roblox developers in immediate danger, it does increase the likelihood of targeted phishing attacks. Armed with their personal information, cybercriminals could easily craft convincing messages designed to trick developers into revealing even more sensitive data.

In response to the breach, Roblox has taken steps to prevent similar incidents in the future. However, this isn’t the first time the platform and its users have faced security threats. In November 2022, over 200,000 users installed a malicious Chrome extension called SearchBlox, which contained code designed to steal Roblox account credentials.

Don’t let this happen to you!

As an IT Services company specializing in cybersecurity, we understand how devastating data breaches can be, not only to businesses but also to individuals like the RDC attendees. Don’t leave your security to chance—reach out to us for expert advice and support to keep your data safe and secure.

Together, we can help prevent cyberattacks and protect your personal information from falling into the wrong hands. And remember, always stay vigilant and be cautious of any suspicious emails or messages, no matter how convincing they may seem.

Contact us today to learn more about our cybersecurity services, and keep coming back for the latest news and insights in the world of online safety.

Continue Reading

Malware

Shopify Debunks Hacking Claims, Exposes Stolen Data Connection to Third-Party App

Shopify has denied being hacked after suspicious emails were sent to customers, blaming a third-party app for the data breach. The firm’s investigation revealed that the app had accessed and stolen data from Shopify’s API, but the incident was not a security breach of the platform itself.

Published

on

Shopify, the popular e-commerce platform, has recently denied experiencing a data breach after a threat actor started selling customer data that they claimed to have stolen from Shopify’s network. But, don’t worry, it’s not as bad as it seems.

What Shopify had to say

According to Shopify, the company’s systems have not suffered a security incident. They told us, “The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.

This statement comes after a threat actor, known as ‘888’, began selling data they claimed was stolen from Shopify back in 2024.

Selling alleged Shopify data on a hacking forum
Selling alleged Shopify data on a hacking forum
Source: IT Services

What’s in the data?

The threat actor shared data samples that include a person’s Shopify ID, first name, last name, email, mobile number, order count, total spent, email subscription, email subscription date, SMS subscription, and SMS subscription date. While this information is significant, it’s important to remember that Shopify itself wasn’t directly breached.

Unfortunately, Shopify did not provide any further information about the app from which this customer’s data was stolen.

A history of data leaks

The threat actor, 888, has been linked to previous data sales or leaks allegedly involving companies like Credit Suisse, Shell, Heineken, Accenture India, and Unicef.

It’s also worth noting that in 2020, Shopify disclosed that two “rogue members” of its support team accessed customer transactional records of about 200 merchants. While this is concerning, it’s essential to recognize the proactive steps the company has taken to address security issues.


Stay informed and protect your data

While this particular incident doesn’t seem to be a direct breach of Shopify’s systems, it’s still a reminder to stay vigilant when it comes to our data. Make sure to stay informed about potential threats and take the necessary steps to protect your personal information.

If you’re interested in learning more about cybersecurity and how to keep your data safe, don’t hesitate to contact us and keep coming back for more valuable information.

Continue Reading

Trending

Copyright © 2023 IT Services Network.