At a glance.
- Navistar sustains a data breach.
- BloodyStealer Trojan traded in criminal-to-criminal markets.
- Epik doxed by Anonymous.
- Clearview AI drops subpoenas.
Insurance data compromised in Illinois.
Proving grounds operator and vehicle manufacturer Navistar, based in the US state of Illinois, has disclosed that it suffered a data breach. The South Bend Tribune reports that the intruders potentially accessed the health and life insurance info of former and current staff. Though there’s no evidence the data was abused, letters are being mailed to the impacted individuals alerting them to the incident and offering two years of Experian credit monitoring and identity theft protection.
New malware boss owns gamers.
Kaspersky offers an inside look at a new advanced Trojan dubbed BloodyStealer. The malware targets leading gaming platforms like Steam and Epic Games Stores and is capable of extracting users’ browser passwords, cookies, and environment information. The Trojan’s strength lies in its ability to impede reverse engineering by employing several anti-analysis methods including packers and anti-debugging techniques. Though not designed exclusively for poaching gaming credentials, BloodyStealer is good at it, and gaming logs, accounts, and in-game goods are hot commodities on the dark web. Attacks have been observed in Europe, Latin America, and the Asia-Pacific region. The malware is being sold to hackers on underground forums, and priced at about $10 for a 1-month subscription (or $40 for unlimited access), it’s a steal (pun intended, but then you knew that).
James McQuiggan, Security Awareness Advocate at KnowBe4, sent us some thoughts on why gamers make attractive victims, and how gamers can make themselves harder targets:
“Cyber criminals will target online services people engage with, such as retailers, financial institutions or online gaming platforms. They target these platforms due to the user’s typically low level of security awareness related to social engineering or phishing attacks against them to access their credentials.
“Online gaming is very profitable for the developers, mainly because of the add-ons or additional features provided by paying a little extra for an outfit or weapon for a character. These all add up, and if a cyber criminal gains access to the user’s profile, they can sell off or steal the material and leave the victim virtually penniless.
“Enabling multi-factor authentication on their user’s accounts is one part of protection, combined with understanding how cyber criminals can steal their credentials and virtual possessions; otherwise, they risk losing it all.”
Bassam Al-Khalidi, Co-Founder and Co-CEO of Axiad, observed that relying on passwords makes this sort of crime possible:
“Malware that can steal account info like this is enabled by a reliance on passwords. If a platform is still using password-based authentication, it is leaving itself wide open for attack. Once a hacker steals one password they can access extensive personal data. To better defend against future attacks companies need to move away from passwords all together and implement MFA across the board. Their platform is only as strong as its weakest credential, which often leads to major breaches like this.”
Hacktivists dox Epik web services users.
Web services provider Epik, known for hosting websites that other providers won’t support due their extremist content, experienced a data breach at the hands of hacktivist group Anonymous. Security Week explains that the hackers infiltrated the company’s system by gaining access to private server backups of domain-side service accounts and then published more than 150GB of the stolen private data, revealing the identities of approximately 110,000 Epik users. The exposed data includes names, street and email addresses, phone numbers, login credentials, transaction histories, and 38,000 credit card numbers. Epik stated, “At this time, we have secured access to our domain-side services and have applied additional security measures to help protect services and users going forward.”
Clearview AI drops its subpoenas.
POLITICO reports that Clearview AI, a provider of facial recognition technology, has dropped the subpoenas it recently served on groups who reported on the company’s interactions with law enforcement agencies. “Clearview CEO Hoan Ton-That told POLITICO that ‘on further reflection about the scope of the subpoenas, and my strong view of freedom of the press, we have decided to withdraw the subpoenas served on Open the Government and its associates’.”