For a boring weekend in a traditional digest, we have collected a selection of fakups of the month. In April, there were also an Indian bank that lost $1 million on phishing, T-Mobile with its attempts to buy customer data from hackers, and Conti, which continue to terrorize corporations. Well, another social engineering, where without it.
Trojan in the system
What happened: hackers hacked IT infrastructure of the Indian bank Mahesh Bank and stole $1 million.
How it happened:Cybercriminals bombarded bank employees with more than 200 phishing emails. And, as it turned out, one of the employees fell for phishing and launched a Trojan for remote access. Luckily for the hackers, the Indian bank did not use VLANs. Therefore, as soon as the Trojan worked, the attackers not only gained access to the bank’s systems, but were also able to navigate the network and even in the banking application.
Attackers hacked into several employee accounts and gained access to databases with information about customers and their accounts. The cybercriminals then created several hundred accounts and transferred money from the bank’s customers to them. And then the money was withdrawn at 938 ATMs in India.
The city police, in an investigation report, said the bank lacked proper network infrastructure and basic security tools. Now Mahesh Bank will have to not only purchase security software, but also train employees in the rules of protection against phishing.
Take it all back
What happened: Hacker brought out $625 million in cryptocurrency from the NFT network. Cyber experts called the theft the largest in the history of the crypto industry.
How it happened: Although the incident happened on March 23rd, the creator of the NFT game only found out about it on the 29th after the user failed to withdraw 5,000 Ethereum coins. It turned out that the hacker took advantage of a flaw in the Ronin network that runs NFT. Cyber experts said that the attacker gained access to accounts that stored cryptocurrencies. So the hacker stole 173,600 “ethers” and 25.5 million stablecoins.
Although experts say that the hack was due to a technical vulnerability, the NFT spokesman said in an official statement that the hack used social engineering. The stolen funds are still in the hacker’s wallet, but the company is trying to recover and return the assets. Currently, users do not have the ability to deposit or withdraw funds.
Bunny, but not Easter
What happened: British confectionery company Cadbury warned about the easter egg scam.
How it happened: Attackers work in social networks and in the WhatsApp messenger. Some users have received messages purporting to be from Cadbury, inviting them to enter a contest and win a basket of Easter sweets. The attackers posted an image of a white rabbit on the lawn holding a purple egg with the caption: “Join the Cadbury Easter Egg Hunt.”
To participate in the Easter contest, scammers offered to follow the link and share personal information. The British company Cadbury confirmed that a fake is spreading on the Web and they didn’t arrange a contest for anyone. And cyber experts believe that attackers impersonate Cadbury to steal personal data of users.
Glitch in the Matrix
What happened: Unknown hacked Celebrity YouTube channels. Among the victims whose channels were attacked are stars such as Justin Bieber, Ariana Grande, Drake, Eminem, Kanye West, Travis Scott and others.
How it happened: On April 5, an unknown person uploaded bizarre videos to the channels of show business stars.
One of the videos uploaded was captioned “Justin bieber – Free Paco Sanz (ft. Will Smith, Chris Rock, Skinny flex & Los Pelaos)”. Notably, Paco Sanz is a Spanish fraudster who was sentenced to prison a few months ago for defrauding several thousand people by posing as a terminally ill cancer patient. In the video uploaded to the celebrity accounts, Paco Sanz incorrectly holds the guitar and sings in Spanish.
attacks on giants
What happened: hackers hacked Panasonic and leaked the company’s confidential data to the public.
How it happened: On April 5, hackers from the hack group Conti posted on their dark web site several files allegedly stolen from Panasonic Canada. Documents of the personnel department and other confidential files turned out to be in the public domain. Panasonic later confirmed that its Canadian division was the victim of a hacker group.
It is noteworthy that this is the third cyberattack in the last 18 months that Panasonic has suffered, which once again confirms that even large companies can be an easy target for scammers. In November 2021, it was revealed that the attackers had access to the company’s systems for more than four months before they were discovered. During this time, hackers gained access to confidential information of Panasonic customers and employees.
Negotiations didn’t go well
What happened: T-Mobile Company tried to buy back the data of their clients from hackers for 200 thousand dollars.
How it happened: In August 2021, the largest mobile operator T-Mobile has undergone hacker attack, as a result of which attackers gained access to confidential information about customers. The leak came to light after hackers put up for sale data allegedly stolen from T-Mobile, including phone numbers, full names, social security numbers, driver’s license numbers and other personal information. T-Mobile said the leak affected at least 47 million of its customers, including former subscribers.
The attackers contacted the company and offered to buy back the stolen data for 6 bitcoins (at that time about 270 thousand dollars). According to court documents, T-Mobile engaged a third party to negotiate with the hackers. First, a company representative purchased a data sample for $50,000 in bitcoin to verify its authenticity, and then made a $150,000 payment to purchase all customer data. It turned out that negotiating with criminals is not a good idea. The plan failed as the hackers continued to sell the stolen data despite T-Mobile paying the ransom.
What happened: Hackers conducted fake streams on YouTube on behalf of Elon Musk and other entrepreneurs.
How it happened: In February of this year, attackers launched online broadcasts on behalf of well-known personalities in the crypto industry and offered viewers to increase investments by transferring tokens to the specified crypto wallet. Cyber experts have recorded about 36 fraudulent streams. In three days, gullible users transferred about $1.7 million to the attackers.
Social engineering is merciless
What happened: Pensioner thoughtwhich helps to detain scammers, but in fact transferred 1 million rubles to them.
How it happened: An unknown girl called a resident of Syktyvkar and said that the police, together with the bank, are identifying unscrupulous bank employees who violate the law. The pensioner believed the scammer and said that a large amount of money received after the sale of the dacha was kept on her account. After that, scammers called Syktyvkar for several days, posing as bank employees and asking to transfer savings to a “safe” account. So the pensioner gave the attackers about 780 thousand rubles.
The scammers did not stop there and decided to rob the gullible woman to the fullest. So the attackers called the pensioner again and convinced her that unknown people had issued a loan for her. And in order to prevent the attackers from paying someone else’s debt, the woman was advised to take out a loan for 300 thousand rubles, and, of course, transfer the proceeds to a “safe” account. After that, the “bank employees” stopped communicating. The woman’s relatives found out about the incident and contacted the police.