Cyber Intelligence Weekly

Cyber Intelligence Weekly (August 27, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here:

Before we get started on this week’s CIW, I’d like to highlight an article by our very own @Azim Nadvi, "Vulnerability Management: Minimizing Risks, Maximizing Security." In a cyber-centric world, vulnerability management is the linchpin of effective defense. Azim Nadvi's article is a roadmap to proactive cybersecurity. Dive into his insights here:

Vulnerability Management: Minimizing Risks, Maximizing Security

Away we go!

1. Lapsus$ Hacking Group: Teenagers Behind Major Tech Firm Attacks Found Responsible in Court

In a recent verdict from Southwark Crown Court in London, 18-year-old Arion Kurtaj from Oxford was identified as a key figure in the notorious Lapsus$ hacking group, responsible for significant breaches against major tech giants including Uber, Nvidia, and Rockstar Games. While on bail and housed in a Travelodge hotel, Kurtaj even leaked segments of the yet-to-be-released Grand Theft Auto 6 game. Although the cyber-attacks carried out by Lapsus$ in 2021 and 2022 sent shockwaves throughout the cybersecurity community, Kurtaj, diagnosed with autism, was deemed unfit for trial and was absent from the courtroom. The main objective of the trial was to ascertain whether he committed the alleged acts, irrespective of his criminal intent. Another unnamed 17-year-old, also diagnosed with autism, was convicted for participating in Lapsus$ activities but remains anonymous due to his age.

Lapsus$ Hacking Group: Teenagers Behind Major Tech Firm Attacks Found Responsible in Court

The Lapsus$ group, which originates from the UK and reportedly Brazil, was tagged as "digital bandits" during the court proceedings. Their modus operandi involved a mix of deceptive strategies and advanced hacking techniques to infiltrate multinational entities such as Microsoft and digital banking group Revolut. The group's brazen acts were not limited to their hacks, as they frequently boasted about their conquests and ridiculed their victims on Telegram, using both English and Portuguese. The two key hacking sprees detailed during the trial involved multiple attacks on firms such as BT, EE, Nvidia, and others, with ransoms demanded and vast amounts of valuable data stolen. Telegram chats revealed the group's methods, which ranged from impersonating employees to inundate staff with access requests until they yielded.

Despite being arrested and released under strict conditions, including an internet ban, Kurtaj persisted with his hacking endeavors. This defiance was evident when he was apprehended in his Travelodge room, breaching his bail conditions by using certain cloud computing services to execute hacks on companies like Revolut and Rockstar Games. In an additional bold move, Kurtaj revealed to Rockstar employees his infiltration of their system and threatened to release vital game data for Grand Theft Auto 6. The audacious actions of Lapsus$, especially by its teenage members, have raised alarms within US cyber authorities, leading to extensive reviews on cybersecurity defenses against the rising threat posed by young hackers. While some members of Lapsus$ have been apprehended, many still remain at large. The extent of their financial gains remains unknown, but sentencing for the convicted teens should follow soon.

2. Hackers Exploit Credit Bureau Data to Dox Americans for a Fee

In an alarming article by Joseph Cox, he highlights how hackers have tapped into a treasure trove of personal data from credit bureaus, offering their services to criminals who seek to exploit this information. An investigation by Cox’s new 404 Media demonstrates that for as little as $15 in Bitcoin, individuals can use bots on the messaging platform, Telegram, to retrieve an extensive profile of nearly any American resident. This data includes addresses, contact details, names and birth years of relatives, driver’s license information, and sometimes even Social Security numbers.

The central source of this vast data collection appears to be the credit headers, personal details that credit bureaus like Experian, Equifax, and TransUnion amass from the majority of adults in America who use credit cards. As these details cascade from the credit bureaus to other firms – such as debt collectors, insurance companies, and law enforcement – cybercriminals have managed to infiltrate this supply chain. In some instances, the identities of former law enforcement officers have been stolen to gain this access. High-profile individuals, including Elon Musk, Joe Rogan, and President Joe Biden, have had their data accessed through this mechanism.

Such tools, besides being used for doxing, also feature chat rooms that cater to criminal activities ranging from swatting to SIM swapping and even acts of physical violence. While the data might not always be sensitive, a significant portion is usually accurate and could be used for no good. The issue raises serious concerns about the ease with which malevolent actors can access personal information, despite individuals' attempts to safeguard their details. Lawmakers have voiced the need for stricter regulations, emphasizing that the government should restrict these companies from commercializing the personal data of Americans and close these loopholes that have allowed for nefarious uses.

3. Danish Cloud Hosting Firm CloudNordic Faces Severe Ransomware Attack, All Customer Data Lost

CloudNordic, a Denmark-based cloud hosting company, has reported that a ransomware attack on its data center systems resulted in the loss of all its stored data, including that of its backups. The attack, which commenced on a Friday, saw the cybercriminals shutting down every system associated with CloudNordic, from its website to emails, eventually encrypting customer databases and sites. The statement on CloudNordic's website reveals, "The attackers successfully encrypted all servers and both primary and secondary backup systems, causing machines to crash and rendering all data inaccessible."

While the nature of the attack was severe, CloudNordic asserts there's no evidence suggesting that customer data was duplicated or removed from its system - a tactic commonly employed by ransomware groups. Despite facing an undisclosed ransom demand, the company clarified that they neither possess the financial resources nor the intent to pay off the hackers. Furthermore, the incident got aggravated when unknowingly infected systems were transferred from one data center to another, which was inadvertently connected to their main internal server management network.

The company is still in the dark about how the ransomware infiltrated their system initially. Neither CloudNordic nor Azero, another affected firm owned by the same Denmark-registered holding company Certiqa Holding, has received any acknowledgment or claim of responsibility from any cybercriminal group. Currently, both firms are striving to reconstruct their web and email platforms, even though the data remains irretrievable. Efforts to communicate with CloudNordic from reporters has nearly been impossible with their website mentioning communication challenges and emails being undeliverable at this time.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here:

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.