Labeled Grifthorse, a malicious campaign has run nearly 200 apps that have affected 10 million users over the last year. In other cybersecurity news, one of Britain’s largest media outlets suffered a cyber-attack and a data breach that was initially uncovered by a threat researcher.
After being fired as a U.K. school’s IT technician, an individual purportedly illicitly accessed the school’s systems and erased significant amounts of data. They have been arrested and charged with multiple cyber hacking offenses. This attack came during the pandemic and forced the online education services to be temporarily shut down, leaving thousands of students unable to continue their studies. The arrested individual had previously committed similar trespassing actions on a former employer, causing disruptions in customer contact and deleting of critical information from the employer’s systems.
Syniverse, one of the largest message routing companies, announced that their systems were compromised in a data breach that could extend back to 2016. The company routes text messages for hundreds of different telecom companies and boasts the largest customer reach on Earth meaning they may just be exposing the most customer data to criminals. While officials for Syniverse revealed that they have resolved the vulnerabilities to their network, they haven't been able to confirm if any of the illicitly accessed data was exfiltrated or used for any other malicious activities.
Officials for Google have been working to remove nearly 200 malicious apps tied to a malicious campaign targeting Android for close to a year. The campaign, labeled GriftHorse, begins when a victim downloads a malicious app and is then asked to enter their phone number to be entered to win a prize. The campaign then subscribes the victim to a $42 per month SMS service, which would normally be used to pay for online services, but is instead pocketed by the attackers.
Nearly 10 TB of data was compromised during a cyberattack on The Telegraph, one of the largest media outlets in the U.K. A researcher identified the breach in September by discovering an unsecured database containing a significant amount of highly sensitive data detailing information on a portion of the newspaper’s subscribers. While it only took a couple of days for the database to be properly secured, the company has already begun contacting affected individuals to keep aware for suspicious activity on their payment cards or other identity monitoring services.
Earlier this week, the Hong Kong marketing firm Fimmick revealed they had fallen victim to a ransomware attack by the REvil group. It is believed that the group infiltrated Fimmick’s systems and stole crucial data on several high-profile clients like Coca-Cola, in hopes of launching further attacks on the specific victims. Targeting marketing firms has been an increasing trend over the past few years as they tend to lead to a trove of data on other companies. This lessens the workload for the attackers and leads to a higher chance of gaining access to other potential victims.