26M Amazon, Facebook, Apple, eBay User Logins Stolen by Hackers

The private login information belonging to tens of millions of people was compromised after malware infiltrated over 3.2 million Windows-based computers during a two-year span.

According to a report by cybersecurity provider NordLocker, a custom Trojan-type malware infiltrated the computers between 2018 and 2020 and stole 1.2 terabytes (TB) of personal information.
As a result, hackers were able to get their hands on nearly 26 million login credentials including emails, usernames and passwords from almost a million websites, according to Nordlocker’s report, which was conducted in partnership with a third-party company specializing in data breach research.

The targeted websites include major namesakes such as Amazon, Walmart, eBay, Facebook, Twitter, Apple, Dropbox and LinkedIn.

Adobe breach far bigger than thought - 38 million records ...

The malware was transmitted through email and “illegal software” which included a pirated version of “Adobe Photoshop 2018, a Windows cracking tool, and several cracked games,” according to the report.

To steal the personal information, the malware was reportedly able to take screenshots of a person’s information and also photograph “the user if the device had a webcam.”

Among the stolen database were 2 billion browser cookies and 6.6 million files, including 1 million images and more than 650,000 Word and .pdf files.

“Cookies help hackers construct an accurate picture of the habits and interests of their target,” the report read. “In some cases, cookies can even give access to the person’s online accounts.”

Making up the bulk of the stolen database was “3 million text files, 900,00 image files, and 600,000+ Word files.”

What was of most concern, according to Nordlocker, was that “some people even use Notepad to keep their passwords, personal notes, and other sensitive information,” according to the report.

***

McDonald's discloses hack of customer data in South Korea ...

But now McDonald’s is the latest victim.

McDonald’s on Friday disclosed limited details of a data breach that may have exposed some customer data.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” a McDonald’s spokesperson said, adding that based on the company’s investigation so far, only Korean and Taiwanese customers were impacted.

The Wall Street Journal initially reported that U.S. markets were also impacted and that the breach exposed some U.S. business and employee contact information.

Those markets “will be taking steps to notify regulators and customers listed in these files,” which did not include customer payment information, the McDonald’s spokesperson said.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the spokesperson said.

The fast-food chain said it was able to “quickly identify and contain” threats on its network. It also conducted a “thorough investigation” and worked with “experienced third parties” to do so.

McDonald’s did not share any additional details about the breach.

From Cyberscoop in part:

In other cases, by compromising payment machines, cybercriminals have swept up troves of customer data. That’s what happened in a 2019 breach of Checkers Drive-In Restaurants, when hackers accessed data such as payment card numbers and verification codes in an incident that affected more than 100 Checkers locations. The most notorious group to use the tactic is known as FIN7, a multibillion dollar criminal enterprise that has targeted payment data at Chipotle, Red Robin and Taco’s John.

McDonald’s defended its cybersecurity practices on Friday.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company’s statement reads.

“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”

Airline Hacked by APT41

On March 4, 2021, SITA, an international provider of IT services for the air transport industry worldwide, said it had suffered a security incident. The announcement, however, was not getting the attention it deserved until Air India, one of SITA’s customers, reported a massive passenger data breach on May 21 caused by an earlier attack against SITA. Between March and May, various airline companies, including Singapore Airlines, Malaysia Airlines, and others, disclosed data breaches. All of those companies were SITA customers. After Air India revealed the details of its security breach, it became clear that the carriers were most likely dealing with one of the biggest supply chain attacks in the airline industry’s history.

Using its external threat hunting tools, Group-IB’s Threat Intelligence team attributed the Air India incident with moderate confidence to the Chinese nation-state threat actor known as APT41. The campaign was codenamed ColunmTK.

On May 21, Air India, India’s flag carrier, published an official statement on their website about a data breach. The announcement revealed that the breach was caused by a February incident at the airline’s IT service provider, SITA PSS, which is responsible for processing customers’ personally identifiable information (PII). It came to light that the SITA cyberattack affected 4,500,000 data subjects globally, including data related to Air India’s customers.

On May 21, Air India, India’s flag carrier, published an official statement on their website about a data breach. The announcement revealed that the breach was caused by a February incident at the airline’s IT service provider, SITA PSS, which is responsible for processing customers’ personally identifiable information (PII). It came to light that the SITA cyberattack affected 4,500,000 data subjects globally, including data related to Air India’s customers. Significant attribution detail continues here.

***

The FBI defines the APT41 as:

From 2020:

A global hacking collective known as APT41 has been accused by US authorities of targeting company servers for ransom, compromising government networks and spying on Hong Kong activists.

Seven members of the group—including five Chinese nationals—were charged by the US Justice Department on Wednesday.

Some experts say they are tied to the Chinese state, while others speculate money was their only motive. What do we really know about APT41?

Who are they?

Five members of the group were expert hackers and current or former employees of Chengdu 404 Network Technology, a company that claimed to provide legitimate “white hat” hacking services to detect vulnerabilities in clients’ .

But the firm’s work also included malicious attacks on non-client organisations, according to Justice Department documents.

Chengdu 404 says its partners include a government tech security assessor and Chinese universities.

The other two hackers charged are Malaysian executives at SEA Gamer Mall, a Malaysia-based firm that sells video game currency, power-ups and other in-game items.

What are they accused of?

The team allegedly hacked the computers of hundreds of companies and organisations around the world, including healthcare firms, and telecoms and pharmaceutical providers.

The breaches were used to collect identities, hijack systems for ransom, and remotely use thousands of computers to mine for cryptocurrency such as bitcoin.

One target was an anti-poverty non-profit, with the hackers taking over one of its computers and holding the contents hostage using encryption software and demanding payment to unlock it.

The group is also suspected of compromising in India and Vietnam.

In addition it is accused of breaching video game companies to steal in-game items to sell back to gamers, the Justice Department court filings said.

How did they operate?

Their arsenal ran the gamut from old-fashioned phishing emails to more sophisticated attacks on software development companies to modify their code, which then allowed them access to clients’ computers.

In one case documented by security company FireEye, APT41 sent emails containing malicious software to human resources employees of a target just three days after the firm recovered from a previous attack by the group.

Wong Ong Hua and Ling Yang Ching, the two Malaysian businessmen, ordered their employees to create thousands of fake video game accounts in order to receive the virtual objects stolen by APT41 before selling them on, the court documents allege.

Is the Chinese government behind them?

FireEye says the group’s targeting of industries including healthcare, telecoms and news media is “consistent with Chinese national policy priorities”.

APT41 collected information on pro-democracy figures in Hong Kong and a Buddhist monk from Tibet—two places where Beijing has faced political unrest.

One of the hackers, Jiang Lizhi, who worked under the alias “Blackfox”, had previously worked for a hacking group that served government agencies and boasted of close connections with China’s Ministry of State Security.

But many of the group’s activities appear to be motivated by financial gain and personal interest—with one laughing in chat messages about mass-blackmailing wealthy victims—and the US indictments did not identify a strong official connection.

Where are they now?

The five Chinese hackers remain at large but the two businessmen were arrested in Malaysia on Monday after a sweeping operation by the FBI and private companies including Microsoft to block the hackers from using their online accounts.

The United States is seeking their extradition.

None of the men charged are known to have lived in the US, where some of their targets were located.

They picked targets outside Malaysia and China because they believed law enforcement would not be able to track them down across borders, the court documents said.

Half of Pandemic Money Stolen, Just $400 Billion

At least 30% of unemployment claims are fraudulent. 70% of the money has left our shores…oh don’t worry…the Biden administration has set aside $2 billion to stop this. What?

Beware of increased unemployment fraud due to identity theft

Axios:

Criminals may have stolen as much as half of the unemployment benefits the U.S. has been pumping out over the past year, some experts say.

Why it matters: Unemployment fraud during the pandemic could easily reach $400 billion, according to some estimates, and the bulk of the money likely ended in the hands of foreign crime syndicates — making this not just theft, but a matter of national security.

Catch up quick: When the pandemic hit, states weren’t prepared for the unprecedented wave of unemployment claims they were about to face.

  • They all knew fraud was inevitable, but decided getting the money out to people who desperately needed it was more important than laboriously making sure all of them were genuine.

By the numbers: Blake Hall, CEO of ID.me, a service that tries to prevent this kind of fraud, tells Axios that America has lost more than $400 billion to fraudulent claims. As much as 50% of all unemployment monies might have been stolen, he says.

  • Haywood Talcove, the CEO of LexisNexis Risk Solutions, estimates that at least 70% of the money stolen by impostors ultimately left the country, much of it ending up in the hands of criminal syndicates in China, Nigeria, Russia and elsewhere.
  • “These groups are definitely backed by the state,” Talcove tells Axios.
  • Much of the rest of the money was stolen by street gangs domestically, who have made up a greater share of the fraudsters in recent months.

What they’re saying: “Widespread fraud at the state level in pandemic unemployment insurance during the previous Administration is one of the most serious challenges we inherited,” said White House economist Gene Sperling.

  • President Biden has been clear that this type of activity from criminal syndicates is despicable and unacceptable. It is why we passed $2 billion for UI modernizations in the American Rescue Plan, instituted a Department of Justice Anti-Fraud Task Force and an all-of-government Identity Theft and Public Benefits Initiative.”

How it works: Scammers often steal personal information and use it to impersonate claimants. Other groups trick individuals into voluntarily handing over their personal information.

  • “Mules” — low-level criminals — are given debit cards and asked to withdraw money from ATMs. That money then gets transferred abroad, often via bitcoin.

The big picture: Before the pandemic, unemployment claims were relatively rare, and generally lasted for such short amounts of time that international criminal syndicates didn’t view them as a lucrative target.

  • After unemployment insurance became the primary vehicle by which the U.S. government tried to keep the economy afloat, however, all that changed.
  • Unemployment became where the big money was — and was also being run by bureaucrats who weren’t as quick to crack down on criminals as private companies normally are.
  • Unemployment fraud is now offered on the dark web on a software-as-a-service basis, much like ransomware. States without fraud-detection services are naturally targeted the most.

The bottom line: Many states are now getting more sophisticated about preventing this kind of fraud. But it’s far too late.

*** What Is Unemployment Insurance Fraud? | does

Consequences should also be on the states and we don’t spend anything more in unemployment until at least 50% is recovered…..billions of dollars likely ending up in the hands of foreign crime syndicates based in China, Russia and other countries, experts say.

“Fraud is being perpetrated by domestic and foreign actors,” Blake Hall, CEO and founder of ID.ME, told FOX Business. “We are successfully disrupting attempted fraud from international organized crime rings, including Russia, China, Nigeria and Ghana, as well as U.S. street gangs.”

Haywood Talcove, the CEO of LexisNexis Risk Solution, suggested the bulk of the money – about $250 billion – went to international criminal groups, most of which are backed by the state. The money is essentially being used as their slush fund for “nefarious purposes,” such as terrorism, illegal drugs and child trafficking, Talcove said.

The criminals have been able to access the money by stealing personal information and using it to impersonate claimants or buying it on the dark web. The groups also use an army of internet thieves to submit fraudulent claims. States, which administer the aid, may be prepared to combat fraud from individuals who are trying double-dip or cash in on benefits they don’t need, but not international criminals using the dark web to exploit the system.

JBS, the Meat Processor Paid $11M in Ransom

Reuters: JBS USA, subsidiary of Brazilian firm JBS SA (JBSS3.SA), confirmed in a statement on Wednesday the company paid the equivalent of $11 million in ransom in response to a criminal hack against its operations.

The world’s largest meat producer canceled shifts at its U.S. and Canadian meat plants last week, after JBS said it was hit with a crippling cyberattack that threatened to disrupt food supply chains and inflate food prices.

***

“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The company said it paid the ransom to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”

According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, ransomware is a type of malware that shuts down a company’s computer infrastructure with hackers demanding payment to unlock the system.

Earlier this month, the FBI attributed the infiltration to Russia-based hackers.

JBS said it was in constant contact with federal officials, and while investigations are ongoing, “preliminary investigation results confirm that no company, customer or employee data was compromised.”

Texas JBS meatpacking plant rejects state effort to test ...

The company said it spends $200 million annually in IT services.

JBS is not the first company to recently pay ransom to cyber criminals based in Russia. JBS said its ability to resolve the issues resulting from the attack was “due to its cybersecurity protocols, redundant systems and encrypted backup servers.” Additionally, the company employs more than 850 IT professionals around the world. JBS maintained that no company, customer or employee data was compromised.

Bloomberg: 

It also halted slaughter operations across Australia and idled one of Canada’s largest beef plants. The FBI has attributed the incident to REvil, a hacking group that researchers say has links to Russia.

The global shutdowns upended agricultural markets and raised concerns about food security as hackers increasingly target critical infrastructure.Operations have returned to normal levels and the company expected lost production to be fully recovered by the end of this week.

In its latest statement, JBS said the vast majority of the company’s facilities were operational at the time of payment. It had made the decision to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” in consultation with internal IT professionals and third-party cybersecurity experts.

JBS added it has maintained constant communications with government officials throughout the incident, and that third-party forensic investigations are still ongoing.

Dow Jones had earlier reported the ransom payment.

VP Harris Trip Results in Joint Task Force Alpha

Harris meets with Mexico's president, declares 'new era' - Los Angeles Times source

In part from USA Today: GUATEMALA CITY – Vice President Kamala Harris, during a trip to Guatemala, announced initiatives Monday to address corruption and human trafficking in Central America and urged people from the region not to come to the U.S.-Mexican border. Harris announced that a task force would be created to work with the Justice, Treasury and State Departments to investigate corruption in the region. U.S. officials will train law enforcement in Guatemala to conduct their own investigations.

Joint Task Force Alpha was established to enhance U.S. law enforcement efforts against human smuggling and trafficking groups in Mexico and the Northern Triangle countries of Guatemala, El Salvador and Honduras.

“I have personally worked on these cases in my career and can say that when we see some of the most vulnerable in our communities being taken advantage of, being sold for profit, being abused, it should be a priority for all of us who care about the human condition and humanity,” Harris said.

“Corruption really does sap the wealth of any country and in Central America is at a scale where it is a large percentage of GDP across the region,” said Ricardo Zuniga, the State Department’s special envoy for the Northern Triangle. “We see corruption as one of the most important root causes to be dealt with.”

Part of the strategy to slow the pace of migration is creating better living conditions and economic opportunities for people in the region through investment. Last month, Harris secured the commitment of 12 U.S. companies and organizations – including MasterCard, Microsoft and Chobani – to invest in Guatemala, Honduras and El Salvador.

US: Kamala Harris declares Mexico, Guatemala trip ′a success′ | News | DW |  09.06.2021

From the DOJ:

“Transnational human smuggling and trafficking networks pose a serious criminal threat,” said Attorney General Garland. “These networks profit from the exploitation of migrants and routinely expose them to violence, injury, and death. The joint efforts we are announcing today will combine investigative, prosecutorial, and capacity-building efforts of both the Departments of Justice and Homeland Security. Our focus will remain on disrupting and dismantling smuggling and trafficking networks that abuse, exploit, or endanger migrants, pose national security threats, and are involved in organized crime. Together, we will combat these threats where they originate and operate.”

In addition to the work of the Joint Task Force, Attorney General Garland directed the Office of Prosecutorial Development, Assistance, and Training (OPDAT) and the International Criminal Investigative Training Assistance Program (ICITAP), in coordination with the State Department, to enhance the assistance provided to counterparts in the Northern Triangle countries and Mexico to support their efforts to prosecute smuggling and trafficking networks in their own courts.

The Joint Task Force will consist of federal prosecutors from U.S. Attorney’s Offices along the Southwest Border (District of Arizona, Southern District of California, Southern District of Texas, and Western District of Texas), from the Criminal Division and the Civil Rights Division, along with law enforcement agents and analysts from DHS’s Immigration and Customs Enforcement and Customs and Border Patrol. The FBI and the Drug Enforcement Administration will also be part of the Task Force. And it will work closely with Operation Sentinel, a recently announced DHS operation focused on countering transnational criminal organizations affiliated with migrant smuggling.