9TH MAY 2024
9TH MAY 2024Welcome to our cybersecurity news roundup, where we zero in on the major cyber-attacks and happenings. This week we saw new cybersecurity incidents that highlight the continuing fight against malicious threat actors who want to steal data and disrupt operations. We’ll be taking a look at BogusBazaar, Dell data breach and the Ascension healthcare system hack that impacted hundreds of thousands of people.
Here’s what went down this week:
A vast network comprising 75,000 counterfeit online storefronts, dubbed 'BogusBazaar,' has ensnared over 850,000 individuals across the United States and Europe, leading to illicit credit card data extraction and an attempted processing of approximately $50 million in spurious transactions.
Moreover, millions of purloined credit card particulars found their way onto underground digital marketplaces, facilitating unauthorized online purchases by other malevolent entities.
As per findings disclosed by German cybersecurity entity Security Research Labs GmbH (SRLabs), the BogusBazaar network has endeavored to validate about $50 million in counterfeit transactions since its inception three years ago.
The lion's share of victims hails from the United States and Western Europe. Conversely, there's a conspicuous absence of victims from China, suggesting a potential operational nexus for the scam.
BogusBazaar, a meticulously orchestrated enterprise, has deployed in excess of 75,000 spurious online shops since 2021, though recent activity has dwindled to approximately 22,500 active sites.
The cybercriminals leverage previously expired domains with favorable standing on Google to host bogus shops, often masquerading as vendors peddling footwear and attire at steep discounts.
These sites, generated through semi-automated processes, sport bespoke monikers and logos, a semblance of effort aimed at enhancing their perceived legitimacy.
The payment gateways on these sites serve as conduits for harvesting victims' personal and financial data or perpetrating fraudulent transactions via PayPal, Stripe, and credit card payments, leaving unsuspecting buyers empty-handed.
SRLabs elucidates that the cybercrime syndicate operates under a well-structured hierarchy, featuring specialized teams adhering to an infrastructure-as-a-service paradigm.
"The group has embraced an 'infrastructure-as-a-service' model: A central team oversees infrastructure management, while a decentralized network of affiliates operates sham storefronts," delineates the SRLabs report.
Researchers assert that the managerial and developmental cadre orchestrating the scheme fabricates bespoke WooCommerce WordPress plugins engineered for data and fund pilferage. This unit maintains only a nominal footprint of sham storefronts, possibly for experimentation purposes.
Dell, the renowned computer manufacturer, has issued a cautionary advisory to its clientele subsequent to reports of a data breach, wherein a threat actor alleges to have illicitly obtained information for an estimated 49 million customers.
Yesterday, Dell revealed that a breached Dell portal, housing customer data pertaining to purchases, triggered the security alarm.
A spokesperson from Dell says:
"We believe there is not a significant risk to our customers given the type of information involved."
According to Dell's disclosure, the accessed information comprises:
Name
Physical address
Dell hardware and order details, encompassing service tag, item specifications, date of purchase, and associated warranty particulars.
However, Dell emphasizes that the pilfered data does not encompass financial or payment details, email addresses, or contact numbers. The company affirms its collaboration with law enforcement and a third-party forensics agency to probe the incident comprehensively.
Initial indications of the breach surfaced when reports emerged on April 28th, revealing a malefactor named Menelik offering a purported Dell database for sale on the Breach Forums hacking platform, as highlighted by Daily Dark Web.
Menelik purportedly claimed to have absconded with data pertaining to "49 million customer and other information systems purchased from Dell between 2017-2024," underscoring the alarming scope of the potential compromise.
Ascension, a leading nonprofit healthcare system in the United States, has taken proactive measures in response to a cybersecurity incident, prompting the temporary shutdown of certain systems for investigation and remediation.
With a sprawling network encompassing 140 hospitals, 40 senior care facilities, and an extensive workforce including 8,500 providers and 134,000 associates, Ascension serves communities across 19 states and the District of Columbia, boasting a reported revenue of $28.3 billion in 2023.
The organization disclosed,
"On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues."
In light of the incident, Ascension has advised its business partners to temporarily sever connections to its systems as a precautionary measure. "Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment," the nonprofit affirmed.
Acknowledging the impact on clinical operations, Ascension is diligently assessing the extent and duration of disruption while keeping relevant authorities informed. To bolster their response efforts, Ascension has engaged Mandiant incident response experts to collaborate on the investigation and remediation process.
Want to catch up on the latest security news? Check out:
