The year is still young, but the digital landscape of 2021 is already littered with bad behavior.
Continuing a 2020 trend, opportunistic hackers and data thieves are taking full advantage of the pandemic’s dynamics and the shift to remote work. With more of our everyday functions moving online than ever before, cybercriminals now run rampant across businesses, schools, and social media platforms. Last year ended with what was potentially the biggest-ever hack perpetrated against the U.S. government—and, so far this year, hacking exploits show no signs of slowing down.
Notable Cyberattacks of January
International Political Organizations Targeted by High-Profile Iranian Hacker Group
While most of December’s cybersecurity headlines featured the likely Russia-based attack on various U.S. government domains via a SolarWinds exploit, other overseas actors also targeted geopolitical rivals. The notorious Iranian hacker collective known as Charming Kitten spent the Christmas and New Year’s period inundating employees and users of political think tanks, universities, environmental groups, and news outlets in the U.S., Europe, and the Middle East with a series of phishing and smishing attacks.
This attack was especially concerning to cybersecurity experts because of its level of sophistication. Not only did Charming Kitten use a two-pronged attack, sending its targets emails and SMS messages that included New Year’s greetings or links to recover a supposedly locked Google account, the group also managed to hide behind what at first glance might appear to be a legitimate Google URL. The seeming authenticity of the links paired with the error-free and grammatically correct copy gave this attack a veneer of respectability that could fool even tech-savvy recipients.
Charming Kitten has a history of these kinds of sophisticated strikes, including prior use of legitimate-seeming Google URLs. Its history of bad behavior runs deep, including an infamous breach and subsequent blackmailing of HBO in 2017, and attempts to interfere with U.S. elections in 2019. As it is allegedly a government-sponsored organization, it will likely remain a major player in cybercrime for the immediate future.
- Records Exposed: Passwords and online credentials
- Type of Attack: Phishing and smishing
- Industry: Political groups, news organizations, academia
- Date of Attack: Late December 2020 to early January 2021
- Location: U.S., Europe, and the Middle East
- Well-organized and funded cybercrime groups will continue to be a major concern for both governments and businesses for the foreseeable future.
- Increasingly sophisticated attack strategies, such as legitimate-looking URLs and multi-platform targeting, make a holistic, systemwide approach to security all the more essential.
Perl Programming Website Suffers a Domain Hijacking
Perl is a popular programming language that is frequently employed in CGI scripts and web development. It dates back to 1987 and remains widely used by high-profile websites such as Craigslist, DuckDuckGo, the Internet Movie Database, and TicketMaster.
That high visibility made it all the more unsettling when it was revealed in late January that the Perl.com website, a resource for news and information about the language, had been hijacked for some time, possibly going back as far as September. The hack went undetected for many months because the attackers did not alter the site’s DNS and, therefore, didn’t raise any obvious red flags.
As of this writing, the attackers and their motivations remain unknown, although the breach bears strong similarities to a string of recent hijackings. The Perl.com website currently redirects to a parking site that may be connected to previous malware attacks, and someone briefly attempted to sell the domain for $190,000. The site’s rightful owners are actively working to regain control and are encouraging users to visit the unaffected Perl.org site for updated news and information in the meantime.
- Records Exposed: Unknown
- Type of Attack: Hijacking
- Industry: Computer programming
- Date of Attack: September 2020 to present
- Location: U.S.
- Even an especially tech-savvy organization such as a venerable computer programming collective can let a subtle cyberattack go unnoticed for long stretches of time.
Socialarks Breach Leaves 214 Million Social Media Users Exposed
A Chinese startup with shockingly lax security policies exposed the personal information of around 214 million social media users in early January, most of whom probably had no idea the culpable company even existed.
Investigators say that Socialarks, a social media management business focused on “brand building, marketing, [and] social customer management in China’s foreign trade industry,” should never have had access to so much private data in the first place. The leaked material was apparently scraped by Socialarks from leading social sites such as Facebook, LinkedIn, and Instagram. Among the more than 400GB of stolen data is contact information that is not usually exposed in a public profile, including the personally identifiable information of a number of celebrities and prominent online personalities.
Authorities also believe the hackers who stole the already-pilfered information probably didn’t have to work very hard for it—the ElasticSearch database for the Shenzhen, China-based company was reportedly left almost completely unprotected, without encryption or even password protection.
In addition to public profile information, the stolen data also contained phone numbers, email addresses, and other exploitable data that is generally kept private. That makes it highly likely that this attack will fuel further cybercrimes in the near future. Even more disturbing, this is the second time since August that Socialarks has suffered a leak of this kind, suggesting that the company is not especially quick to learn its lesson.
- Records Exposed: Public and private social media data
- Type of Attack: Data leak
- Industry: Social media marketing
- Date of Attack: January 11
- Location: Shenzhen, China
- International commerce makes certain elements of cybersecurity difficult to enforce, especially when more than one bad actor is involved.
- Yet again, the relative insecurity of major social media platforms puts users’ personal information at risk.
South Carolina County Struggles to Bounce Back from System-wide Cyberattack
Officials in South Carolina were left reeling from a January 23 attack that shut down much of the electronics infrastructure of Georgetown County, a coastal county of 60,000 people located just south of Myrtle Beach. Investigators do not believe that private data was compromised or that personal information belonging to residents or employees was stolen, but the operational damage has been significant.
The attack has thrown many municipal functions into disarray. While county officials were quick to note that local 911 system and detention center were unaffected, the hack successfully shut down online functions for the court system, treasurer’s office, and auditor’s office for nearly two weeks. That has caused significant disruption in the processing of civil and criminal proceedings, as well as distribution of W-2 forms and other preparations for the upcoming tax season. County email servers were also taken offline by the attack, disrupting basic communications among municipal employees.
To date, Georgetown County has not disclosed what kind of malware was involved in this attack or whether it has identified any suspects. It is also unknown whether the Georgetown incident has any connection to a similar January 22 attack on Greenville Water, a water treatment company in northwestern South Carolina whose online payment systems were taken down for more than a week.
- Records Exposed: Unknown
- Type of Attack: Unspecified infrastructure shutdown
- Industry: Municipal government
- Date of Attack: January 23
- Location: South Carolina
- Even when avoiding a data breach, an insufficiently secured infrastructure can leave an organization vulnerable to costly, time-consuming, and potentially dangerous cyberattacks.
- For an organization like a city or county with multiple interconnected departments, fixing that damage can mean weeks of work for employees and ongoing inconvenience for constituents.
Stay Ahead of Cyberthreats
One thing that we can take away from all of these examples: It is always better to head off a cyberthreat at the start than it is to repair the problem after the fact.
Learn about security operations solutions that can help your organization get ahead of today’s threats and avoid damaging cyberattacks. Contact Arctic Wolf today.