Hack Incidents Happened in Holidays Time [Christmas Ruined]

It's almost the end of the year 2021, and everyone is celebrating Christmas in chilled winter. But there are some people who look at this holiday season with a different view angle.

In the last week of 2021, we have seen the biggest security incidents of the year. Almost every company (from big giants to small startups) seems to be vulnerable to the critical remote code execution bug called Log4Shell. 

Log4Shell (CVE-2021-44228), an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities that go on under the hood in a wide range of computer systems. If attackers manage to exploit it on one of the servers, they gain the ability to execute arbitrary code and potentially take full control of the system.

Cyber hackers still scanning the internet with the intent to exploit the vulnerability, for deploying ransomware or RATs. Other than this some malicious attackers still working (with their bad intent) keeping aside the taste of Christmas, as they knew at this time every IT admins are busy enjoying their holidays. 

Happy Holiday Hacked Incidents.

Where everyone is busy in enjoyment and holidays, some hackers are still working in exploiting the network security and taking control over files and systems of organizations or firms. Here are the brief details of some of the organizations or firms that have suffered the breach or security incident that occurred during or before this Christmas period -

1.    Shutterfly - On Sunday night, an American photo gift maker, has suffered ransomware attacks. The attackers allegedly encrypted more than 4,000 devices and 120 VMware ESXi servers, and also stole corporate data. According to sources, Shutterfly has been attacked using the ransomware Conti.

2.    Inetum Group - French IT services firm Inetum Group has confirmed that it was the subject of a ransomware attack last week that disrupted certain operations. The company said the ransomware attack occurred on Dec. 19 and that none of its infrastructures, communication, collaboration tools, or delivery operations for its clients were affected. Inetum has already notified the prosecuting authorities and is working closely with their specialized cybercrime units. The Inetum Group has also decided to call in a Security Incident Response service to benefit from the support of a trusted third party.

3.    Ghana’s NSS - Ghana’s National Service Secretariate suffered a massive database misconfiguration that exposed 55GB worth of citizens’ data when an AWS S3 bucket used by the Secretariate suffered misconfiguration. NSS stored over 3 million files from its different programs. Some of the files in the cloud storage account were password-protected, most of the files were still exposed to public access as well as the database.

4.    Backdoor in US Federal Agency Network - Avast reported that a backdoor was identified in a US federal agency’s network, the United States Commission on International Religious Freedom (USCIRF). Avast Threat Intelligence Team stated that it tried to notify the agency about the intrusion but didn’t receive any favorable response, which is why it decided to disclose its findings. Though Avast didn’t reveal the agency’s name in its report, its representative later disclosed the name.

5.    Backdoor in Auerswald VoIP System - Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices. Two backdoor passwords were found in the firmware of the Auerswald VoIP System. One backdoor password is for the secret user 'Schandelah', the other can be used for the highest-privileged user 'admin'.

6.    D.W. Morgan Data Exposed - A misconfigured Amazon S3 bucket owned by D.W. Morgan, a supply chain management and logistics giant exposed 100 GB worth of clients’ data. the database contained more than 100 GB worth of data with 2.5 million files detailing financial, shipment, transportation, personal and sensitive records belonging to D.W. Morgan’s employees and clients worldwide. These included Global 500 company Ericsson and Fortune 500 company Cisco.

7.    Dnevnik.ru Hacked - Unknown persons hacked the Dnevnik.ru platform and changed the grades of school children. The first hack reportedly happened on Saturday night, December 25th. Several grades had twos and threes in their diaries, but on Saturday afternoon the grades were corrected to the real ones. The second break-in occurred around midnight on Sunday, December 26th. According to the parents, all grades on the platform were changed - for the first and second quarters, as well as the current ones. Excellent students were given two marks and those who did not study well - on the contrary, fives.

There may be more, we will update this post with the information.