Blog
/
Threat Matrix: Huge Breaches at Ticketmaster & Christie’s, New Malware on macOS & Android

Threat Matrix: Huge Breaches at Ticketmaster & Christie’s, New Malware on macOS & Android

Welcome to the June edition of Upfort’s Threat Matrix. As we come up towards summer and employee attention is scattered (summer vacations, getting kids to camp, seasonal upticks, etc), it’s more important to stay up on the latest cyber threats.

In this edition, we cover a couple of huge–and still developing–breaches reported at Ticketmaster and Christies; new malware targeting macOS; malware on Google Play apps that have been downloaded millions of time; and more. And, as always, we provide guidance on how to protect your business against these emerging threats. 

Want to help keep your business safe? Take two minutes to fill out our interactive cybersecurity checklist or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your digital network. 

Ticketmaster Hack Exposing 560 Million Customers' Data

Hacking group ShinyHunters claims to have breached Ticketmaster, stealing the personal details of 560 million customers, including names, addresses, phone numbers, and partial credit card information. The data is being sold for $500,000. The Australian government and the FBI are investigating, while Ticketmaster and its parent company, Live Nation, have not yet commented as of publication. ShinyHunters has a notorious history, including previous major data breaches. The breach occurs amid a federal antitrust lawsuit against Ticketmaster and Live Nation for monopolistic practices.

How to defend yourself: To safeguard your small business from data breaches like the Ticketmaster hack, implement multi-factor authentication, keep software up to date, and conduct regular security audits. Educate employees on cybersecurity best practices and phishing prevention. Use strong encryption for sensitive data and establish an incident response plan to address potential breaches swiftly. Regularly back up data and monitor networks for suspicious activity to mitigate risks effectively.

Read more >>

Christie's Hit by Massive Cyberattack: Hackers Threaten to Leak Data on 500,000 Clients

RansomHub has claimed responsibility for a cyberattack on Christie's website, asserting possession of sensitive personal information on 500,000 clients, including names, document numbers, nationalities, and birth dates. The group threatened to release this data, citing potential GDPR fines and reputational damage for Christie's. Despite attempts to negotiate, communication with Christie's ceased, prompting RansomHub to set a countdown timer for data release by the end of May. Christie's confirmed unauthorized access to client data but found no evidence of compromised financial records, and it is notifying regulators and affected clients. The cyberattack disrupted Christie's website on May 9, ahead of their major spring auction, but the auction house still netted $530 million from sales.

How to defend yourself: There’s a very high chance that you and/or your employees’ data has been included in a third-party data breach (public repositories such as Have I Been Pwned can offer insights into your business’ exposure). Criminals can use this information to attack other systems through the re-use of common passwords or social engineering attacks. Be sure to implement robust security protocols including multi-factor authentication and strong password hygiene to keep your organization safe. 

Read more >>

The surveillance framework LightSpy, previously known for targeting Android and iOS devices, has now been discovered on macOS.

LightSpy Malware Now Targets macOS

The surveillance framework LightSpy, previously known for targeting Android and iOS devices, has now been discovered on macOS. ThreatFabric reports that the macOS version of LightSpy, active since January 2024, utilizes WebKit flaws to infect devices and execute various spying functions via plugins. These include capturing sound, recording screen activity, and extracting sensitive data from applications, posing a significant threat to user privacy.

How to defend yourself: To protect your small business from threats like LightSpy, ensure all macOS devices are updated to the latest software versions to mitigate vulnerabilities. Implement strong firewall protections, regularly back up critical data, and limit the use of WebKit-based browsers. Train employees to recognize phishing attempts and avoid downloading suspicious files or clicking on unknown links. Additionally, employ network monitoring tools to detect unusual activities and establish protocols for immediate response to potential infections.

Read more >>

Malicious Android Apps Installed 5.5 Million Times

Over 90 malicious Android apps, including the notorious Anatsa banking trojan, have been discovered on Google Play, amassing over 5.5 million installations. Anatsa targets financial institutions globally, stealing e-banking credentials to facilitate fraudulent transactions. Recently, Anatsa resurfaced on Google Play through two decoy apps, which had already gathered 70,000 installations before their removal. Despite Google's efforts to eliminate these threats, the recurring presence of such malware highlights significant security challenges.

How to defend yourself: To safeguard your small business from threats like Anatsa, ensure all Android devices have the latest security updates and use reputable antivirus software. Educate employees about the dangers of downloading apps from unknown sources and scrutinize app permissions, especially those requesting access to SMS, contacts, or the Accessibility Service. Implement mobile device management (MDM) solutions to control app installations and enforce security policies. Regularly back up data and monitor network activity to detect and respond to unusual behavior promptly.

Read more >>

This marks the fourth zero-day vulnerability Google has patched this month. Users on Windows, macOS, and Linux are advised to update to the latest Chrome versions immediately to protect against potential attacks.

Google Urges Chrome Update to Patch Critical Security Flaw

Google has issued an urgent update for Chrome to fix a high-severity security flaw, CVE-2024-5274, currently being exploited in the wild. This type confusion vulnerability in the V8 JavaScript and WebAssembly engine can allow threat actors to crash systems, execute arbitrary code, or bypass access controls. This marks the fourth zero-day vulnerability Google has patched this month. Users on Windows, macOS, and Linux are advised to update to the latest Chrome versions immediately to protect against potential attacks.

How to defend yourself: To protect your small business from the critical Chrome vulnerability CVE-2024-5274, ensure all devices using Chrome are updated to the latest version (125.0.6422.112/.113 for Windows and macOS, and 125.0.6422.112 for Linux). Regularly check for browser updates and enable automatic updates to minimize exposure to zero-day exploits. Educate employees on the importance of keeping their browsers up to date and consider using managed browser policies to enforce updates across your organization.

Read more >>

Spyware Found in Wyndham Hotels Exposes Guest Information

A spyware app called pcTattletale was discovered infiltrating the check-in systems of several Wyndham hotels in the US, capturing screenshots containing guest and customer information. Security researcher Eric Daigle identified the app, which is marketed as "simple stalkerware" and can remotely monitor Android and Windows devices. Due to a security bug in the spyware, these screenshots are publicly accessible on the Internet. Despite attempts to contact pcTattletale, the company has not responded. Daigle advises potential victims to run antivirus scans to detect and remove the spyware.

How to defend yourself: Keep all systems and software updated with the latest security patches. Educate employees about the risks of spyware and the importance of not installing unknown applications. Implement network security measures to monitor for unusual activity and consider using endpoint protection solutions to detect and prevent spyware infections.

Read more >>

Sign up for our newsletter

Subscribe