Breach Notification , Cybercrime , Fraud Management & Cybercrime
Breach Roundup: North Korean Hackers Target macOS Users
Interpol Arrests 300, Seizes $3 Million From West African Financial Crime GangEvery week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, North Korean hackers targeted macOS users, Bassett Furniture suffered a ransomware attack, Interpol arrested 300 and seized $3 million, new details emerged about Designed Receivable Solutions, Repligen reported a cyber incident, and MarineMax reported a data breach.
See Also: 57 Tips to Secure Your Organization
North Korean Hackers Target macOS Users
North Korean state-sponsored hackers are targeting macOS users with a new variant of their BeaverTail malware, spreading it through a malicious version of the video-calling service Microtalk. Cybersecurity researcher Patrick Wardle revealed that the attackers trick victims into downloading the infected software by posing as recruiters offering job interviews.
Wardle said the cloned Microtalk site misleadingly claims no download is required, but victims overlook the fine print and install the malware. Once on the victim's device, BeaverTail steals data and deploys additional malicious payloads, including InvisibleFerret.
Wardle emphasized the hackers' expertise in targeting macOS systems, despite relying heavily on social engineering tactics, which he described as technically unimpressive.
Bassett Furniture Shuts Down Manufacturing
U.S. furniture giant Bassett Furniture Industries halted manufacturing operations following a ransomware attack on July 10. The company discovered unauthorized access to its systems and shut down some IT operations to contain the breach.
The ransomware attack encrypted data files, disrupting Bassett's business operations. While retail stores and the e-commerce platform remain open, order fulfillment has been significantly affected.
Bassett admitted that the ransomware incident "has had and is reasonably likely to continue to have a material impact on the company's business operations until recovery efforts are completed," but it remains uncertain if it will materially affect financial performance. No ransomware group has claimed responsibility for the attack.
On the same day as the cyberattack, Bassett reported a 17% drop in revenue for Q2 2024 compared to the previous year. The incident occurs amid a surge in 8-K filings to the SEC about cybersecurity incidents, driven by new rules requiring companies to quickly disclose financially "material" cyber events. Despite initial claims of no "material" impact, several companies, including UnitedHealth and an unnamed car dealership, have recently reported significant financial losses from cyberattacks.
Interpol Arrests 300, Seizes $3 Million
Interpol announced Tuesday the conclusion of a three-month global crackdown on West African organized crime groups. Operation Jackal III resulted in 300 arrests and the seizure of $3 million in assets. This operation, which ran from April 10 to early July, involved law enforcement agencies from 21 countries and targeted groups involved in online financial fraud, including the notorious Nigeria-based Black Axe gang.
Authorities blocked 720 bank accounts during the operation. In Argentina, a five-year investigation dismantled a Nigerian-led network that caused significant financial losses to over 160 victims. This led to 72 arrests, the freezing of 100 bank accounts and the seizure of $1.2 million in counterfeit banknotes.
In Portugal, police dismantled another Nigerian network that recruited money mules to launder funds across Europe. Evidence seized included computers, phones, bank transfers to Nigeria, cryptocurrency transactions and money laundering operations.
Designed Receivable Solutions Update
California-based healthcare revenue management provider Designed Receivable Solutions further updated the number of individuals affected by a January data breach from 498,686 to 585,000 individuals. The breach involved unauthorized access to files containing patients' names, birthdates, addresses, Social Security numbers, and payment-related information. For patients, compromised data also includes dates of service, provider names, clinic locations, medical record numbers and diagnosis codes.
The company said the hack did not compromise clients' financial information, including credit card data. Although there is no evidence of misuse of the data, DRS advised affected patients to monitor their credit reports and account statements for suspicious activity.
Repligen Reports Cyber Incident
Bioprocessing company Repligen Corporation disclosed an unauthorized access to certain files on its systems and activated its incident protocol, involving law enforcement and external cybersecurity experts. The breach did not disrupt operations or customer service and is not expected to materially affect financial health.
Immediate actions included investigation, containment and remediation. The company believes the breach is contained. It did not detect malware encryption but continues to assess the full impact and potential regulatory requirements.
MarineMax Reports Data Breach Affecting 123,000 Individuals
Major boat and yacht retailer MarineMax is notifying over 123,000 individuals about a data breach stemming from a ransomware attack earlier this year. Initially disclosed in a March SEC filing, the cyberattack by the Rhysida ransomware group disrupted operation and included the auctioning of allegedly stolen data.
Screenshots shared by the hackers indicated access to financial documents and spreadsheets. Although MarineMax initially stated no sensitive data was stored in the compromised environment, subsequent investigations revealed that the group did indeed access files with personal information.
The company informed the Maine Attorney General's Office about the breach, offering affected customers two years of free credit monitoring and identity restoration services.