This last Sunday and Monday, two big companies (one related to image/photography sharing and the other, a password security provider) warned their users about attacks received.
Let’s close this year by examining how did hacking groups attempt to harm both businesses.
Shutterfly Ransomware Incident 2021
First reported by Bleeping Computer, everything points out to the Conti ransomware group leaking information acquired from a leak site to affect portions of BorrowLenses, Lifetouch, Groovebook, the main business’ manufacturing offices, and corporate systems.
Researchers discovered the bad actors exploited VMware vCenter Server instances through the Log4j vulnerabilities. More specifically, they targeted vCenter networks for lateral movement by December 15th.
This would make them the first ransomware group to weaponize the vulnerability.
Both the FBI and CISA have detected +400 Conti-related attacks directed to American and international organizations. They’ve cashed over $150 million in the last six months with it.
According to the image-sharing company, both a cybersecurity company and law enforcement are working together to understand the nature of the data affected.
The full scope of the situation points out that financial information and Social Security Numbers are safe and weren’t taken from their clients. After all, these are not stored in-site.
LastPass Credential Stuffing Alert 2021
Now, in the case of the password security provider, it was master passwords that were compromised. Many users received email warnings of login attempts from unknown locations. These notifications would activate account blocks from the limit in login attempts.
Some customers also raised their voices when a second alert was received, only to find out their passwords to be successfully changed. Many others that tried disabling and deleting their accounts, would get error messages like “something went wrong”, shown below.
THIS is another reason @lastpass can’t be trusted. So Lastpass, you won’t let me delete my account? pic.twitter.com/SHc0caWAhI
— d’Avid in Anthropocene (@safe_secs) December 28, 2021
Users reported what was happening through many online platforms, such as Reddit, Twitter, and Hacker News (report by Greg Sadetsky). Shortly after, third-party cybersecurity researchers came up with the conclusion that this massive bot-caused breach was related to credential stuffing.
While LastPass didn’t share details about the threat actors nor the attack itself, researchers found a long list of LastPass credentials in Redline Stealer malware logs.
In situations like these, users are only left with advice (for example: to enable multifactor authentication) and uncertainty about what could happen to their data or when will the companies proceed to protect them.
You may or may not be comfortable with the unfortunate truth: there are barely a few options available for these businesses to help you out.
But this doesn’t have to be this way. You can be safe and sound if we guide you through it.
Our team of cybersecurity experts is always ready to answer your questions.