[Security Weekly] REvil Ransomware Steals Apple Data From Supplier Quanta

cover image

4th Week of April 2021


1. REvil ransomware steals Apple data from supplier Quanta, demands ransom from both

Taiwanese-based Quanta Computer, an Apple supplier that manufactures the MacBook Air, MacBook Pro, and Apple Watch lineups, suffered an attack by the REvil ransomware gangs. The attackers claimed to have stolen and encrypted all data on its network and demanded a ransom of $50 million payable by April 27.

Since the stolen data included personal data from several of Apple’s brands as well as unreleased designs of future MacBooks, the ransomware gangs also threatened Apple to pay a separate ransom of an undisclosed amount, payable by May 1. To prove their words, the attackers posted some stolen images of MacBook design plans.

Quanta refused to pay the ransom, while Apple has not yet made any comment on the incident. Ransomware-based supply chain attack is one of the most popular and devastating attack methods in 2021. Only a month ago, REvil gained intrusion into Acer and demanded $50 million from the company. 

Sources: SC Media, TechRepublic


2. Auto insurance giant GEICO suffers data breach of driver’s licence info

GEICO, the second-largest automotive insurance company in the US, disclosed a data breach incident where the attackers gained access to the driver’s licence information of its customers for nearly two months. GEICO issues over 17 million insurance premiums covering more than 28 million vehicles.

Earlier in April, GEICO filed a data breach notification with California’s Office of the Attorney General, reporting that hackers exploited a website vulnerability and gained access to its direct sales database between January 21 and March 1, 2021.

GEICO issued a warning to its customers stating that their data could have been used for fraud, such as unemployment benefits application. All customers are advised to be cautious of fraud activities, and are being offered one year of free identity protection service.

Website vulnerabilities, especially of those involving online transactions, are commonly exploited by threat actors looking to gain access to personal data or payment card information. To prevent attackers from exploiting potential zero-day flaws, an AI-based web application firewall (WAF) like WAPPLES is crucial for all website owners to prevent sensitive data exposure.

Sources: Threatpost, Bleeping Computer


3. Hackers claim to have stolen personal data from Domino’s Pizza India

Israeli cybersecurity firm Hudson Rock discovered an advertisement on the dark web that claimed to have stolen over 13 TB of data from Domino’s Pizza India, including the personal data of 1 million customers.

In the ad, the hackers were offering to sell the compromised data for $550,000, which was said to include the detailed record of 180 million orders, containing the home addresses, phone numbers, and email addresses of customers, as well as the credit card numbers of 1 million users.

A spokesperson from Domino’s Pizza India later said that a cyber incident did occur, but denied any claims of stolen credit card information. They reassured that the company does not store its customers’ financial information. The details of the incident are still under investigation.

Sources: Infosecurity, India Today


4. University of Hertfordshire faces two days of system outage following cyberattack

The University of Hertfordshire in the UK suffered a severe cyberattack that forced the school to shut down its entire IT network for two days, disabling PCs and devices, Wi-Fi, email systems, database servers, and VPN services. As a result, students lost access to cloud services such as Microsoft Office 365, Teams, and Canvas.

The university later released an online statement reporting that its IT network was attacked on the evening of April 14. As a result, all online classes were canceled on April 15 and 16. Since the university did not offer offline classes due to the COVID-19 pandemic, students were not able to submit any assignments during that time.

This incident happened a month after the UK’s National Cyber Security Centre (NCSC) issued a warning of a surge in ransomware attacks on educational institutions. Some schools have lost student coursework as a result. Ransomware groups are frequently targeting universities since they contain priceless research work and resources.

Sources: ZDNet, Infosecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security