Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.
A new QBot malware campaign "QakNote" is using malicious Microsoft OneNote attachments to infect systems, bypassing anti-virus tools by injecting
20GB of server logs that contained nearly 30 million entries, with the oldest dated May 2022. The logs exposed subscribers' IP addresses and user data concerning device, operating system, and web browser. Logs also leaked the platform’s usage data, typically used for analytics and performance tracking. URLs found in logs contained titles and IDs of what content users watched on the platform, along with search queries entered by the users. Researchers also found unidentified hashes with logged HTTP GET requests, records of requests made by clients that are usually used to get data from a web server: when these requests are made, they get stored in log files on the server. Researchers could not determine the exact purpose or usage of the hashes. However, the hashes all containing more than 156 characters indicates they were intended to remain unchanged for long periods of time. “Hashes didn’t match any commonly used hashing algorithms. Since these hashes were included in the HTTP requests, we believe they could have been used as secrets for authentication, or just user IDs,” said researchers.
BreachForums, a notorious online criminal marketplace and stolen-data bazaar, has reportedly shut down for good following the arrest of its alleged chief administrator. The site quickly rose in popularity after a similar stolen-data bazaar, RaidForums, was shut down. However, the FBI and Department of Homeland Security recently arrested Conor Brian Fitzpatrick, also known as "pompompurin," the administrator of BreachForums. In a recent court document, Fitzpatrick confessed to running the illicit souk. ## Shut Down for Good Following the arrest of Fitzpatrick, the site's second admin, "baphomet," declared the forum and stolen-data-mart not safe and posted a message on the BreachForums channel on Telegram on March 21. Initially, baphomet had indicated that they planned to migrate the forum to new infrastructure to keep it running. However, in a final update on Tuesday, the site's admins wrote that they had confirmed the government likely had access to Fitzpatrick's machine, and shutting down the site was the only option. ## Uncertain Future According to Flashpoint, a cybersecurity intelligence firm, the site shutdown is a short-term disruption, but it remains unclear what the new forum will look like. Baphomet's latest message indicated that the forum would likely relaunch in another format, but it is unclear whether it would continue in the spirit of Raid or Breach or be something new entirely. Threat actors will likely continue to have an appetite for breached databases, and it remains to be seen if this can be through an alternative venue or requires a new forum entirely. ## The Rise of BreachForums BreachForums appeared on the dark web shortly after the demise of RaidForums. The site quickly grew in popularity, and its members traded in stolen data and hacking tools. BreachForums became known as a hub for cybercriminals looking to buy and sell stolen data, including usernames, passwords, credit card numbers, and social security numbers. According to a recent blog post by Flashpoint, BreachForums played a significant role in the monetization of the Chinese data leak in April 2020, which saw the personal data of over 1.8 billion Chinese citizens for sale on the dark web. The forum also hosted several high-profile data breaches, including the Zynga data breach, the Edmodo data breach, and the Comodo Forum data breach. ## The Arrest of Pompompurin The recent arrest of Conor Brian Fitzpatrick, the alleged chief administrator of BreachForums, has shed new light on the inner workings of the cybercriminal underworld. According to court documents, Fitzpatrick confessed to running the illicit souk and boasted about his profits, claiming to have made over $1.5 million in Bitcoin from the site's operations. Fitzpatrick's arrest followed a joint operation by the FBI and Department of Homeland Security. The authorities seized several of Fitzpatrick's electronic devices and found evidence linking him to BreachForums. Fitzpatrick now faces several charges, including conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, and aggravated identity theft. ## The Future of Cybercrime The shutdown of BreachForums is a significant victory for law enforcement, but it is unlikely to stop cybercriminals from finding new ways to monetize stolen data. As cybersecurity intelligence firms have noted, cybercriminals will continue to have an appetite for breached databases, and it remains to be seen if a new forum will emerge to fill the void left by BreachForums. According to Brett Callow, a threat analyst at Emsisoft, "I have no idea what will replace BreachForums, but you can bet your bottom dollar that it will be replaced." Cybercrime is a lucrative business, and as cybersecurity measures improve, criminals will always look for new ways to exploit vulnerabilities and make a profit. The shutdown of BreachForums is just a temporary setback for cybercriminals, and they will undoubtedly find new platforms to buy and sell stolen data. This is not the first time that online criminal marketplaces have been shut down by law enforcement agencies, and it won't be the last. As technology evolves and cybercriminals become more sophisticated, it becomes increasingly difficult for authorities to keep up with the latest threats. However, recent arrests such as that of Conor Brian Fitzpatrick, the alleged chief administrator of BreachForums, show that law enforcement agencies are making progress in their fight against cybercrime. The shutdown of BreachForums also highlights the importance of cybersecurity for businesses and individuals. The stolen data that was sold on the site was obtained through various means, including phishing attacks, malware infections, and data breaches. It's essential to implement strong cybersecurity measures, such as using multi-factor authentication, keeping software up to date, and backing up data regularly, to protect against these threats. The shutdown of BreachForums and the possible emergence of new platforms also raise questions about the role of technology companies in preventing cybercrime. Tech giants such as Google, Facebook, and Twitter have been criticized in the past for not doing enough to tackle online crime. However, as more companies become aware of the risks and consequences of cybercrime, they are taking steps to improve their cybersecurity measures and work more closely with law enforcement agencies. In conclusion, the shutdown of BreachForums is a reminder of the ongoing threat posed by cybercriminals and the importance of robust cybersecurity measures. It also highlights the need for increased collaboration between technology companies, law enforcement agencies, and cybersecurity experts to combat online crime. While the emergence of new platforms for cybercriminals
Italian luxury sports car maker Ferrari has disclosed a data breach after attackers gained access to some of its IT systems and demanded a ransom. The company has confirmed that sensitive customer data, including names, addresses, email addresses, and telephone numbers, has been exposed in the incident. Although Ferrari has yet to find evidence of any payment details or sensitive payment information being accessed or stolen, the cyberattack is a worrying reminder of the ongoing threat posed by hackers. ## Attackers Demand Ransom After Accessing Ferrari's IT Systems Ferrari [confirmed](https://www.ferrari.com/en-EN/corporate/articles/cyber-incident-in-ferrari), the cyberattack in a statement, stating that a threat actor had contacted its Italian subsidiary with a ransom demand related to certain client contact details. Upon receiving the ransom demand, the company immediately launched an investigation in collaboration with a leading global third-party cybersecurity firm. ![Ferrari data breach notification.jpg](https://sb-cms.s3.ap-south-1.amazonaws.com/Ferrari_data_breach_notification_f36839f296.jpg) ***Data Breach Notification*** Ferrari revealed that the attackers could access a limited number of systems within its IT environment. While the extent of the damage is still unclear, it is believed that the attackers were able to gain access to customer data stored on the compromised systems. ## Ferrari Takes Measures to Secure Compromised Systems After discovering the breach, Ferrari took immediate measures to secure the compromised systems. The company has confirmed that the attack has had no impact on its operations, and it is continuing to work with cybersecurity experts to investigate the scope of the impact. Ferrari has also reported the attack to relevant authorities and is urging customers to remain vigilant and report any suspicious activity to the company. As a policy, Ferrari has stated that it will not be held for ransom, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks. ## Sensitive Customer Data Exposed Exposure to sensitive customer data is a major concern for Ferrari and its customers. The company has confirmed that the customer information exposed in the incident includes names, addresses, email addresses, and telephone numbers. While no evidence of payment details or other sensitive payment information being accessed or stolen has been found, the incident highlights the importance of protecting customer data from cyber threats. Ferrari has apologized to its customers for the incident and assured them that it is taking all necessary measures to prevent such incidents from occurring in the future. The company also offers affected customers free identity theft protection services and credit monitoring for a limited period. ## The Ongoing Threat Posed by Hackers The cyberattack on Ferrari is a reminder of the ongoing threat posed by hackers and cybercriminals. With more and more businesses relying on digital technology and the internet to conduct their operations, the risk of cyberattacks is only increasing. Companies need to remain vigilant and take proactive measures to protect their IT systems and sensitive customer data from cyber threats. Ferrari has previously faced other cybersecurity incidents, including an [NFT scam that targeted one of its subdomains](https://bit.ly/3slfnad). In May 2022, hackers hijacked the forms.ferrari.com subdomain to host a fake NFT collection campaign. The scam claimed Ferrari had released "a collection of 4,458 horsepower NFTs on the Ethereum network" and maliciously persuaded users to purchase NFT tokens. The attackers used an Adobe Experience Manager exploit to compromise the subdomain and collect over $800 in Ethereum before the takedown.