Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 4, 2022Rewterz Threat Alert – BlackCat Ransomware – Active IOCs
September 4, 2022Severity
High
Analysis Summary
Samsung today announced a fresh data breach after some of its US networks were compromised to obtain user data.
Following the incident in late July 2022, The Electronics giant discovered on August 4 that threat actors had gained access to its networks and exfiltrated consumer personal information.
The threat actors got access to the names, contacts, dates of birth, product registration data, and demographic information of Samsung consumers. At the same time, no Social Security or credit card details were compromised as a result of the security incident.
The company mentioned,
On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement.”
According to the company, the information disclosed for each relevant customer may differ, but they are notifying their impacted customers.
Samsung claims to have discovered the incident and taken steps to secure the affected systems. In addition, the corporation has recruited a prominent cybersecurity firm to examine the incident, which has been reported to law police.
The company advises its customers to:
- Be wary of unsolicited communications that request personal information or direct you to a website that requests personal information.
- Avoid clicking on links or downloading attachments from suspicious emails
- Review your accounts for any unusual activity.
Samsung announced another data breach in March 2020 after becoming the target of an attack by the data extortion gang Lapsus$. Threat actors were able to steal private & confidential data.
The group released 190GB of purported Samsung data as evidence of the breach and claimed to have stolen a big trove of sensitive data from Samsung.
On its Telegram channel, the gang published a Torrent file with instructions for downloading the sample data and proclaimed its availability.
On the recent incident, Samsung did not respond to a request for further information regarding the July data breach till yet.
Impact
- Personal Information Theft
Remediations
- The company recommends its affected customers to be wary of unsolicited communications that request personal information or direct you to a website that requests personal information.
- Avoid clicking on links or downloading attachments from suspicious emails
- Review your accounts for any suspicious activity.
- Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
- Search for Indicator of compromise (IOCs) in your environment utilizing your respective security controls
- Enforced Access Management Policies
- Do not open emails and attachments from unknown or suspicious sources.
- Enable two-factor authentication.