By Editorial Desk, 63SATS
This week’s cybersecurity updates highlight increasing risks across industries. Avery Products faced a breach, exposing customer payment data via a card skimmer. The Lazarus Group targeted Web3 developers with Operation 99, using fake LinkedIn profiles and malware-laden repositories. The FTC mandated GoDaddy to enhance cybersecurity after multiple breaches, impacting millions of clients.
The UK proposed a ransomware payment ban for the public sector, while India’s suspect registry saved ₹1,800 crore, showcasing proactive cyber defense. Meanwhile, North Korean hackers stole $659 million in crypto, and a Gravy Analytics breach exposed sensitive location data. Incidents at Eindhoven University and NCLT Mumbai underscored vulnerabilities in educational and judicial systems, urging stronger digital safeguards worldwide.
Avery’s Website Breach Exposes Credit Card Data
Label giant Avery Products Corporation revealed a data breach involving a card skimmer on its website from July to December 2024. Hackers exfiltrated sensitive payment information from customers using Avery’s online store. Discovered on December 9, 2024, the breach affected transactions during this period.
Digital forensic experts are assisting with the investigation. Avery’s swift action highlights the need for enhanced cybersecurity in e-commerce platforms to safeguard customers’ financial data. Impacted customers are urged to monitor their accounts for suspicious activity.
Lazarus Group Targets Web3 Developers in Operation 99
The notorious Lazarus Group has launched Operation 99, targeting Web3 developers with fake LinkedIn profiles and malicious GitLab repositories. Disguised as recruiters, they lure victims into downloading malware-laden project files.
Once installed, the malware connects to command-and-control servers, compromising the victim’s environment. Significant cases have been reported in Italy, with smaller clusters across the U.S., U.K., and other countries. The campaign highlights the growing threat to cryptocurrency and Web3 developers. Vigilance against phishing and fake profiles is crucial to mitigating risks.
FTC Demands GoDaddy Overhaul Cybersecurity Measures
The Federal Trade Commission (FTC) has mandated web hosting giant GoDaddy to revamp its cybersecurity practices following multiple breaches from 2019 to 2022. Hackers exploited security lapses, redirecting users to malicious sites and compromising customer data. The FTC accused GoDaddy of misleading clients about its security standards.
Like reforms imposed on Marriott, GoDaddy must implement extensive security upgrades. With five million clients, GoDaddy’s compliance will significantly impact small businesses relying on its services. The action underscores the importance of accountability in securing digital ecosystems.
UK Proposes Ransomware Payment Ban for Public Sector
The UK government has opened consultations on banning ransomware payments across the public sector, including hospitals, schools, and transport networks. This 12-week consultation, running until April 8, aims to deter financially motivated cybercriminals.
Proposals include mandatory incident reporting and a “ransomware payment prevention regime,” requiring non-public sector organizations to obtain government approval before paying ransoms. This initiative seeks to minimize financial losses and strengthen national cybersecurity.
India’s Suspect Registry Saves ₹1,800 Crore in Three Months
According to the Indian Express, India’s online ‘suspect registry’ has prevented six lakh fraudulent transactions and saved ₹1,800 crore since its launch in September 2024, according to the Ministry of Home Affairs.
Developed by the Indian Cyber Crime Coordination Centre (I4C), the registry compiles data on 1.4 million cybercriminals linked to financial fraud. It is accessible to state, UT, and central investigation agencies to combat cybercrime more effectively. Launched by Union Home Minister Amit Shah, this initiative builds on the National Cybercrime Reporting Portal (NCRP) and aims to safeguard critical financial assets.
North Korean Hackers Stole $659M in Crypto Heists in 2024
North Korean hackers stole $659 million in cryptocurrency last year, as revealed in a joint statement by the US, Japan, and South Korea. Key incidents include the $235 million hack on Indian exchange WazirX, attributed to the Lazarus Group, and Japan’s DMM Bitcoin loss of $308 million, which led to the platform’s closure.
This trend underscores North Korea’s reliance on cybercrime to bolster its economy, with Lazarus previously linked to major heists like the $625 million Axie Infinity breach in 2022.
Gravy Analytics Data Breach Threatens Global Privacy
A breach at Gravy Analytics, a major location data broker, has exposed sensitive location data from millions of smartphone users. The leaked dataset, shared by a hacker, includes over 30 million data points from apps like fitness, dating, and transit, with locations such as the White House and military bases identified.
Experts warn this data could enable detailed tracking of individuals, posing risks to both privacy and national security. Baptiste Robert, CEO of Predicta Lab, shared alarming maps, including data from Tinder users in the UK. This breach highlights the urgent need for stricter data privacy regulations to protect sensitive information.
Cyberattack Disrupts Dutch University Operations
A cyberattack forced Eindhoven University of Technology to cancel lectures and educational activities, creating disruptions as students prepared for exams. Detected on Saturday evening, the attack prompted the shutdown of the university’s network to contain suspicious server activity.
While IT staff maintain access to internal systems, facilities reliant on the network, such as email, WiFi, and canteen registers, remain offline. Investigations continue to determine the nature and scope of the attack, with no immediate evidence of stolen data. The incident highlights ongoing challenges faced by educational institutions in safeguarding their digital infrastructure.
NCLT Mumbai Halts Virtual Hearings After Cyberattack
The National Company Law Tribunal (NCLT) in Mumbai suspended virtual hearings following a cyberattack on its system in December.
According to livemint, hackers disrupted proceedings by broadcasting explicit content, exposing vulnerabilities in India’s judicial digital infrastructure. Legal experts have emphasized the urgent need to strengthen cybersecurity to ensure uninterrupted access to justice. Police registered a case on December 19 and are tracing the attackers via IP addresses under the Information Technology Act. The disruption forced a switch to physical hearings, causing delays and inconveniencing litigants and lawyers.
Telefónica Confirms Data Breach in Ticketing System
Spanish telecom giant Telefónica confirmed a breach in its internal ticketing system after stolen data surfaced on a hacking forum. Hackers, using aliases like DNA and Pryx, leaked data from Telefónica’s Jira database.
The company stated it has taken immediate steps to block unauthorized access and is investigating the incident. Telefónica, operating across 12 countries, is Spain’s largest telecom provider under its Movistar brand. This breach raises serious concerns about the security of internal enterprise systems, highlighting the need for robust cybersecurity practices.
FunkSec: AI-Driven Ransomware Targets Global Victims
Cybersecurity researchers have uncovered FunkSec, a new AI-assisted ransomware group that emerged in late 2024, targeting over 85 victims globally. FunkSec employs double extortion tactics, demanding low ransoms—sometimes as little as $10,000—and selling stolen data to third parties.
The group operates under a ransomware-as-a-service (RaaS) model, using a custom Distributed Denial of Service (DDoS) tool. Victims span the U.S., India, Italy, and Brazil. Check Point Research suspects novice actors seeking notoriety by repurposing leaked data from previous cyber incidents.
Phishing Scam Exploits Apple iMessage Users
Cybercriminals are bypassing Apple iMessage’s phishing protection by tricking users into disabling safeguards. Apple automatically blocks links from unknown senders to protect users from smishing (SMS phishing) attacks.
However, if users reply to these messages or add the sender to their contacts, the protection is disabled, reactivating harmful links. With mobile devices central to daily life, this scam highlights the need for vigilance and stricter protective measures to counter evolving phishing tactics targeting iMessage users.