GlobalSign 博客

Water Leaks, LockBit and the ‘Mother of All Breaches’ – January NewsScam

Hello and welcome to our first NewsScam of 2024! As always, we highlight the biggest, most impactful cybersecurity stories each month. For January, we take a look at what is being proclaimed to be one of the world’s largest breaches ever; as well as recent data breaches at a water company in the U.S. and the UK. Then there’s the Russian hacker who is responsible for Australia's worst data breach. Also, LockBit must have had the munchies because Subway is one of its newest victims. There was a massive data breach in Brazil recently which has the potential to impact the entire population. Finally, we look at one of Brian Kreb’s newest articles about a rapper who might be doing time soon if he’s not careful. 

Ransomware Attacks on Two Water Companies Could Leave Some Teary Eyed

Two separate ransomware attacks on water companies took place this month. The first attack took place on January 23 at Southern Water, a major water supplier in the UK. The attack is the work of double extortion ransomware crime gang Black Basta. While it doesn’t appear to be a large amount of data, the type of information it stole includes personal information from passports, driving licenses and even corporate car-leasing documents. According to crypto compliance solution provider Elliptic, Black Basta is a Russia-linked gang that emerged in early 2022. Since then, the ransomware has been used to attack more than 329 organizations worldwide. It has also become the fourth-most active strain of ransomware (by number of victims from 2022 - 2023.)  

In the US, Veolia North America also reported being victimized by ransomware attack. Velia North America, which describes itself as the “world’s largest private player in the water sector”, has posted a notice on its website saying its Municipal Water division was impacted by ransomware the week of January 15th. The incident forced the company to take its backend systems and servers down, which, in turn, disrupted online bill payment systems. No one has claimed responsibility for the attack thus far.

LockBit Hungry for Subway Data After Taking a Bite of Major Taiwanese Semiconductor Company

The notorious cyber ransomware gang LockBit has just taken a bite out of Subway. LockBit’s attack on the maker of the Footlong sub has allegedly led to an incident on Subway’s “SUBS” internal systems that included a “trove of data.” Subway has been given a deadline of February 2 to pay the ransom  or face the consequences of a leak. LockBit claims the data includes employee salaries, franchise royalty payments, master franchise commission payments and more – and if Subway doesn’t pay, they will sell it to competitors. Which begs the question, would a competitor knowingly buy data from a criminal enterprise?

The incident at Subway comes on the heels of an attack at Taiwan’s Foxsemicon. Lockbit hijacked the company’s website, threatening to release sensitive data of both customers and employees. The crime groups message to Foxsemicon employees was unsettling, claiming that if management doesn’t contact the group employees will lose their jobs since Lockbit is “able to completely destroy Foxsemicon” and without a possibility of recovery. Lockbit hijacked the company’s website, threatening to release sensitive data of both customers and employees. The crime group’s message to Foxsemicon employees was unsettling, claiming that if management doesn’t contact the group employees will lose their jobs since Lockbit is “able to completely destroy Foxsemicon” and without a possibility of recovery. 

Three Countries Sanction Russian Man for 2022 Australian Data Breach

A man has been sanctioned following "the single most devastating cyber-attack we have experienced as a nation" says Australia’s Home Affairs Minister Clare O’Neil. In late 2022, the personal information of nearly 10 million Australians was stolen from the country’s largest health insurer, Medibank. The man authorities believe is responsible is Aleksandr Ermakov. Not only that, but Australian intelligence authorities also believe Ermakov is a member of the infamous Russian cyber-crime gang REvil. For his crimes, financial sanctions and a travel ban have been imposed on Ermakov. The sanctions make it a criminal offence to provide him with any assets, including cryptocurrency and any money through ransom payments, punishable by up to 10 years in prison. 

“Super Massive” Data Breach Uncovered. The Good News is the Data was Never Published (Probably)

The concept of 26 billion people impacted by a gigantic data breach is difficult to quantify, but apparently it has happened. Cybernews, along with cybersecurity researcher Bob Dyachenko, and owner at, say they have discovered a super massive breach – “Mother of All Breaches”. The mega breach involves 26 billion records residing in more than 3,800 folders, each of which corresponds to a separate data breach. On the upside, the research team believes most of the information is related to past incidents and hasn’t been published. Data from companies impacted by the incident include LinkedIn, X/Twitter and Adobe, each of whom had at least 110 million records leaked.  

Gigantic Data Leak in Brazil Could Affect Every Single Citizen 

While it may not be 26 billion records, an attack in Brazil could impact the entire country. The private data of 217 million Brazilian individuals was reportedly leaked in a “publicly accessible Elasticsearch instance,” a tool often used for managing and analyzing large data blocks. According to Cybernews researchers, the data lacked any indicators that could link it to a specific organization or company, making it impossible to pinpoint the origin of the leak. The information discovered contained the data with full names, dates of birth, gender and taxpayer numbers.  

Rapper Makes Videos Explaining How to Commit Financial Crimes

Security researcher Brian Krebs never fails to disappoint. One of his latest articles focuses on a rapper who makes how to videos. But these aren’t your average music videos. Rapper and social media personality Punchmade Dev literally sings the praises of the lifestyle of cyber criminals and has written tunes such as “Internet Swiping” and “Million Dollar Criminal”. The instructional videos Punchmade makes explain how to commit financial crimes online. Somehow, he has never been arrested but that’s because there hasn’t been enough evidence to prove he’s more than just a singer espousing the purported virtues of cybercrime. But Krebs says Punchmade could soon run out of luck if he isn’t careful. His online shop that sells payment cards and hacked bank accounts could get him in hot water. 

But Wait, There’s More...

LoanDepot Data Breach Hits 16.6 Million Customers - Infosecurity
Tietoevry ransomware attack halts Swedish organizations - HelpNetSecurity
Hackers start exploiting critical Atlassian Confluence RCE Flaw – Bleeping Computer
New findings challenge attribution in Denmark’s energy sector cyberattacks - The Hacker News
BreachForums former admin gets 15-year prison sentence – Cyber News
British Library puts catalogue back online after 2023 cyber attack - Euro News
JPMorgan exec claims bank repels 45 billion cyberattack attempts per day - The Register 
Senators Want Better SEC Cybersecurity After EFT-Related Hack - PYMNTS
Microsoft executive emails hacked by Russian intelligence group - CNBC
CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages – Cybersecurity Dive