Breach Roundup: DOJ Fines XCast $10M for Illegal Robocalls – Source: www.databreachtoday.com

Breach Notification
,
Cybercrime
,
Fraud Management & Cybercrime

Also: Mandiant X Account Hijacked in Cryptocurrency Scam

Prajeet Nair (@prajeetspeaks) •
January 4, 2024    

Every week, Information Security Media Group rounds up cybersecurity incidents worldwide. This week, hackers took over Mandiant’s X account, authorities charged a Nigerian hacker with stealing $7.5 million from charities, the DOJ fined XCast $10 million for illegal robocalls, and attackers exploited an SMTP smuggling flaw in a phishing email campaign.

See Also: Better Defense Against Identity Theft and Application Fraud

Mandiant, now a Google Cloud subsidiary, faced a six-hour compromise on its X, formerly Twitter, account as a hacker promoted a cryptocurrency scam to the company’s followers.

The unknown attacker initially rebranded the account to @phantomsolw, impersonating the Phantom crypto wallet service. The scam urged users to participate in a bogus airdrop, enticing them with free tokens.

“We are aware of the incident impacting the Mandiant X account. We’ve since regained control over the account and are currently working on restoring it,” a Mandiant spokesperson told Information Security Media Group.

Despite Mandiant regaining control, the breach’s origin remains unclear. Security experts suggest several possibilities, including a Twitter support compromise.

Researchers at CloudSEK revealed cybercriminals had targeting verified Gold accounts on X, selling them on the dark web for $2,000 each. Compromised accounts are then used to spread malicious links and spam.

Mandiant was acquired by Google in 2022 for $5.4 billion.

A Nigerian national is facing an eight-count federal grand jury indictment unsealed Thursday, charging him with wire fraud, aggravated identity theft and unauthorized access to a protected computer, causing losses worth $7.5 million.

Olusegun Samson Adejorin allegedly defrauded two charitable organizations by impersonating employees and gaining access to the employees’ email accounts.

He was arrested in Ghana on Dec. 29 and is detained pending his initial appearance in Ghana, according to the Department of Justice.

Authorities said Adejorin posed as an employee to induce fraudulent financial transactions, causing over $7.5 million to be transferred from one victim’s funds to unauthorized bank accounts. If convicted, he faces over 25 years in federal prison.

The U.S Department of Justice on Tuesday fined California Voice over Internet Protocol service provider XCast $10 million for making illegal robocalls to individuals.

The U.S. District Court for the Central District of California, which issued the fine, also required the firm to screen the companies it works with “to identify potential illegal telemarketing.”

In a Federal Trade Commission complaint issued against XCast, the company was accused of making billions of illegal robocalls to American consumers, claiming to be from government agencies, to deliver prerecorded marketing messages. Through these calls, the company made misleading statements to coerce consumers into buying products – and continuing to engage in illegal activity after being alerted by its customers, the complaint alleges.

“XCast was warned several times that illegal robocalls were using its services and did nothing,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “Companies that turn a blind eye to illegal robocalling should expect to hear from the FTC,” he said.

Security researchers at SEC Consult Vulnerability Lab uncovered a new email spoofing campaign used by threat actors to target victims across the world with phishing emails.

The technique uses a vulnerability in SMTP servers, which are used to send and receive emails. The vulnerability stems from how the STMP server processes its inbound and outbound emails. A compromised STMP server could allow hackers to send phishing emails to victims using fake email addresses that can bypass security monitoring.

SEC Consult Vulnerability Lab researchers said the vulnerability affects Microsoft, GMX, Cisco, Postfix and Send mail servers. Once alerted, Microsoft and GMX patched the flaw, while Cisco said that the flaw is not a “vulnerability but a feature, and that they will not change the default configuration.”

Other Coverage From Last Week

• Hacktivists Shut Down Top State-Owned Belarusian News Agency
• LockBit 3.0 Claims Attack on Australian Auto Dealer Eagers
• Merry ‘Leaksmas’! Hackers Give Away 50 Million Pieces of PII
• Russia Hacked Surveillance Cameras to Target Sites in Kyiv
• Hack on Defunct Ambulance Firm Affects 912,000 People