Security Roundup March 2024

March 2024: Spa Grand Prix Heist, More Fortinet Woes, Roku Breached, German Authorities Deal a Blow to Underground Trade, and a Microsoft Patch Tuesday Roundup. 

Spa Grand Prix Heist

The Spa Grand Prix is a Formula One World Championship race held at the Circuit de Spa-Francorchamps in Stavelot, Belgium. This year’s race will occur on July 26-28, and tickets are available on the official website. As reported by Bleeping Computer, hackers took over the official contact email for the Belgian Grand Prix. They exploited it to direct spectators to a bogus webpage offering a €50 gift voucher.

According to the race organiser, the email account was compromised on Sunday, March 17, 2024, and the threat actor sent phishing emails to unknown individuals. The link led to a fake website that resembled the Spa Grand Prix’s official portal, where they were asked for personal information, including banking information. SPA GP responded shortly after and sent a series of emails informing fans that the previous email was a phishing effort, urging them not to click on any links.

Users who have previously purchased tickets and are concerned that their data may have been exposed to cybercriminals should contact the SPA GP office directly. The organisation stated that this attack had no effect on its website, “spagrandprix.com,” and that the official ticketing system is still entirely safe.

More Fortinet Woes

Fortinet has had a challenging few years! In recent years, the network security vendor has suffered from a wide range of critical vulnerabilities in its products. March has, unfortunately, seen the organisation’s woes continue. 

On March 12, Fortinet announced a critical SQL injection vulnerability in its FortiClient Enterprise Management Server (EMS), tracked as CVE-2023-48788, with a CVSS base score of 9.3. The disclosure came amongst various vulnerabilities impacting its FortiOS, FortiClientEMS and FortiProxy solutions. Things got worse for Fortinet on March 25 when CISA added the EMS SQL injection flaw to its Known Exploited Vulnerabilities Catalog. Researchers have also released proof-of-concept (PoC) code to exploit the flaw. 

Will the endless parade of critical vulnerabilities cause Fortinet customers to look elsewhere for network security solutions? 

Roku Breached

Roku is alerting more than 15,000 users to a recent data breach that gave threat actors access to stored credit cards, enabling them to make unauthorised purchases on specific accounts. Roku is an internet video streaming provider that provides users access to multiple streaming platforms.

The California Office of the Attorney General received a data breach report from Roku stating that “Roku’s security team recently detected suspicious activity suggesting that certain Roku accounts were accessed by unauthorised actors.” The streaming service found that threat actors had compromised its network between December 28, 2023, and February 21, 2024, after investigating the cyber-attack between January 4 and February 21.

The San Jose, California-based company launched an investigation to ascertain the extent of the data breach and the type of personally identifiable information that may have been accessed. “We looked into it to find out which accounts were impacted, how much unauthorised activity there was, how to stop it from happening again, who the real owners of the accounts are, and what personal data might have been exposed,” Roku stated.

Furthermore, Roku stated that they immediately secured all compromised accounts upon learning of the data breach and are notifying the affected individuals while watching for any unusual activity.

German Authorities Deal a Cyber Blow to Underground Trade

Nemesis Market, an illegal underground marketplace that sold drugs, stolen data, and different cybercrime services, has been taken down, according to German authorities. The operation, carried out on March 20, 2024, in cooperation with German, Lithuanian, and American law enforcement organisations, came about after an extensive investigation that started in October 2022.

Nemesis Market, established in 2021, is thought to have had 1,100 seller accounts from throughout the globe and more than 150,000 user accounts before it was shut down. Germany accounted for about 20% of the seller accounts. “The range of goods available on the marketplace included narcotics, fraudulently obtained data and goods, as well as a selection of cybercrime services such as ransomware, phishing, or DDoS attacks,” claimed the BKA.

This latest event transpires just one month after an additional combined law enforcement action dismantling the LockBit ransomware group, seizing control of the group’s servers and apprehending three affiliates from Poland and Ukraine. Authorities in Germany have also shut down Kingdom Market and Crimemarket in recent months. With thousands of members, these sites provide various services related to money laundering and cybercrime.

Microsoft Patch Tuesday

As reported by our partners at CrowdStrike, in the latest Patch Tuesday release for March 2024, Microsoft has addressed 60 vulnerabilities. Among these, two Critical vulnerabilities have been resolved, CVE-2024-21407 and CVE-2024-21408, impacting the Hyper-V hypervisor.

We wish you all a Happy Easter, see you in April! 🐰🥚🐣🍫