CYBERSECURITY NEWS V. June – Cloudflare outage, Roblox sells ransomware, City of Palermo suffers from cyberattack

News FYI

Italian city of Palermo services and operations suffer from cyberattack

The Italian city of Palermo has been hit by a cyberattack that has affected a range of services and operations. The incident affected the city's video surveillance systems, the central police station and all municipal services. As a result of the incident, it became impossible to use any public service based on a digital system. Everything points to Palermo being the victim of ransomware. For example, the city authorities reported that all information systems were shut down and isolated from the network, which is typical in the event of ransomware attacks.

Roblox sells ransomware

Security researchers discovered a new WannaFriendMe ransomware. The program operator does not require to pay a ransom using cryptocurrency, but offers to buy a decryptor in the Roblox Game Pass store using Robux.

When you visit the Roblox Game Pass store URL, you can see that "Ryuk Decrypter" is being sold by a user called "iRazormind" for 1499 Robux and was last updated on June 5th.

The BlackCat group attacked the University of Pisa

BlackCat claimed responsibility for the cyberattack on the University of Pisa. According to the attackers' demands, the university had to pay $4.5 million by June 16. The extortionists threatened to release confidential university data if the ransom was not paid on time.

The attack came at a critical time for Italy, already weakened by another cyber attack that wreaked havoc in Palermo.

Cloudflare outage

Cloudflare, a site protection company, experienced a global outage, as a result of which many popular Internet services stopped working, including the Discord messenger, Feedly news aggregator, NordVPN VPN service.

Users of League of Legends, Shopify and Coinbase also complain about access problems.

All the necessary measures to restore the work of Cloudflare have already been carried out. At the moment, experts monitor the work of services.

According to the company, the outage affected 19 data centers that "handle a significant portion of our global traffic."

The cause of the problem was a network configuration change in prefixes which meant that many IP addresses were no longer available.

Facebook and Messenger phishing campaign affected 8.5 million users

Researchers uncovered a large-scale phishing campaign that used Facebook and Messenger to lure millions of users to phishing pages to collect credentials and serve ads. The attacker from the stolen accounts sent additional phishing messages to the victim's friends, earning significant advertising revenue.

To bypass phishing URL protections, messages used approved URL generation services "litch.me", "known.co", "amaze.co", and "funnel-preview.com". Phishing pages were visited by 8.5 million users and entered their credentials. After entering the data, there were multiple redirects to advertising pages, survey forms, etc. From all the redirects, the attacker received referral income of several million dollars.