Hacker Used Stolen Credentials to Breach U-Haul Customer Information
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
- Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
In a recent notification, moving truck company U-Haul disclosed a data breach affecting its tens of thousands of customers.
The American truck, trailer, and storage company said that an unauthorized individual used legitimate credentials to access a system called “Dealers and Team Members” to track and view customer reservations and records.
The breach, which was discovered on December 5, 2023, took place between July 20 and October 2, 2023, the company said in a data breach notice filed with the Office of Maine Attorney General .
“U-Haul learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records,” U-Haul explained in an email to customers.
Upon learning of the incident, U-Haul immediately initiated its response protocol, while also engaging a cybersecurity firm to conduct an investigation.
According to the email sent, customers’ names, dates of birth and driver’s license numbers were accessed in this breach. However, the hackers were unable to access any payment or card-related information.
‘’The customer record system that was involved is not part of our payment system. No payment card data was involved,’’ the company stated.
As a remediation measure, it has reset the passwords of all affected customer accounts and deployed additional security safeguards. These were done to protect customer information and to prevent occurrence of similar incidents in the future.
“As a precaution, we are offering you a free one-year membership with Experian IdentityWorksSM Credit 3B. This product helps detect any misuse of your personal information and provides you with identity protection services that focus on immediate identification and resolution of any instance of identity theft,” the breach notification read.
At the time of writing, U-Haul’s website continues to remain offline for undisclosed reasons.
Google Cloud Run Exploited by Hackers to Distribute Banking Trojans
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
- Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
In a massive malware distribution campaign, hackers have been exploiting Google Cloud Run service to deploy several banking trojans like Astaroth, Mekotio, and Ousaban.
Google’s Cloud Run service allows developers to build and deploy web applications and websites without the need to manage or scale an infrastructure.
Security researchers at Cisco Talos observed a surge in this malware campaign since September 2023, when trojan loaded emails sent from Brazil were using malicious Microsoft Installers (MSIs) to distribute the malware.
The report believes that Google Cloud Run gained prominence as a distribution tool among hackers as it’s inexpensive and has the ability to bypass various security systems.
The infection chain which starts with legitimate looking phishing emails are generally related to invoices, financial documents, or messages from local government or tax agencies.
Since the campaign is mainly LATAM-focused, the majority of emails are in Spanish. In one instance, the researchers found an email impersonating the Administración Federal de Ingresos Públicos (AFIP), the local government tax agency in Argentina.
Nevertheless, the campaign is believed to be targeting victims in Europe and North America as well, as few instances were found where Italian was also used in the phishing emails.
The emails containing the malicious links redirect victims to a threat actor hosted web service on Google Cloud Run or end up downloading a malicious MSI installer.
The Talos researchers further explained that cases were seen where a single Google Cloud Storage Bucket was used to distribute multiple malwares. This signifies either a collaboration between the different malware families or a single hacker-controlled malwares.
The Google Cloud Run malware campaign mainly involves three malwares, i.e., Astaroth/Guildma, Mekotio, and Ousaban. ‘’Each is designed to infiltrate systems stealthily, establish persistence, and exfiltrate sensitive financial data that can be used for taking over banking accounts,’’ Talos revealed.
Nevertheless, of the three, Astaroth is considered the most dangerous, as it targets more than 300 institutions across 15 Latin American countries. Moreover, it was also observed collecting a variety of credentials related to cryptocurrency and bitcoin accounts.
