BlogNews9TH MAY 2024
AuthorSamir Yawar
8 min read
News

BogusBazaar, Dell Data Breach and Ascension Healthcare dominate headlines

Twitter
Facebook
WhatsApp
Email
LinkedIn
Feature image for cybersecurity news roundup 10 May 2024

Welcome to our cybersecurity news roundup, where we zero in on the major cyber-attacks and happenings. This week we saw new cybersecurity incidents that highlight the continuing fight against malicious threat actors who want to steal data and disrupt operations. We’ll be taking a look at BogusBazaar, Dell data breach and the Ascension healthcare system hack that impacted hundreds of thousands of people. 

Cybersecurity News Roundup for 10 May 2024

Here’s what went down this week:

BogusBazaar Fake Stores Scam 850,000 people

A vast network comprising 75,000 counterfeit online storefronts, dubbed 'BogusBazaar,' has ensnared over 850,000 individuals across the United States and Europe, leading to illicit credit card data extraction and an attempted processing of approximately $50 million in spurious transactions.

Moreover, millions of purloined credit card particulars found their way onto underground digital marketplaces, facilitating unauthorized online purchases by other malevolent entities.

As per findings disclosed by German cybersecurity entity Security Research Labs GmbH (SRLabs), the BogusBazaar network has endeavored to validate about $50 million in counterfeit transactions since its inception three years ago.

The lion's share of victims hails from the United States and Western Europe. Conversely, there's a conspicuous absence of victims from China, suggesting a potential operational nexus for the scam.

A screenshot of fake web shops that are part of the BogusBazaar scam
Fake web shops continue to con unsuspecting online shoppers

BogusBazaar, a meticulously orchestrated enterprise, has deployed in excess of 75,000 spurious online shops since 2021, though recent activity has dwindled to approximately 22,500 active sites.

The cybercriminals leverage previously expired domains with favorable standing on Google to host bogus shops, often masquerading as vendors peddling footwear and attire at steep discounts.

These sites, generated through semi-automated processes, sport bespoke monikers and logos, a semblance of effort aimed at enhancing their perceived legitimacy.

The payment gateways on these sites serve as conduits for harvesting victims' personal and financial data or perpetrating fraudulent transactions via PayPal, Stripe, and credit card payments, leaving unsuspecting buyers empty-handed.

SRLabs elucidates that the cybercrime syndicate operates under a well-structured hierarchy, featuring specialized teams adhering to an infrastructure-as-a-service paradigm.

"The group has embraced an 'infrastructure-as-a-service' model: A central team oversees infrastructure management, while a decentralized network of affiliates operates sham storefronts," delineates the SRLabs report.

The core BogusBazaar team manages infrastructure deployment and seemingly maintains only a limited portfolio of counterfeit online shops. This core faction spearheads software development, backend deployment, and tailoring of assorted WordPress plugins to facilitate fraudulent activities."

Researchers assert that the managerial and developmental cadre orchestrating the scheme fabricates bespoke WooCommerce WordPress plugins engineered for data and fund pilferage. This unit maintains only a nominal footprint of sham storefronts, possibly for experimentation purposes.

Dell Data Breach Potentially Affects 49 Million Customers

Dell, the renowned computer manufacturer, has issued a cautionary advisory to its clientele subsequent to reports of a data breach, wherein a threat actor alleges to have illicitly obtained information for an estimated 49 million customers.

Yesterday, Dell revealed that a breached Dell portal, housing customer data pertaining to purchases, triggered the security alarm.

A spokesperson from Dell says:

We are presently investigating an incident concerning a Dell portal, housing a database containing limited categories of customer information linked to purchases from Dell."

"We believe there is not a significant risk to our customers given the type of information involved."

According to Dell's disclosure, the accessed information comprises:

  • Name

  • Physical address

  • Dell hardware and order details, encompassing service tag, item specifications, date of purchase, and associated warranty particulars.

However, Dell emphasizes that the pilfered data does not encompass financial or payment details, email addresses, or contact numbers. The company affirms its collaboration with law enforcement and a third-party forensics agency to probe the incident comprehensively.

Initial indications of the breach surfaced when reports emerged on April 28th, revealing a malefactor named Menelik offering a purported Dell database for sale on the Breach Forums hacking platform, as highlighted by Daily Dark Web.

Menelik purportedly claimed to have absconded with data pertaining to "49 million customer and other information systems purchased from Dell between 2017-2024," underscoring the alarming scope of the potential compromise.

Ascension Healthcare Network targeted by cyber attack

Ascension, a leading nonprofit healthcare system in the United States, has taken proactive measures in response to a cybersecurity incident, prompting the temporary shutdown of certain systems for investigation and remediation.

With a sprawling network encompassing 140 hospitals, 40 senior care facilities, and an extensive workforce including 8,500 providers and 134,000 associates, Ascension serves communities across 19 states and the District of Columbia, boasting a reported revenue of $28.3 billion in 2023.

The organization disclosed, 

"On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues."

In light of the incident, Ascension has advised its business partners to temporarily sever connections to its systems as a precautionary measure. "Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment," the nonprofit affirmed.

Acknowledging the impact on clinical operations, Ascension is diligently assessing the extent and duration of disruption while keeping relevant authorities informed. To bolster their response efforts, Ascension has engaged Mandiant incident response experts to collaborate on the investigation and remediation process.

Previous Coverage

Want to catch up on the latest security news? Check out:


Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Small businesses can improve their cybersecurity by implementing basic security measures such as firewall protection, antivirus software, regular data backups, employee training, and creating a cybersecurity policy.