Cyber, Privacy & Technology | January Update
RANSOMWARE SHUTS DOWN TRAVELEX SYSTEMS
Forex multinational Travelex has confirmed that the "software virus" that forced the company to take all of its systems offline is the REvil/Sodinokibi ransomware. The ransomware attack took place on New Year's Eve, forcing Travelex branches to manually handle transactions as online services were suspended in order to contain the spread of the ransomware and to protect data. Almost a month on, Travelex said it had partially restored its UK website, after the crippling ransomware attack forced the currency service provider to take its systems offline, causing chaos for New Year holidaymakers and business travellers. The company, owned by payments firm Finablr Plc, said that not all of its services were up and running on the website.
COMPANY SHUTS DOWN BECAUSE OF RANSOMWARE, LEAVES 300 WITHOUT JOBS JUST BEFORE HOLIDAYS
An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019. Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO. Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard.
BANK CLIENTS’ DATA HACKED, HACKERS HIT UP TO 100,000 WA ACCOUNTS
Hackers have stolen personal information from up to 100,000 West Australians in a cyberattack on the State’s biggest locally-owned bank. P&N Bank has revealed policy are investigating a breach a month ago in which hackers accessed data including names, addresses, phone and account numbers and email addresses.
CITRIX NETSCALER EXPLOITS AND SCANS HIT THE INTERNET - PATCHES STILL DAYS AWAY (JAN)
Organisations with Citrix Application Delivery Controller (Netscaler) installations were under renewed pressure to mitigate against a critical vulnerability after exploits for it were published, with patches still not available. Citrix issued a critical advisory on December 17 United States time for the vulnerability, which is a flaw that allows directory traversal and calling of poorly written scripts. About 3500 Australian users were thought to be susceptible. Security vendor TrustedSec published a working exploit and a scanner for the flaw, which has been given the Common Vulnerabilties and Exposures index of CVE-2019-19781.
BEWARE OF THIS SNEAKY PHISHING TECHNIQUE NOW BEING USED IN MORE ATTACKS
There's been a large rise in cybercriminals using a particular phishing technique to trick workers into unwittingly installing malware, transferring money or handing over their login credentials. In conversation-hijacking attacks, hackers infiltrate real business email threads by exploiting previously compromised credentials – perhaps purchased on dark web forums, stolen or accessed via brute force attacks – before inserting themselves into the conversation in the guise of one of the group. "Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves," Don Maclennan, SVP for engineering and product at Barracuda Networks told ZDNet.
MITSUBISHI ELECTRIC DATA LIKELY COMPROMISED IN MASSIVE CYBER ATTACK BLAMED ON CHINESE GROUP
Mitsubishi Electric Corp. said Monday it was hit by a massive cyberattack and that information on government agencies and business partners may have been compromised, with a Chinese group believed behind the attack. A key player in Japan’s defence and infrastructure industries, the company said email exchanges with the Defense Ministry and Nuclear Regulation Authority, as well as documents related to projects with firms including utilities, railways, automakers and other firms may have been stolen. It also said personal data on over 8,000 people, including employees, retirees and job-seekers, had been endangered. Highly sensitive information on defence, electricity or other infrastructure operations, however, was not breached, it said.
MICROSOFT DISCLOSES SECURITY BREACH OF CUSTOMER SUPPORT DATABASE
Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between Dec.r 5 and Dec. 31. The database was spotted and reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery.
RANSOMWARE, SNOOPING AND ATTEMPTED SHUTDOWNS: SEE WHAT HACKERS DID TO THESE SYSTEMS LEFT UNPROTECTED ONLINE
Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware, cryptocurrency miners – and in some cases they're actively looking to shut down or disrupt systems. All of these incidents were spotted by researchers at cybersecurity company Trend Micro who built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target.
SAUDI PRINCE ALLEGEDLY HACKED WORLD'S RICHEST MAN JEFF BEZOS USING WHATSAPP
The iPhone of Amazon founder Jeff Bezos, the world's richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. Citing unnamed sources familiar with digital forensic analysis of the breach, the newspaper claimed that a massive amount of data was exfiltrated from Bezos's phone within hours after he received a malicious video file from the Saudi prince. The mysterious file was sent when crown prince Salman and Bezos were having a friendly WhatsApp conversation, and it's 'highly probable' that it exploited an undisclosed zero-day vulnerability of WhatsApp messenger to install malware on Bezos's iPhone. If it can happen to the world’s richest man…
MAC THREAT DETECTIONS ON THE RISE IN 2019
Conventional wisdom has been that, although not invulnerable to cyberthreats (as some old Apple ads would have you believe), Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing their (Malwarebytes Labs) 2019 Mac detection telemetry, they noticed a startling upward trend. Indeed, the times, they are a-changin’. To get a sense of how Mac malware performed against all other threats in 2019, they looked at the top detections across all platforms: Windows PCs, Macs, and Android. Of the top 25 detections, six of them were Mac threats. Overall, Mac threats accounted for more than 16 percent of total detections. Perhaps 16 percent doesn’t sound impressive, but when you consider the number of devices on which these threats were detected, the results become extremely interesting. Although the total number of Mac threats is smaller than the total number of PC threats, so is the total number of Macs. Considering that our Mac user base is about 1/12 the size of Malwarebytes Windows user base, that 16 percent figure becomes more significant.
EU COUNTRIES AVERAGING 278 GDPR BREACH NOTIFICATIONS PER DAY: DLA PIPER
According to new data from global firm DLA Piper, breach notifications under the GDPR are trending upwards. In its “GDPR Data Breach Survey: January 2020”, DLA found that for the period between 28 January 2019 and 27 January 2020, there were 278 breach notifications per day on average across the European Economic Area, which covers all 28 member states of the European Union. That amounted to a 12.6 per cent increase from the period from 25 May 2018 to 27 January 2019, which had an average of 247 breach notifications per day. Details of breaches notified are not made public as a default, DLA wrote, but it is likely, it posited, that a “wide spectrum of data breaches have been notified from fairly minor errant emails mistakenly sent to the wrong address to the most serious criminal cyber-attacks affecting millions of individual records”.
ZOOM FIXES SECURITY FLAW THAT COULD HAVE LET HACKERS JOIN VIDEO CONFERENCE CALLS
A security vulnerability in one of the world's most commonly used enterprise video conferencing tools could have allowed hackers to eavesdrop on private business meetings. Zoom is used by over 60% of Fortune 500 companies and over 96% of the top 200 universities in the US. These organisations use the conferencing tool as a means of easily conducting remote meetings, complete with live audio and video feeds, as well as screen sharing and file transfers. However, researchers at cybersecurity company Check Point found it was possible to exploit the way Zoom generated URLs for virtual conference rooms and use this to eavesdrop on meetings. By using automated tools to generate random meeting room IDs, researchers found that they could generate links to genuine Zoom meetings without password protection 4% of the time during tests. And while the random generation of URLs means this trick couldn't be used for targeted attacks against a particular organisation, if attackers found a room of interest, they could keep returning, unless a password was added later.
WAWA'S MASSIVE CARD BREACH: 30 MILLION CUSTOMERS' DETAILS FOR SALE ONLINE
The Wawa breach may rank as one of the biggest of all time, comparable to earlier Home Depot and Target breaches. On Monday, hackers put up for sale the payment card details of more than 30 million Americans and over one million foreigners on Joker's Stash, the internet's largest carding fraud forum. This new "card dump" was advertised under the name of BIGBADABOOM-III; however, according to experts at threat intelligence firm Gemini Advisory, the card data was traced back to Wawa, a US East Coast convenience store chain. A month before, in December 2019, Wawa disclosed a major security breach during which the company admitted that hackers planted malware on its point-of-sale systems. Wawa said the malware collected card details for all customers who used credit or debit cards to buy goods at their convenience stores and gas stations. The company said the breach impacted all its 860 convenience retail stores, of which 600 also doubled as gas stations. According to Wawa, the malware operated for months without being detected, from March 4 until December 12, when it was removed from the company's systems.