3 January 2020
2019
October has seen most ghoulish cyber attacks ever, says McAfee
Mini Tejawi
Excerpt:
“October has seen the reporting of the most ghoulish cyberattacks and cyberscares so far. The month has brought a variety of spooky cyberthreats, from malicious malware to restricting ransom ware that haunted networks and devices of governments, enterprises and individuals around the globe, according to U.S. global computer security software company McAfee.”
Georgia hit by massive cyber-attack
https://www.bbc.com/news/technology-50207192
Excerpt:
“A huge cyber-attack has knocked out more than 2,000 websites - as well as the national TV station - in the country of Georgia. Court websites containing case materials and personal data have also been attacked.”
New cyberattacks targeting sporting and anti-doping organizations
Tom Burt
https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/
Excerpt:
“Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.”
Phishing Scam Nets Montana Healthcare Service
Sarah Coble
https://www.infosecurity-magazine.com/news/phishing-scam-nets-montana/
Excerpt:
“A Montana healthcare provider that fell victim to a phishing scam has notified 129,000 patients that their personal information was exposed.”
Phishing attack targeting United Nations and humanitarian organizations discovered by Lookout Phishing AI
Jeremy Richards
Excerpt:
“Lookout Phishing AI has detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF. Lookout has contacted law enforcement and the targeted organizations, but as of the publication of this blog the attack is still ongoing.”
CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites
Catalin Cimpanu
Excerpt:
“Two academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.”
VB2019 papers: Emotet and Ryuk
Martijn Grooten
https://www.virusbulletin.com/blog/2019/10/vb2019-papers-emotet-and-ryuk/
Excerpt:
“Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. 'Targeted' is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they have the organisations 'chosen' through an infection with another piece of malware that is then used as a foothold for the ransomware.”
Major German manufacturer still down a week after getting hit by ransomware
Catalin Cimpanu
Excerpt:
“Pilz, one of the world's largest producers of automation tools, has been down for more than a week after suffering a ransomware infection.”
Czech Police and Intelligence agency dismantled Russian Spy ring on its soil
Pierluigi Paganini
Excerpt:
“Czech police and intelligence services have dismantled a Russian espionage network operating that was operating via its Prague embassy.
Cybercrime Tool Prices Bump Up in Dark Web Markets
Elizabeth Montalbano
https://threatpost.com/cybercrime-tool-prices-bump-up-in-dark-web-markets/149222/
Excerpt:
“A report reveals data, services and toolkits available for cybercriminals are becoming more expensive and sophisticated.”
Florida Women's Clinic Warns 520,000 Patients of Data Breach
Sarah Coble
https://www.infosecurity-magazine.com/news/florida-womens-clinic-data-breach/
Excerpt:
“A Florida clinic providing specialized medical care for women has alerted all current and former patients that their personal information and medical records may have been exposed following a data breach.”
“BriansClub” Hack Rescues 26M Stolen Cards
Brian Krebs
https://krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/
Excerpt:
““BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.”
Building China's Comac C919 airplane involved a lot of hacking, report says
Catalin Cimpanu
Excerpt:
“A report published today shines a light on one of China's most ambitious hacking operations known to date, one that involved Ministry of State Security officers, the country's underground hacking scene, legitimate security researchers, and insiders at companies all over the world.”
Shipping giant Pitney Bowes hit by ransomware
Zack Whittaker
https://techcrunch.com/2019/10/14/pitney-bowes-ransomware-attack/
Excerpt:
“Shipping tech giant Pitney Bowes has confirmed a cyberattack on its systems.”
Britain repelled 600 cyber attacks this year, many from overseas
Excerpt:
“The British National Cyber Security Centre defended Britain from 658 cyber attacks in the year to October – many from hostile foreign states – with government departments most at risk from attack, according to its annual report.”
Pos Malaysia tutup sistem, aplikasi perkhidmatan
Mohd Azam Shah Yaacob
https://www.hmetro.com.my/mutakhir/2019/10/509742/pos-malaysia-tutup-sistem-aplikasi-perkhidmatan
Excerpt:
“POS Malaysia Berhad (Pos Malaysia) terpaksa menutup beberapa sistem dan aplikasi perkhidmatan dalam talian milik syarikat itu susulan masalah teknikal dihadapi sejak semalam.”
Sodinokibi Ransomware: Following the Affiliate Money Trail
Lawrence Abrams
Excerpt:
“After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings."
Ransomware: Prepare for hackers launching even more destructive malware attacks
Danny Palmer
Excerpt:
“The threat from ransomware continues to grow and it's possible that the file-encrypting malware attacks could become far more destructive as cyber criminals evolve and change their tactics.”
Majority of IT departments leave major holes in their USB drive security
https://www.helpnetsecurity.com/2019/10/09/usb-drive-security/
Excerpt:
“For the second year in a row, the majority of employers are failing to equip their employees with the appropriate technologies, procedures and policies to ensure data security across the organization, according to Apricorn.”
Phishing attempts increase 400%, many malicious URLs found on trusted domains
https://www.helpnetsecurity.com/2019/10/09/phishing-increase-2019/
Excerpt:
“1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January.”
1 Million People Had Their Medical Data Exposed in Tū Ora Breach
Sergiu Gatlan
Excerpt:
“Primary health organization (PHO) Tū Ora Compass Health from New Zealand disclosed a security breach that led to the exposure of medical and personally identifiable information (PII) of roughly 1 million people.”
3,000 Kent State student emails hacked
Aidan Coyne
http://www.kentwired.com/latest_updates/article_f8e73956-e587-11e9-b613-9394e83236a4.html
Excerpt:
“On Sept. 19 Kent State announced over 3,000 student emails had been hacked the week before. According to Robert Eckman of Kent State’s IT department, the breach was a result of credential harvesting.”
FBI warns about high-impact Ransomware attacks on U.S. Organizations
Pierluigi Paganini
https://securityaffairs.co/wordpress/92092/malware/fbi-ransomware-attacks-alert.html
Excerpt:
“In a wake of the recent string of attacks against cities, school districts and hospitals, the U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks.”
Minerva attack can recover private keys from smart cards, cryptographic libraries
Catalin Cimpanu
Excerpt:
“Czech academics have detailed this week a new cryptographic attack that can recover private keys used to sign operations on some smart cards and cryptographic libraries. Once obtained, the private key can allow attackers to spoof any smart cards or sign other cryptographic operations secured by the affected libraries.”
More than 60% of spam activities originate from US, Russia, Ukraine: Data61
Aimee Chanthadavong
Excerpt:
“Spamming activities that originated from the United States, Russia, and Ukraine collectively contributed to more than 60% of all spam activities between 2007 to 2017, according to new cybersecurity insight developed by researchers from CSIRO's Data61.”
Experts found 20 Million tax records for Russian citizens exposed online
Pierluigi Paganini
https://securityaffairs.co/wordpress/91993/data-breach/russian-citizens-data-leak.html
Excerpt:
“Security experts from Comparitech along with security researcher Bob Diachenko discovered 20 million tax records belonging to Russian citizens exposed online in clear text and without protection.”
Employee negligence can be a leading contributor to data breaches
https://www.helpnetsecurity.com/2019/10/01/workplace-data-breaches-risk/
Excerpt:
” Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information, according to the Shred-it report conducted by the Ponemon Institute.”
Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
Mohit Kumar
https://thehackernews.com/2019/10/malvertising-webkit-hacking.html
Excerpt:
“The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.”