Weekly Breach Report – August 31tst

Aug 31, 2020By Shaina Raskin

Autodesk 3Ds Max malware

Security firm Bitdefender said it had discovered what appears to be a new hacker group that is targeting companies worldwide with malware hidden inside malicious plugins for Autodesk’s 3Ds Max computer-graphics app. ZDNet:

https://www.zdnet.com/article/mercenary-hacker-group-targets-companies-with-3ds-max-malware/

 

Dharma ransomware

A cybersecurity firm says it identified a group of low-skilled hackers operating out of Iran that is attacking companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. ZDNet:

https://www.zdnet.com/article/group-of-unskilled-iranian-hackers-behind-recent-attacks-with-dharma-ransomware/

 

CryptoTrader.Tax

A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades. Coindesk:

https://www.coindesk.com/hacker-cryptotrader-tax

 

North Korea 

The U.S. government called out North Korea on Wednesday over a government-led hacking campaign focused on stealing cash from ATMs around the world. Cyberscoop:

https://www.cyberscoop.com/north-korea-atm-cashout-hacking-fbi-dhs-treasury-dod/

 

Charming Kitten 

An Iranian hacker group known as Charming Kitten is impersonating journalists to approach targets and infect their devices with malware. The Hacker News:https://thehackernews.com/2020/08/hackers-journalist-malware.html

 

Tesla

A hacking group offered a Tesla employee $1m to help plan a cyberattack on Tesla. Instead, the employeeworked with the FBI to stop the attack. Clean Technica: https://cleantechnica.com/2020/08/28/there-was-an-attempted-cybersecurity-attack-on-tesla-fortunately-it-was-thwarted/

 

New Zealand stock exchange

A DDoS attack disrupted the New Zealand stock exchange for four days. The failure to stop the attack raised questions about the efficacy of the country’s security systems. The Guardian: https://www.theguardian.com/world/2020/aug/28/new-zealand-stock-exchange-disrupted-by-fourth-offshore-cyber-attack

 

GoldenSpy

The U.S. government issued a warning to organizations doing business in China about a backdoor called GoldenSpy in tax software Chinese banks require foreign companies to install. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/fbicisa-warn-us-firms/

 

SSL247

A London-based reseller of internet-security products accidentally misconfigured an AWS S3 bucket that exposed the personal information of 350,000 users who purchased products on the company’s website. Teiss: https://www.teiss.co.uk/ssl247-data-breach/

 

Top ransomware exploits

The top three most popular hacking methods for ransomware groups in 2020 are unsecured RDP endpoints, email phishing, and exploits in VPN appliances. ZDNet: https://www.zdnet.com/article/top-exploits-used-by-ransomware-gangs-are-vpn-bugs-but-rdp-still-reigns-supreme/

 

RailYatri

One of India’s most popular travel-booking sites accidentally left an Elasticsearch server publicly exposed, leading to the loss of 43GB of data. Safety Detectives: https://www.safetydetectives.com/blog/railyatri-leak-report/

 

Canadian Government

Hackers hit 11,000 online government-services accounts with a series of credential-stuffing cyberattacks. Welivesecurity: https://www.welivesecurity.com/2020/08/24/cyber-attacks-canada-revenue-agency-government/

 

Rialto Unified School District

Online learning for 25,000 students was shut down because of a cyberattack on this school district based in Rialto, California. NBC Los Angeles:https://www.nbclosangeles.com/news/local/malware-attack-prompts-cancellation-of-online-classes-in-rialto/2417946/

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.