Polyverse Weekly Breach Report – Apr 13th 2020

Apr 13, 2020By Shaina Raskin


A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

BGP hijacking

More than 200 content-delivery networks and cloud-hosting providers were redirected through Russia’s state-owned telecommunications provider. This hijacking of the Border Gateway Protocol affected Amazon, Cloudflare, Facebook and Google, among others. To read more: https://www.zdnet.com/article/russian-telco-hijacks-internet-traffic-for-google-aws-cloudflare-and-others/


Key Ring

This digital-wallet app fell victim to a breach that exposed 14m users’ data. Security researchers discovered a misconfigured AWS S3 bucket belonging to the company open on the web. To read more: https://www.cisomag.com/data-breach-exposes-14-million-key-ring-users-data/



The personal data of 600,000 Email.it users is being sold on the dark web. The Italian email provider confirmed that it had experienced a data breach. To read more: https://www.zdnet.com/article/email-provider-got-hacked-data-of-600000-users-now-sold-on-the-dark-web/?&web_view=true


Dark Nexus

A new internet-of-things botnet is leveraging smart devices to stage distributed denial-of-service attacks on demand. The botnet, named Dark Nexus, works by using credential-stuffing attacks against routers, video recorders, thermal cameras and other devices. To read more: https://thehackernews.com/2020/04/darknexus-iot-ddos-botnet.html


Fleeceware apps

Researchers discovered so-called fleeceware apps on the iOS app store. More than 3.5m users have installed these apps, which abuse legal loopholes in free trials. To read more: https://www.zdnet.com/article/fleeceware-apps-discovered-on-the-ios-app-store/

Linux servers

Researchers discovered that for the past eight years advanced-persistent-threat groups have been infiltrating Linux servers with various malware tools. To read more: https://www.techrepublic.com/article/blackberry-chinese-cybercriminals-target-high-value-linux-servers-with-weak-defenses/


Pakastani mobile users

A company found a data dump on the dark web containing the personal information of 115m Pakistani mobile users. The hackers responsible for the breach are asking $2.1m for the data. To read more: https://www.brecorder.com/2020/04/10/588270/personal-data-of-115mn-pakistani-mobile-users-go-on-sale-on-dark-web/


Fake Malwarebytes website

Hackers created a copycat Malwarebytes website to serve visitors the information-stealing malware Raccoon. To read more: https://threatpost.com/malwarebytes-copycat-site-raccoon-stealer/154638/



This online-betting company put $30m in escrow as insurance to cover costs of a suspected ransomware infection. To read more: https://www.zdnet.com/article/gambling-company-to-set-aside-30-million-to-deal-with-cyber-attack-fallout/


San Francisco Airport

San Francisco Airport confirmed that hackers compromised two of its websites. During this attack, the hackers apparently stole login credentials of users accessing the websites via Windows-based devices from outside the airport network. To read more: https://www.forbes.com/sites/daveywinder/2020/04/11/san-francisco-airport-cyber-attack-confirmed-windows-passwords-stolen/#d06031925b9c


Monte Dei Paschi

Hackers accessed mailboxes of employees at the Italian bank Monte dei Paschi, and sent email messages to customers. To read more: https://www.nytimes.com/reuters/2020/04/11/business/11reuters-monte-dei-paschi-italy-bank-hacker.html


Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.