Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Olympic Destroyer

Olympic organizers confirmed that they are investigating a cyberattack that paralyzed IT systems, shut down display monitors, killed WiFi and took down the Olympics website. To read more: https://www.wired.com/story/olympic-destroyer-malware-pyeongchang-opening-ceremony/

Skype

There is a security flaw in Skype’s updater process that allows an attacker to gain system-level privileges. Microsoft has now said that they will not fix the flaw because it would require a large code revision. To read more: https://it.slashdot.org/story/18/02/12/2319257/skype-cant-fix-a-nasty-security-bug-without-a-massive-code-rewrite

Western Union

Western Union has confirmed that one of its IT suppliers was hacked and customer information was exposed. The database was full of bank names, internal customer ID numbers, and transaction amounts and times. To read more: https://www.theregister.co.uk/2018/02/13/western_union_storage_hack/

Newtek Business Services

This company, which operates more than 100,000 business websites, had several of its core domain names stolen over the weekend. The theft shut off email and stranded sites for many customers. To read more: https://krebsonsecurity.com/2018/02/domain-theft-strands-thousands-of-web-sites/

FedEx

FedEx exposed private information for thousands of customers after a legacy server was left open on the internet. The data was hosted in a password-less Amazon S3 server. To read more: http://www.zdnet.com/article/unsecured-server-exposes-fedex-customer-records/

Google AdWords

Researchers have uncovered a Bitcoin-stealing group that has prospered by exploiting Google AdWords. The “CoinHoarder” group targeted the Bitcoin wallet platform blockchain.info by using phishing links, bad domains and brand spoofing. To read more: http://www.zdnet.com/article/ukrainian-bitcoin-thieves-use-google-adwords-to-target-victims/

Russian nationals sentenced

Two Russian nationals were sentenced for their roles in a 2013 data breach, which exposed 160 million credit card numbers. The hacking operation affected entities such as Dow Jones, NASDAQ, JCPenny, JetBlue, and Heartland Payment Systems, among others. To read more: https://www.scmagazine.com/two-russian-nationals-sentenced-to-prison-for-massive-data-breach-scam/article/744965/

Reported Vulnerabilities

AndroRAT

A new variant of AndroRAT is disguised as an app called “TrashCleaner.” AndroRAT is distributed via a malicious URL that can be downloaded via third-party websites or phishing attacks. To read more: http://www.zdnet.com/article/androrat-new-android-malware-strain-can-hijack-older-phones/

Telegram

A zero-day vulnerability in the messenger app allows attackers to spread a new form of malware. The malware creates a backdoor Trojan and mines cryptocurrency. The attack occurs because of a vulnerability in the RLO Unicode coding method. To read more: http://www.zdnet.com/article/telegram-zero-day-let-hackers-spread-backdoor-and-cryptocurrency-mining-malware/

UK and US Government websites

More than 4,200 websites, including many run by the UK and US governments, were infected by cryptocurrency miner known as Monero. It was delivered through “Browsealoud,” a hosted accessibility service that reads website content aloud for people with disabilities. To read more: https://threatpost.com/u-k-and-u-s-government-websites-among-thousands-infected-by-cryptocurrency-miner/129886/

SamSam ransomware

This new ransomware campaign looks for unsecured internet-facing systems and uses them as a foothold to spread. The attacks are attributed to the Gold Lowell hacking group and have generated $350,000 in ransoms over the past few months. To read more: http://www.zdnet.com/article/this-lucrative-ransomware-campaign-infiltrates-vulnerable-systems-and-secretly-surveys-networks-to/

Microsoft Edge

The Project Zero team published details of an unfixed bypass for an exploit mitigation technique in Microsoft Edge. The issue is created through the way that the JIT process writes executable data into the content process. To read more: http://www.zdnet.com/article/windows-10-security-google-exposes-how-malicious-sites-can-exploit-microsoft-edge/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.