Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

Sofacy group

The Russian-speaking APT group has been targeting researchers, admins and others connected to cybersecurity. Cisco’s security researchers found a campaign linked to Sofacy that used a decoy document related to the CyCon US conference as a lure. To read more: https://threatpost.com/latest-sofacy-campaign-targeting-security-researchers/128576/

Critical infrastructure

Hackers are attempting to gain access to the networks of critical-infrastructure companies. The FBI and DHS warn of an ongoing campaign to infiltrate the networks of power companies and steal details of control systems. To read more: http://www.zdnet.com/article/hackers-are-attacking-power-companies-stealing-critical-data-heres-how-they-are-doing-it/

London Bridge Plastic Surgery

A plastic-surgery clinic frequented by celebrities in the UK was targeted by hackers. The hackers threatened to publish the patient list and photos online. To read more: https://www.theregister.co.uk/2017/10/24/london_plastic_surgery_clinic_data_breach/

Coinhive

Coinhive has admitted to a security breach where hackers were hijacking cryptocurrency mining scripts on various websites. The DNS records for coinhive.com were manipulated to redirect requests for coinhive.min.js to a third-party server. To read more: http://www.zdnet.com/article/hackers-hijack-coinhive-dns-server-through-an-old-password/

Dell

Dell lost control of the website they set up to help customers recover from malicious software. Sometime this summer DellBackupandRecoveryCloudStorage.com was hacked for a month and exposed to malware. To read more: https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/

Merck

The NotPetya malware infection shut down the pharmaceutical company’s production of the pediatric HPV vaccine. The company was forced to borrow the drug from a stockpile maintained by the CDC. To read more: https://securityledger.com/2017/10/notpetya-infection-left-merck-short-key-vaccine-gardasil/

Reported Vulnerabilities

Reaper IoT

Researchers are warning that a new botnet could dwarf Mirai in terms of its scale and damaging power. The botnet borrows some of the attack code from Mirai but also exploits known security vulnerabilities to compromise routers and security cameras. To read more: https://www.bitdefender.com/box/blog/iot-news/reaper-iot-botnet-devastating-mirai/

Dark web vendors

Vendors are selling remote access to desktop PCs for as little as $3. This allows attackers to compromise RDP, which can provide an easy way into corporate networks. To read more: http://www.zdnet.com/article/dark-web-vendors-are-selling-remote-access-to-corporate-pcs-for-as-little-as-3/

DUHK Attack

The DUHK attack can be used to passively decrypt VPN and encrypted browser traffic, however it relies on implementation errors in ancient security appliances to trigger a vulnerability known for two decades. To read more: https://threatpost.com/duhk-attack-exposes-gaps-in-fips-certification/128582/

AmosConnect 8.0

Researchers uncovered two critical security issues that would give attackers access to systems and information. The shipboard-communication platform provides satellite communications, email, fax, interoffice communication and more while at sea. To read more: http://www.zdnet.com/article/hackers-gain-full-access-to-maritime-ships/

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.