Polyverse Weekly Breach Report

breach_report

A snapshot look at the breaches and reported vulnerabilities of last week

US/UK security services

Senior US and British security officials are blaming the Russian government for a coordinated cyberattack against the worldwide internet infrastructure. Russian hackers have allegedly been conducting months-long cyber-campaigns against network devices used by government organizations, private industry, critical-infrastructure operators, and internet service providers. To read more: http://thehill.com/policy/cybersecurity/383364-us-uk-blame-russia-for-coordinated-cyberattacks-on-internet-devices

Localblox

Localblox, a data firm, was able to build 48 million personal profiles from information scraped from social networks like Facebook, LinkedIn and Twitter without users’ knowledge. Unfortunately, earlier this year the company left a database of this profile data on a public Amazon S3 storage bucket without a password. To read more: https://www.zdnet.com/article/data-firm-leaks-48-million-user-profiles-it-scraped-from-facebook-linkedin-others/

SDKs

Due to insecure advertising SDKs (software development kits), a number of mobile apps are transmitting unencrypted user data over the HTTP protocol rather than HTTPS. To read more: https://www.zdnet.com/article/mobile-apps-transmit-unencrypted-user-data-due-to-insecure-sdks/

Shipping industry

Researchers have identified the hacking group behind several wide-scale business-email attacks against the shipping industry. Attackers are taking advantage of the lax security and use of outdated computers and have attempted to steal at least 3.9 million dollars between June 2017 and January 2018. To read more: https://threatpost.com/gold-galleon-hacking-group-plunders-shipping-industry/131203/

Google Play

Two advanced-persistent-threat groups managed to get apps onto the Google Play marketplace this year. Both were designed to conduct surveillance in the Middle East; the apps have since been removed. To read more: https://threatpost.com/google-play-boots-three-malicious-apps-from-marketplace-tied-to-apts/131214/

TaskRabbit

TaskRabbit, the homeowner task website and app, announced a data breach. The site recommends users change their passwords immediately. To read more: https://www.theregister.co.uk/2018/04/18/hop_to_it_bunnies_taskrabbit_breach_means_new_passwords/

RSA Mobile App

A security vulnerability was found in the backend systems powering the smartphone app for the annual RSA security conference. Infosec experts were able to harvest attendee names and other data from the app. To read more: https://www.theregister.co.uk/2018/04/20/rsa_security_conference_insecure_mobile_app/

Dragon snapped

For the past 20 years, “dragon” has been one of the top 25 most commonly used passwords. This is not good security practice. To read more: https://www.wired.com/story/why-so-many-people-make-their-password-dragon/

UnityPoint

UnityPoint Health revealed that it was the target of a cyberattack that may have compromised the personal information of 16,000 patients. Birth dates, social-security numbers, medical records, treatment and surgical information were all potentially stolen. To read more: http://www.healthcarefinancenews.com/news/unitypoint-health-system-hit-cyberattack-affecting-16000-patients

SunTrust

SunTrust Bank says accounts of 1.5 million clients could be compromised following a “potential” data breach. The bank became aware of the “potential” theft by a former employee and the investigation is currently ongoing. To read more: http://www.tampabay.com/news/business/banking/SunTrust-warns-1-5-million-clients-of-potential-data-breach_167510380

Casino IoT hack

A casino was hacked through an internet-connected thermometer in an aquarium in the lobby. The hackers exploited a vulnerability to get a foothold in the network, and from there had access to the high-roller database of gamblers. To read more: https://thehackernews.com/2018/04/iot-hacking-thermometer.html

Reported Vulnerabilities

IOS sync glitch

Researchers identified a new iOS vulnerability called “trustjacking,” which exploits an iTunes feature to give attackers persistent control over their victims’ devices. To fall victim to this attack all that a user need do is accidentally approve their device’s connection to a malicious computer when syncing with iTunes. To read more: https://threatpost.com/ios-sync-glitch-lets-attackers-control-devices/131281/

XiaoBa lookalike

Researchers at TrendMicro found a new cryptocurrency miner similar to XiaoBa, a form of ransomware that first appeared last October. They believe that the ransomware code has since been repurposed to function as a coinminer. To read more: https://www.zdnet.com/article/this-ransomware-was-rewritten-to-mine-cryptocurrency-and-destroy-your-files/

Stegware

Researchers are warning of an uptick in steganography as a vehicle for delivering malware. Hackers are using this for infection, command and control, data exfiltration and as an encryption alternative. To read more: https://threatpost.com/use-of-stegware-increases-in-stealth-malware-attacks/131293/

PUBG malware

A new malware locks computer files until users play PlayerUnknown’s Battlegrounds. To unlock the files and regain access to their content, users must play a certain amount of the game. To read more: https://hypebeast.com/2018/4/ransomware-malware-playerunknowns-battlegrounds-force-play

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.