6 December 2017

Week in review: major cybersecurity incidents in November 27-December 3

Week in review: major cybersecurity incidents in November 27-December 3

Last week we have observed 10 major cybersecurity incidents, involving security and data breaches in ship broker Clarksons, the US National Security Agency and the US National Credit Federation. It hasn't been also without malicious activities by Anonymous and campaigns using Mirai botnet. Below is the list of the most noticeable cybersecurity incidents along with brief description and commentary.


-         Bulletproof Coffee informed its customers about data breach. Unknown actors managed to compromise personal and financial information (names, physical and email addresses, payment card numbers, expiration dates and card security codes (CVV)).

The issue was revealed in mid-October after the creator of the weight loss coffee, Bulletproof 360, found "unauthorised computer code" added to the software that operates the checkout page on its website.

In-depth study showed, sensitive data was gathered by hackers during the period between 20 May and 13 October as well as from 15 October through 19 October.

-         A security researcher for UpGuard, Chris Vickery, detected a publicly available disk image left on Amazon Web Services storage server. The disk image, dubbed "Red Disk" contains over 100 gigabytes of data from an Army intelligence project. Revealed information belongs to the US Army's Intelligence and Security Command, known as INSCOM, division of the National Security Agency.

Apart from military data, the disk also includes private keys of a working partner of INSCOM, Invertix.

-         Three employees of the Office of the Inspector General of the US Department of Homeland Security stole a "computer system" that contained confidential personal information of about 246,000 employees of the department. Attackers intended to modify proprietary software to manage affairs and sell it to other government agencies.
Personal data included names, social security numbers and birth dates of the ministry's employees.


-         The world's largest ship broker, Clarksons confirmed it has become a victim of hackers. An attacker or a group of malicious actors hacked computer systems, stole confidential data and demanded a ransom, threatening to disclose stolen information.
The company has already informed its customers and deactivated an account through which unauthorized access was made.
After reports of data leakage, Clarksons shares fell 2%.


-         About 111 GB of confidential information from National Credit Federation, including credit history of clients, were publicly available in the Internet due to incorrectly configured Amazon Web Services (AWS) S3 server. The issue affected 40K company's customers.
The information leak was identified by a security researcher from UpGuard company Chris Vickery in early October this year.
Revealed information included customers' names, addresses, birthdates, scanned images of driving licenses and social security cards, customer credit histories and full credit card and bank account numbers. According to the experts, the database was available to be downloaded by any user.


-         Researchers for TrendMicro revealed an increase of Mirai botnet campaign. Now the malware is mainly targeting IP cameras, digital video recorders (DVRs), network video recorders (NVRs), as well as modems. Recent Mirai campaigns were detected in Colombia, Ecuador, Panama, Egypt, and Tunisia, as well in Argentina. A total number of attacks observed during November, 2017 amounts to 371,640 attack coming from roughly 9,000 unique IP addresses.
First attacks were performed on November 22 against Argentina, the second wave started on November 29 and was aimed at Colombia.
According to Trend Micro Report, the attackers are still trying to exploit ZyXEL modems and the Tenvis TH692 Outdoor P2P HD Waterproof IP Camera.

-         TIO Networks, a subsidiary of PayPal, informed its consumers about data breach affecting personal information of about 1.6 million users.
The company provides no details about what information was stolen. However, hackers could steal banking cards data, and in some cases, social security numbers.
TIO Networks is going to contact all affected customers via e-mails and offer a free use of the Experian credit monitoring service.

-         Experts for Malwarebytes reported a new phishing campaign, during which malicious actors tricked the user into entering his confidential information about their PayPal account, allegedly to confirm the transaction.
First, the victim received a fake e-mail allegedly from PayPal, which informed that financial transaction hadn't been confirmed and warned about suspicious activity of the account.
The email contains a malicious link to my accounts-webapps-verify-updated informations.epauypal.com/myaccount/e6abe where the user had to specify his personal account data including name, address, city, postal index, country, phone number, mother's maiden name and date of birth. After that the user was redirected into another website offering to enter information about the credit card, including the name, number, expiration data and security code. This data can be used to crack a user account and steal money from his account in Paypal.

-         Security researcher for NewSky Security Ankit Anubhav discovered that several thousand Lantronix serial-to-Ethernet servers leak their Telnet passwords and can be used to attack connected equipment.
The specialist identified 6464 vulnerable servers (48% of the total number of Lantronix devices found using the Shodan search engine).
The issue exists due to a very old vulnerability that allows attackers to get the configuration of Lantronix devices by sending a specially crafted request to port 30718. An attacker who connects to a vulnerable device using Telnet will be able to send arbitrary commands to an ACS-enabled equipment through a vulnerable server.


-         A hacking group Anonymous compromised Brazilian Corrupt Public Sector Entities and stole IP adresses from São Paulo military and civil police. Except information about every police officer attackers revealed data about ranging law enforcement agencies and local municipality. As reported the hacking group their main aim was to fight with corruption in Brazil.

The incident provoked discussing about new ways of providing cybersecurity: a framework like NIST to address the cyber security on ICS/SCADA industrial control system. The main challenge of information security now is fight with nation's threats like North Korea and China.

By Olga Vikiriuk

Analyst at Cybersecurity Help

Back to the list

Latest Posts

Patch Tuesday in December 2018: 1 zero-day and more than 100 bugs fixed by Microsoft and Adobe

Patch Tuesday in December 2018: 1 zero-day and more than 100 bugs fixed by Microsoft and Adobe

Vulnerability statistics for Patch Tuesday in December 2018.
12 December 2018
Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
Featured vulnerabilities
Denial of service in GraphicsMagick
Low Patched | 18 Dec, 2018
Cross-site scripting in Lxml
Low Patched | 18 Dec, 2018
Multiple vulnerabilities in Jenkins
High Patched | 18 Dec, 2018
SQL injection in Katello
Low Patched | 17 Dec, 2018