The Week in Breach June 23 to June 29 2018

 

The Week in Breach

 

It’s no surprise that this week has been busy for cyber-attacks on the web, targeting big events such as the World Cup but also continuing to pursue small-and medium-sized businesses across the globe.

– Google is still leaking!
– Another Dark Web marketplace down in a big win for French authorities.
– Do androids dream of electric… rats? A new malware for Android!
– Going phishing at the World Cup.

In other news… Google has announced that Chromecast and Google Home devices, that are easily scripted to reveal precise location data to the public, will be patched in the coming weeks. Disclosed by a researcher at Tripwire, the simple script running on a website can collect location by revealing a list of internet connections available to the device. Researchers go on to describe how easy it would be to remote into an exposed individual’s device and network.
https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/

The Dark Web marketplace known as ‘Black Hand’ was shut down by French authorities this week. The marketplace was used to sell drugs, weapons, stolen personal information and banking data, as well as fake documents. The site had over 3,000 users from France and was highly active for selling illicit materials.
https://www.hackread.com/authorities-shut-down-dark-web-marketplace-black-hand/

Researchers have come across a new malware family that takes form as an Android remote administration tool (or RAT). The malware uses the messaging app Telegram both to spread and to operate the RAT. When an attacker gains access to a device, he or she operates it by using Telegram’s bot functionality and can intercept text messages, send text messages, make calls, record audio or screen, and locate the device.
https://www.welivesecurity.com/2018/06/18/new-telegram-abusing-android-rat/

With the World Cup in full swing this week, bad actors are taking advantage of the attention on the event and spinning up malicious email campaigns. The idea is that people are less vigilant about clicking emails from unknown sources when related to an event that only occurs every couple of years. Sites selling fake tickets, offering fictitious giveaways and luring unsuspecting induvial to click on malicious links related to the World Cup are popping up all over the place.
 https://www.darkreading.com/attacks-breaches/wallchart-phishing-campaign-exploits-world-cup-watchers/d/d-id/1332080

A network worm called ‘Olympic Destroyer’ that debuted at the 2018 winter Olympics is still doing damage across Europe. Since the Olympics, the group has taken an interest in financial and biochemical organizations and oftentimes uses spear phishing as a way to gain illegal access to systems. The group has so far remained anonymous, using a complex combination of false flags and other deceptive behavior to avoid being revealed.
https://www.darkreading.com/vulnerabilities—threats/olympic-destroyer-reappears-in-attacks-on-europe-russia/d/d-id/1332094


What we’re listening to this week!

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!

Indian Government

Exploit: Leaky websites, lack of basic website/ internet security controls.

Risk to Small Business: High: Demonstrates that poor cyber hygiene and complete disregard for basic website/ internet security can be highly damaging.

Risk to Exploited Individuals: High: Sensitive personally identifiable information that can be used for identity theft.

Indian Government: The Republic of India’s government.

Date Occurred/Discovered The government has experienced a wide variety of breaches over a long span of time, but with their websites being audited in May of 2018, their continuing lack of security with such highly sensitive information proves to be a continuing problem.
Date Disclosed June 20, 2018
Data Compromised · Names and phone numbers of those who bought various medicines from state-run pharmacies

Recently but not this week:

· Aadhaar number

· Data collected in ‘Smart Pulse Survey’

· Geolocation of people based on caste/religion

· Geolocation of ambulances, why they were summoned, and the hospital destination

How it was compromised Leaky websites and dashboards allowing anyone to look up HIGHLY sensitive medical and personal information.
Customers Impacted Anyone who has purchased medicine from the state-run pharmacies.
Attribution/Vulnerability Poorly configured database.

http://www.newindianexpress.com/specials/2018/jun/19/in-wake-of-data-leaks-andhra-pradesh-orders-audit-of-all-government-websites-1830571.html

https://www.huffingtonpost.in/2018/06/19/caught-leaking-information-on-people-buying-viagra-from-government-stores-ap-orders-security-audit_a_23463256/

Med Associates

Exploit: Supply Chain/Trusted Vendor Compromise
Compromised Workstation, most likely compromised credentials and a lack of multi-factor authentication.

Risk to Small Business: High: At least 42 physician practices had their customer’s PII compromised. Lack of situational awareness within the supply chain will create significant challenges for the vendors that replied on the claims processing vendor.

Risk to Exploited Individuals: High: This breach has disclosed a massive amount of HIGHLY sensitive personal and health information leaving customers impacted significant risk of identity theft and fraud.

Med Associates: A New York-based claims processing company.

Date Occurred/Discovered March 2018
Date Disclosed June 2018
Data Compromised · Patient names

· Dates of Birth

· Addresses

· Dates of service

· Diagnosis codes

· Procedure codes

· Insurance information, such as insurance ID numbers

How it was compromised Not disclosed, but it was specified that the attack did not involve ransomware or phishing.
Customers Impacted 270,000
Attribution/Vulnerability Still under investigation, but the third party gained remote access to the workstation without phishing or ransomware.

https://www.govinfosecurity.com/hacking-incident-at-billing-vendor-affects-270000-patients-a-11116


Chicago Public Schools

Exploit: Negligence

Risk to Small Business: High: If a breach of this magnitude happened to a small business, it is unlikely it would recover. This kind of negligence causing a breach tarnishes a name to a great degree, but people do not have a choice but to continue using Chicago public schools because it is a government-run program.

Risk to Exploited Individuals: High: Unfortunately, a minor’s personally identifiable information is highly sought after and valuable as its often not monitored.

Chicago Public Schools: School district in the Illinois city of Chicago

Date Occurred/Discovered June 16, 2018
Date Disclosed June 16, 2018
Data Compromised · Children’s names.

· Home phone numbers.

· Cell phone numbers.

· Email addresses.

· School ID numbers

How it was compromised When sending out an email about applications to selective enrollment schools, an employee attached a spreadsheet containing the sensitive data which was then sent out to families in the district. The person who made the critical mistake is going to lose their job according to the superintendent.
Customers Impacted 3,700 students and families
Attribution/Vulnerability Negligence

https://chicago.suntimes.com/news/cps-data-breach-exposes-private-student-data/

An important takeaway from this week is how easy it is to unsuspectingly leak personal information. A study conducted by Positive Technologies found some alarming statistics when researching the vulnerabilities of something that is often overlooked; web applications.

The study uncovered that almost half (48%) of the web applications tested were vulnerable to unauthorized access from a third party, with 17% of the tested applications being so unsecured that full control could be acquired. Every single web app that the study looked had vulnerabilities with just over half of them (52%) being high risk. A little under half (44%) of web apps examined that processed personal data leaked that personal data and 70% of all applications were at risk of leaking critical information to the business. The study found an average of two critical vulnerabilities per web application, and where the researchers had access to the source code of the web app they uncovered high-severity vulnerabilities 100% of the time. The industries used in this study of web applications include: finance, IT, e-commerce, telecom, government, mass media, and manufacturing.

Make sure to consider what web applications you are using in both your professional and personal life, otherwise, your information could end up on the Dark Web.

https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Web-application-vulnerabilities-2018-eng.pdf

https://www.darkreading.com/attacks-breaches/most-websites-and-web-apps-no-match-for-attack-barrage/d/d-id/1332092

 

Advertisements

About Vic Levinson
Telecommunications and IT professional with over 25 years experience in Business Technology Solutions. Specializing in managed technologies solutions : hosted VoIP, cyber security, help desk, remote monitoring and maintenance, cloud work space and - the works. Founded Prime Telecommunications in 1993 and providing business communications solutions. Cloud Applications- everything from hosted network security, hosted Disaster Recovery, hosted printer management, data centers and colocation solutions for businesses.

Comments are closed.

%d bloggers like this: