Issue 63 - Week of May 2nd

1.       BEC hack scams company of $495,000: An investment company - Pomeroy Investment Corp - was recently robbed of $495,000 through a common email fraud method where the hacker, posing as a co-worker, had the funds transferred to his account. A staff received an email from another "employee" of the company asking for transfer of funds into a Hong Kong bank. The so-called email appeared genuine to the recipient, who had the money transferred. It was few days later the company realized they had been cheated via what is known as a business email compromise (BEC). Police received a complaint about the incident and have cautioned against transfer of any amount of money based on emails and advised verifying messages before making any money transactions.

2.       Another Ransomware victim: Michigan Public Utility is currently cleaning up its administrative systems after an undisclosed number of computers were infected with ransomware. The agency has stressed that the cyber incident "should have no impact on the delivery of water and electricity to its customers". In February, a ransomware attack shut down medical record systems at a LA Hospital and the hospital paid $17,000 in Ransom to the criminals.

3.       Wendy's hit with lawsuit over data breach: A class action lawsuit has been filed against Wendy’s for alleged negligence in securing its computer systems and customer data. According to the filing, Wendy’s did not update its computer system when required, thus making it susceptible to hacks. Confidential details of millions of customer credit cards were possibly leaked from various Wendy’s locations. The lawsuit accused Wendy’s of using outdated credit card systems that do not comply with federal guidelines, and for holding card details for too long.

4.       For sale - 272 million email passwords for just $1: A massive database of emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for $1. An anonymous Russian hacker, who goes by the moniker "the Collector," was first spotted advertising 1.17 Billion user records for email accounts on a dark web forum. A large number of those 1.17 Billion accounts credentials turned out to be duplicate and that 272 Million records were unique. In an unrelated but similar incident - it was revealed last week that a database containing the details of over 57 million email accounts was put up for sale on the dark web.

5.       ImageMagick tool vulnerable to remote code execution: ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. A serious zero-day vulnerability has been discovered in ImageMagick, which could allow hackers to execute malicious code remotely on servers by uploading a maliciously-crafted image. The vulnerability will be patched in next versions, which are due to be released by this weekend.

6.       ADP data used in US bank employee W-2 breach: ADP is a payroll processing provider, thieves used unregistered employee accounts to create fake accounts and siphon W-2 information from the ADP portal. This leaves the victims exposed to the risk of tax returns being filed fraudulently in their names. Mattel, Snapchat, Seagate, Polycom have all been recently lost W-2 data.

7.       2016 Global threat report: INSIDER THREAT- THE MALICIOUS AND THE ACCIDENTAL: Insider threats refer to attacks that either originate or receive cooperation from sources within an organization. Attackers are targeting insiders within organizations – or via business partners and third party suppliers – and gaining access to networks by manipulating staff into revealing their credentials. With these stolen credentials, criminals move among networks, accessing and stealing sensitive data, often going unnoticed until it’s too late. Industry measures the time that attackers spends in the network as Dwell time - which begins when an attacker enters a network and continues until they leave or are forced out. Minimizing dwell time reduces the opportunity for an attacker to achieve lateral movement and steal data.

8.       Russian hacker who stole from banks ordered to pay $7 million: A Russian man who spent about 3 years behind bars in the United States has been spared further prison time due to his "substantial assistance" in the investigation but ordered to pay $7 Million to cover damages he caused to banks for using Gozi - a vicious computer virus. The hacker used to rent the Gozi malware out for $500 a week to cyber criminals who in turn, used the malware to steal money from bank accounts, he also would control all compromised computers remotely as Botnet to steal data and access banks accounts.

9.       High-severity openSSL vulnerability allows hackers to decrypt HTTPS traffic: OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic. One of the high-severity flaws, allows a man-in-the-middle attacker to initiate a "Padding Oracle Attack" that can decrypt HTTPS traffic if the connection uses AES-CBC cipher. The other high-severity bug, is a memory corruption flaw in the OpenSSL.

10.   IRCTC denies hack, says committee is examining alleged data theft: IRCTC has a total user-base of 39 million, and sells 500,000 railway tickets every month. Last week, cyber cell found a CD containing 15K IRCTC data records in the market for sale. This led to wide spread speculation that IRCTC was hacked. IRCTC has denied the hack, but has formed a team to investigate the data theft.