1. Chennai Rains: Attackers frequently see large events as an opportunity
to launch cyber-attacks on a curious population, these events are used as
effective lures. People are exposed to information on social media and they
have to often wade through rumors, hackers exploit this. In the past, hackers
have used major crisis to spread malware - like they did during the Boston
Marathon blast in 2013. Chennai Rains offers a ripe opportunity to hackers and
one needs to take precaution before opening any email or clicking on any URL.
US elections is another such event that hackers may exploit!
2. Vtech hack: Hong Kong-based Children's toy company Vtech announced
it was hacked last week. 6.4 million children's accounts and 4.9 million
parental accounts were accessed. The hack exposed general user profile
information including name, email address, encrypted password, secret question
and answer for password retrieval, IP address, mailing address and download
history. The company on its website confirmed that no Credit card information
or personal identification data was lost. The hack occurred on 14th Nov 2015.
The company discovered the breach, after being contacted by a journalist, 10
days later on the 24th Nov. Customers were informed on 27th Nov.
3. Hacker leaks
customer data after UAE bank fails to pay ransom: A hacker who broke into a large bank in the United Arab
Emirates made good on his threat to release customer data after the bank
refused to pay a bitcoin ransom worth about $3 million. The hacker, who calls himself
Hacker Buba, breached the network of a bank in Sharjah last month and began
releasing customer account and transaction records via Twitter. Although
Twitter closed the account, the hacker opened a new one and released the
account statements.
4. Gambling darling
Paysafe confirms 7.8 Million customers hit in hacks: The newly-branded Paysafe Group confirmed in a London
Stock Exchange announcement that information related to 3.6 million Neteller
accounts and 4.2 million Skrill users were leaked. Paysafe group lists itself
as a British online payments company with Neteller and Skrill being its
subsidaries. The Neteller attack involved an exploit of a vulnerability in the Joomla
content management system, whilst the Skrill breach saw a VPN, designed to
provide secure access to the firm’s network, hacked and a transaction database
accessed.
5. New Windows
ransomware steals passwords before encrypting files: Several badly secured websites are being used by hackers
to redirect the visitors to sites that are hosting the notorious Angler Exploit
kit. A mere visit to such sites installs the exploit kit without the user's
knowledge and then the exploit kit delivers the payload (Crytowall 4) to the system.
Before Cryptowall encryts the machine, the hackers systematically harvests all
usable usernames and passwords from the infected system and sends them to
servers controlled by hackers. This enables hackers to acquire working logins
for websites, e-commerce sites, and even corporate applications, which they
could further steal data from. We
discussed Cryptowall 4 last week.
6. JD Wetherspoon
loses data of over 650,000 customers in cyber-attack: In an email to customers sent last week, the food and
drink chain said the firm's website had been hacked between 15th and
17th June this year, resulting in the potential loss of customer
data including names, dates of birth, email addresses and phone numbers -- as
well as a small amount of credit card records. However, it is applaudable that
the company went public with the news, quickly after it was told about the
breach on 1st December.
7. Pickpocketing
the Mobile Wallet: Mobile wallets and
new payment technologies will introduce additional opportunities for credit
card theft and fraud. Hacks targeting mobile devices and new payment
methodologies will impact payment security more than EMV (Chip and PIN Credit
card). The increase in non-traditional payment methods on mobile devices or via
beacons (a system to allow retailers to detect a mobile app user’s presence in
the store) and smart carts will open up the doors for a new wave of retail data
breaches.
8. Anonymous leaks
Paris climate summit official’s private data: Hackers have leaked the private login details of nearly 1,415
officials at the UN climate talks in Paris in an apparent act of protest
against arrests of activists in the city. They hacked the website of the summit
organizers, the UN Framework Convention on Climate Change (UNFCCC), and posted
names, phone numbers, usernames, email addresses, and secret questions and
answers onto an anonymous publishing site. The damage is likely to be limited,
and can mitigated by changing the passwords on any other accounts of the
officials that use similar passwords.
9. Over 50,000
cyber security incidents reported in India this fiscal: As many as 54,483 cyber security incidents such as
phishing, spam and malicious code have been reported in the current financial
year, Parliament was informed last week by the Communications and IT Minister.
These incidents were reported to the Indian Computer Emergency Response Team
(CERT-In) by various Indian organizations, individuals and agencies from other
countries.
10. Chimera
Ransomware tries to turn malware victims into Cybercriminals: Chimera ransomware is taking victims hostage, then
trying to recruit them to be part of the criminal team. Compared to other
ransom messages, Chimera's is brief, straightforward, and polite: it says
'please' twice and invites the victims with a message - 'Take advantage of our affiliate program!'. The hackers are trying
to build a ransomware-as-a-service (RaaS) business and are offering 50% commission
for spreading and infecting other victims. This Malware first appeared in
September with a unique tactic of threatening to publish the victim's files
online if payment is not received. In
Issue 38, we did discuss - a similar model from CryptoLocker.
No comments:
Post a Comment