Week 12 Cyberattack Digest 2019 – Christchurch shooting, Norsk Hydro, MyPillow, Amerisleep and others
We have some hot cyber news for you! If you have been waiting for our cyberattack digest, we are sure you’ll like our latest article compilation.
Hackers turn a quick profit from Christchurch shooting
by Bleeping Computer – 19 March 2018
Last week, almost 50 people lost their lives in the Christchurch shooting, New Zealand. Sadly, even here malicious actors are seeking to turn a quick profit from one’s grief. As over NZ$8 million (US $5.5 million) were raised from more than 100,000 contributors through donation pages set up on Givealittle and LaunchGood crowdfunding platforms in order to support for those affected. In the list of the contributors, there were also such famous people as Madonna, Ben Stiller, Chris Rock, Ashton Kutcher, who helped the incident on other a GoFundMe page set up by Guy Oseary, Madonna’s and U2’s manager; he donated US $18,000. Overall, it’s all about a large sum of money and hackers understand that very well. The Computer Emergency Response Team (CERT) based in New Zealand and Westpac New Zealand bank received reports that fraudsters used the tragic event as a topic for phishing emails with fake online banking login links and fraudulent bank accounts. It was supposed that fooled receivers would donate to those affected by the Christchurch events.
In a public service announcement on Monday, CERT NZ also stated that malefactors spread malicious video content through compromised websites or on social media. “A video file containing footage related to the attack had malware embedded in it and this malicious file is being shared online,” warn the cybersecurity experts.
Norsk Hydro is forced to shutdown systems
by The Hacker News – 19 March 2019
Norsk Hydro, one of the world’s largest producers of aluminum, recently has been made to shut down several of its plants located in Europe and the U.S. as a result of an “extensive cyber attack”. The attack hit manufacturer’s operations and left companies’ IT systems unusable.
Aluminum giant has temporarily shut down several of its plants and was forced to switch to manual operations “where possible”; these measures touched countries including Norway, Qatar, and Brazil. The attack began in the U.S. and was first traced by the company’s IT experts late Monday evening last week. Security experts are currently working to neutralize the incident and the investigation is ongoing.
“Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents,” commented the officials of the affected company. It is also known that the Norwegian National Security Authority (NNSA) is busy helping Norsk Hydro with the incident. “It is too early to indicate the operational and financial impact, as well as timing to resolve the situation,” says Norsk Hydro.
MyPillow and Amerisleep attacks get disclosed
by ZDNet – 21 March 2019
Two data breaches that are believed to be the work of Magecart may leave cybersecurity specialists without sleep for a long time. MyPillow and Amerisleep are famous mattresses and bedding retailers based in the United States boasting the best deals for a proper sleep. Recently, it has come to light that two separate security attacks might have affected both companies’ customers back in 2017 and 2018. Magecart is a hacking group known for compromising online payment systems and using card-skimming malware to steal critical data. Exerts suppose the hackers are responsible for data breaches that touched such companies as British Airways, Newegg, Ticketmaster, Feedify, and Shopper Approved.
RiskIQ researcher Yonathan Klijnsma said in his blogpost that “hundreds” of Magecart incidents are documented on a daily basis and a large number of them are not made public. MyPillow became a victim of attackers in October 2018. Malefactors managed to compromise the company’s e-commerce and sales platform in order to perform skimming and stealing credit card information of the customers. AmeriSleep’s case seems to be more severe dating back to April 2017. The hacker group injected the script into the company’s website with a skimmer being implemented and fake domains used to host the malicious code. “With the increased efficiency of credit-card skimming groups, the time it takes for a large number of consumers to have their data stolen, seemingly out of nowhere, is decreasing quickly,” RiskIQ commented. “Magecart has capitalized on the fact that the security controls of small companies who provide services to enhance the websites of global brands are far less developed than the security controls of the global brands themselves.”
School in Dorset loses GCSE coursework
by Education Executive – 19 March 2019
School districts often become victims of attackers, and this time it was a school in Dorset, which experienced a disturbing incident. One of the employees at the Sir John Colfox Academy in Bridport opened an email that contained a virus resulting in infection of the entire network and causing GCSE coursework to be lost. This touched year 11 coursework from one subject that was saved on the school system. Head teacher, David Herbert, commented the situation: “We are liaising with the relevant exam boards about this specific issue.” He also noted that a police expert “has advised us that it is very unlikely that any school information has left the building and we are not compromised in that way. Personal data relating to staff, students and parents is not held on this system and is secure”.