Week 13 Cyberattack Digest 2019 – Asus, Microsoft, Cosmos Bank and others

We hope you have been waiting for our news compilation. If so, have a look at our week 13 cyberattack digest.

19-year-old man charged with DDoS cyberattacks

by Deeside.com – 28 March, 2019

A 19-year-old man has been charged in connection with a series of cyberattacks targeting the websites of police forces, among the targeted websites, there was the one of Cheshire Constabularies

Detectives charged Liam Reece Watts, of Stratford Road, Chorley, with two counts of unauthorized acts implying unauthorized manipulation with accessing a computer. The man was remanded in custody and was to appear Chester Magistrates’ Court on Thursday 28 March. It was concluded that the charges related to two Distributed Denial of Service (DDoS) attacks on websites of Cheshire Constabulary and Greater Manchester Police. All in all, DDoS attacks are one of the most common type of attacks.

Asus suffers an attacks and releases a fix

by Computer Weekly – 26 March, 2019

A computer hardware firm Asus based in Taiwan has released a fix. This was announced a day after security researchers went public with news of an attack on a supply chain

This was caused by vulnerabilities in code signing processes. According to security researchers from Kaspersky Lab, malefactors injected a backdoor into the Asus Live Update utility between June and November 2018. This affected more than a million users from all over the world. Asus claimed that only “a small number of devices” had been affected through an attack on its Live Update servers. Company’s representatives said that a fix in version 3.6.8 of its Live Update software had been implemented using “an enhanced end-to-end encryption mechanism”.

Asus added it had also updated and strengthened its server-to-end-user software architecture in order to prevent future attacks. The officials said customers could run an online security diagnostic tool to check if their system was affected. The security researchers characterized the attack as an advanced persistent threat (APT) campaign.

Attacks on Microsoft and Nintendo costed £3 million

by London Evening Standard – 29 March, 2019

A computer hacker caused a damage amounting to some £3 million in cyberattacks on Microsoft and Nintendo. Earlier, he had been spared prosecution for a major data breach affecting over six million children

Zammis Clark, 24, broke into the servers of Hong Kong-based toy firm Vtech back in 2015, which gave him access to millions of customer accounts that contained names and addresses, download histories and profile pictures. Recently, the company has admitted more than 10 million accounts had been involved in the incident. Surprisingly, Clark, who confessed to carrying out the hack, was given just a police caution as Vtech refused to assist in prosecuting him.

Clark was the mastermind of a 2017 cyberattack on Microsoft that caused up to £1.5 million of damage when the software under development was accessed. Then the malefactor managed to download 43,000 files and posted information online to allow others to join the hack.  Prosecutor Dickon Reid commented: “He published on an internet chatroom the fact he had hacked into the system, and by publishing that a number of other hackers from France, Germany, Ireland, Slovakia, the United States, and the United Arab Emirates accessed the computer server.”

North Korea carried out heist of Cosmos Bank

by Khaleej Times– 29 March, 2019

North Korea carried out a $13.5 million cyber heist of Cosmos Bank

A network across 28 countries was used by breaking the internal safety measures. The Security Council’s panel of experts monitored the sanctions on North Korea and said that the cyberattack that took place last August was carried out “by an advanced persistent threat group” from that country.

According to the report, “In August 2018, about $13.5 million was withdrawn from Cosmos Bank in India in more than 14,000 simultaneous automatic teller machine (ATM) withdrawals in 28 countries, as well as in additional transfers to an account belonging to a Hong Kong-based company.”

We hope that you care about your cybersecurity in advance. Read our further articles and follow us on Twitter, Facebook, and LinkedIn.

Do you want more?

Subscribe me to your mailing list