Week 18 Cyberattack Digest 2019 – Elasticsearch, Magecart, Porr and others
It is Monday today, which means that it is time for our weekly cyberattack digest. So, grab a cup of tea and enjoy, please!
Elasticsearch leaks data of over 100,000 individuals
by Bleeping Computer – 1 May, 2019
A publicly accessible Elasticsearch database was discovered by Security Discovery’s researcher Jeremiah Fowler back in March and exposed various types of personal data and medical information of 136,995 individuals.
The further investigation revealed that the exposed data belonged to the SkyMed company that provides medical emergency evacuation services. According to Jeremiah Fowler, the Elastic database was “set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials.” The researcher also found out that the company’s network could presumably be infected with an unknown ransomware strain.
Data of 80 million American household is discovered on the Internet
by SC Media – 29 April, 2019
Elasticsearch case was not the only recent data leakage. Data of 80 million American household was found by VPNMentor’s research team of Noam Rotem and Ran Locar.
This was discovered while the experts were conducting a web-mapping project with the use of port scanning to examine known IP blocks. The database was hosted on a Microsoft cloud server and contained extremely detailed information on individual homes including owners name, address, age, map coordinates and birthdates. The database also contained data noted in a numerical code with gender, marital status, income, homeowner status and dwelling type.
“Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to. It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner,” commented the researchers.
Magecart Group 12 attacks OpenCart online
by ThreatRavens – 2 May, 2019
One of such gangs, also known as Magecart (because the Magento payment platform is a frequent target of the hackers), uses web skimming scripts that are injected on checkout pages; with its help, the group collects credit and debit card details as customers pay for an order. Attackers usually break into the system by exploiting vulnerabilities in these platforms as their outdated versions often run on smaller stores.
In a report today, RiskIQ researcher Yonathan Klijnsma describes a large-scale operation Magecart Group 12 performed on OpenCart online stores. The gang used stealth tactics to keep its activity under the radar. OpenCart is in the top three most frequent world shopping platforms containing thousands of online stores, which is surpassed only by Shopify and Magento, and it is no surprise that it became a lucrative target for attackers.
Porr construction group suffers a cyberattack
by Reuters – 2 May, 2019
Telephone lines and emails of Austrian construction company Porr were disrupted as the company detected a cyberattack on its system last Thursday. The incident was caused by a virus, and while the IT staff is working to find a solution, the spokeswoman commented that it was too early to estimate potential damage caused by the incident.
As you can see, even personally identifiable information that should be secured with extra care can sometimes get exposed to public. To learn about further cyber incidents, follow us on Twitter, Facebook, and LinkedIn.