Week 18 Cyberattack Digest 2019 – Elasticsearch, Magecart, Porr and others
It is Monday today, which means that it is time for our weekly cyber attack digest. So, grab a cup of tea and enjoy, please!
Elasticsearch leaks data of over 100,000 individuals
by Bleeping Computer – 1 May 2019
A publicly accessible Elasticsearch database was discovered by Security Discovery’s researcher Jeremiah Fowler back in March and exposed various types of personal data and medical information of 136,995 individuals. The further investigation revealed that the exposed data belonged to the SkyMed company that provides medical emergency evacuation services. According to Jeremiah Fowler, the Elastic database was “set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials.” The researcher also found out that the company’s network could presumably be infected with an unknown ransomware strain.
Data of 80 million American household is discovered on the Internet
by SC Media – 29 April 2019
Elasticsearch case was not the only recent data leakage. Data of 80 million American household was found by VPNMentor’s research team of Noam Rotem and Ran Locar. This was discovered while the experts were conducting a web-mapping project with the use of port scanning to examine known IP blocks. The database was hosted on a Microsoft cloud server and contained extremely detailed information on individual homes including owners name, address, age, map coordinates and birthdates. The database also contained data noted in a numerical code with gender, marital status, income, homeowner status and dwelling type. “Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to. It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner,” commented the researchers.
Magecart Group 12 attacks OpenCart online
by ThreatRavens – 2 May 2019
Porr construction group suffers a cyber attack
by Reuters – 2 May 2019
Telephone lines and emails of Austrian construction company Porr were disrupted as the company detected a cyber attack on its system last Thursday. The incident was caused by a virus, and while the IT staff is working to find a solution, the spokeswoman commented that it was too early to estimate potential damage caused by the incident.
As you can see, even personally identifiable information that should be secured with extra care can sometimes get exposed to public. To learn about further cyber incidents, follow us on Twitter, Facebook, and LinkedIn.