Week 2 Cyberattack Digest 2019 – Apple, Google+, Early Warning Network and others

Now, it is high time for another series of the cyber attack week digest. Let us have a look at the most noticeable attacks of the week 2.

Golduck malware affects Apple

by Bleeping Computer – 7 Januar6y 2019

Apple has always been famous for its immaculate App Store app review process. Sill, it seem that this time some suspicious apps managed to escape from Apple review team. The applications are not considered exactly malicious, but are said to exhibit risky behavior. All of them, which is over a dozen iOS applications, were found in Apple’s App Store which during the process of data transferring to command-and-control servers, that are known to have been used by the Android Golduck Loader. The Golduck malware was first discovered by Appthority in several Google Play  applications at the end of 2017; it was used by its authors as an adware distribution platform with possible device compromise capabilities. Such malware loaders act as a dropper for other malware strains like Trojans but do not come with their own data stealing or data corruption feature. This was the thing that attracted attention of security experts: the Apple apps were showing a similar behavior to the Android ones infected with Golduck, injecting ads to multiple areas on the app’s main screen. They were also sending multiple snippets of information to the Golduck C&C servers –  from IP addresses and location data to the device type and the number of ads displayed on the screen. All the iOS apps that were using Golduck’s C&C servers for adware distribution and data collection purposes were removed by Apple so far.

Connecticut school district suffered a ransomware attack

by Government Technology – 9 January 2019

The Bridgeport Public Schools computer system experienced a cyber attack. The incident was caused by a virus spread by an outside entity aiming to hold district data hostage for ransom. It is also known that the majority of the affected data consisted of lesson plans and teaching materials stored on district servers. “I know one teacher who had 18 years worth of teaching materials saved at work, not at home. That would be gone, currently,” one of the teachers said. Gary Peluchette, president of the Bridgeport Education Association, said that he was working with the principal security architect of the District Information Security vendor in conjunction with Multi-State Information Sharing and Analysis Center and law enforcement officials to resolve the incident as quickly as possible. Currently, there is no evidence that any data has been stolen, still some district data was encrypted by a virus and is said to be held for ransom. The incident alo did not affect emails or the district’s PowerSchool platform containing student data including grades, officials said.

Google+ API bug exposed private data

by Bleeping Computer – 7 January 2019

Earlier, on December 10th, 2018, Google exdperts disclosed a Google+ API bug that allowed apps see private data that they were not supposed to have access to. The bug presumably affected over 50 million users. Last week, Google+ users who were affected by the bug have started receiving notifications from Google. The message stated what fields had been exposed. The exposed fields and the associated apps can be found in an attached app_details.csv attachment. Google also announced that it had decided to shutdown their Google+ social service in August 2019 due to a general lack of adoption and a prior API bug that leaked the personal information of up to 500,000 Google+ accounts.

Australia’s Early Warning Network hacked

by CSO Online – 7 January 2019

“EWN has been hacked. Your personal data stored with us is not safe. We are trying to fix the security issues.” This alert was sent by a hacker who managed to gain unauthorized access to Australia’s Early Warning Network (EWN). The alert received by tens of thousands of people via text message, email, and landline also contained an email address to contact EWN support and a link to unsubscribe. Luckily, EWN security staff managed to quickly identify the incident and shut off its systems limiting the amount of messages sent out. Experts suppose that the hacker reportedly used “illicitly gained credentials to login” and post the “nuisance spam-notifications.” Despite the disturbing incident, EWN will still be ready to provide “alerts for severe weather and natural hazard events.”

Being able to get in touch with anybody at any moment is convenient, but not as secure as it could be: Apple and Google+ cases illustrate this. For more information, follow us on Twitter, Facebook, and LinkedIn.

Do you want more?

Subscribe me to your mailing list