Week 20 Cyberattack Digest 2019 – Uniqlo, Community hacking group, MongoDB and others
This is Monday today, which means it is time for our new cyber attack digest week 20.
Hackers compromise data of Uniqlo Japan online customers
by SC Media – 15 May 2019
Data of 460,000 Uniqlo Japan online customers have been stolen by hackers. The accessed information also included credit card numbers. It is believed that the incident took place between April 23 and May 10. “We deeply apologize to our customers and pledge to prevent this from happening again,” stated Fast Retailing Co., the parent of Uniqlo and GU Japan, which also was affected.
The investigation revealed no evidence that the stolen information has been used in any way; the researchers encouraged users to reset their passwords.
Community hacking group members are charged
by SC Media – 13 May 2019
The Community hacking group members have been charged with aggravated identity theft, conspiracy to commit wire fraud and wire fraud related to a SIM hijacking campaign designed to steal cryptocurrency. Among nine criminals, charged by the U.S. Attorney’s Office, Eastern District of Michigan there are Conor Freeman, Ricky Handschumacher, Colton Jurisic, Reyad Gafar Abbas, Garrett Endicott and Ryan Stevenson. According to The The Department of Justice (DOJ), The Community used several methods to gather the information that was demanded to hijack SIM card/mobile phones of the victims. The affected also included bribing workers at mobile phone carriers and sometimes by contacting a mobile phone provider’s customer service department and by posing as the victim requesting the victim’s phone number be swapped to a SIM card owned by The Community. All the phone numbers were then used to gain access to the victim’s email accounts, cloud storage and digital currency wallets.
12,000 MongoDB databases were deleted
by Bleeping Computer – 17 May 2019
Over the past three weeks, more than 12,000 MongoDB databases have been deleted. Malefactors left a message behind and asked the owners to contact them in order to have the data restored. Similar attacks on MongoDB databases that were publicly accessible have taken place since at least early 2017. Attackers tend to search for the exposed database servers with the help of BinaryEdge or Shodan search engines, delete them and after that demand a ransom. Mongo Lock attacks can also target remotely accessible and unprotected MongoDB databases. As always, hackers then delete the databases and finally ask for a ransom in order to restore the content. It is still believed that this campaign does not request a specific ransom amount. However, malefactors leave an email contact, most likely to negotiate the conditions of data recovery. As for the accident that took place this time, 12,564 unprotected MongoDB databases were wiped by Unistellar, which was disclosed with BinaryEdge. The incident was first noticed on April 24, when a wiped MongoDB database was discovered. Also, there was a short following note: “Restore ? Contact : email@example.com. The process behind the attack is most probably completely automated.