Week 3 Cyberattack Digest 2019 – Reddit, PayPal, Djvu Ransomware and others

As usual, we are coming up with a new cyber attack week digest. Are you ready to learn about the most notorious incidents of the week 3?

Reddit users are locked out

by The Register – 10 January 2019

Reddit locked out several of its users’ accounts over a security problem that the internet forum’s admins have blamed on people reusing old passwords. Currently it is not known what has happened exactly, or if Reddit itself has been hacked and the website describes the incident as a “security concern”.Still, Reddit admin Sporkicide blamed the all-encompassing forum’s users for bad password hygiene saying the following: “Over the next few hours, affected accounts will be allowed to reset their passwords to be unlocked and restored. This will take the form of either a notification to the account (yes, you’ll be able to log in to get it) and/or an email to any support ticket you’ve already sent in.” Also, there are other possible reasons that caused the incidents. For example, there could be a compromise of users’ login credentials from the site operator.

Phishing PayPal page tricks users

by Forbes – 15 January 2019

Ransomware become more clever as the time passes. Recently, experts have discovered a new ransomware that is able to steal your PayPal credentials via a phishing attack in addition to encrypting files. The new malware was discovered by MalwareHunterTeam and it is said to use a clever trick: the program offers its victims a choice to pay via PayPal as well as the usual Bitcoin route. If a victim chooses to pay via the internet’s payment method of choice he or she will be directed to a convincing-looking phishing web page attempting to steal the user’s PayPal credentials. Once a user submits their information, the data is sent to http://ppyc-ve0rf.890m.com/s2[.]php, where as a result gets stolen. The phishing page then tells the user their account is unlocked and they are redirected to the PayPal login page and prompted to log in.

New Djvu Ransomware is found

by Bleeping Computer – 15 January 2019

In December 2018, a new ransomware dubbed Djvu, which is presumably a variant of STOP,  was discovered. At that time, the malware was also heavily promoted through crack downloads and adware bundles. Originally, this ransomware was developed as a variation of the .djvu string as an extension to encrypted files, but the latest variant has switched to the .tro extension. banking data. Originally it was unknown how the ransomware was being distributed as specialists could not find a sample of the main installer. However, the majority of the victims insisted that they had been infected after downloading a software crack. During encryption, the ransomware encrypts almost all files on the computer, including executables. Experts strongly recommend that you are sniffing the traffic on your network in order to recover your files for free in such situation.

140 airlines affected by a security breach

by Bleeping Computer – 16 January 2019

A vulnerability that has been recently found in Amadeus online reservation system might have put at risk data of millions of travellers. The loophole was discovered by a hacker and activist Noam Rotem when he tried to book a flight on Israel’s ELAL airline. “By simply changing the RULE_SOURCE_1_ID, we were able to view any PNR and access the customer name and associated flight details,” he said. Despite the fact that a hacker must know a PNR code to exploit the vulnerability, the researchers, who developed a script to patch the vuln, contacted ELAL to report the vulnerability and recommended the airline to introduce captchas, passwords and a bot protection mechanism. The Amadeus vulnerability, as well as last year’s Marriott breach, “provides foreign actors with the patterns of life of global political and business leaders, including who they traveled with, when and where. The aviation industry is built on trust. Preserving that trust requires layers upon layers of cybersecurity,” – commented Todd Probert, vice president of mission support and modernization at Raytheon Intelligence,Information and Services.

Once again, convenience does not always mean security: just have a look at PayPal  and Reddit cases. To learn the latest cyber news, follow us
Twitter, Facebook, and LinkedIn.

Do you want more?

Subscribe me to your mailing list