Week 3 Cyberattack Digest 2019 – Reddit, PayPal, Djvu Ransomware and others
As usual, we are coming up with a new cyber attack week digest. Are you ready to learn about the most notorious incidents of the week 3?
Reddit users are locked out
by The Register – 10 January 2019
Reddit locked out several of its users’ accounts over a security problem that the internet forum’s admins have blamed on people reusing old passwords. Currently it is not known what has happened exactly, or if Reddit itself has been hacked and the website describes the incident as a “security concern”.Still, Reddit admin Sporkicide blamed the all-encompassing forum’s users for bad password hygiene saying the following: “Over the next few hours, affected accounts will be allowed to reset their passwords to be unlocked and restored. This will take the form of either a notification to the account (yes, you’ll be able to log in to get it) and/or an email to any support ticket you’ve already sent in.” Also, there are other possible reasons that caused the incidents. For example, there could be a compromise of users’ login credentials from the site operator.
Phishing PayPal page tricks users
by Forbes – 15 January 2019
Ransomware become more clever as the time passes. Recently, experts have discovered a new ransomware that is able to steal your PayPal credentials via a phishing attack in addition to encrypting files. The new malware was discovered by MalwareHunterTeam and it is said to use a clever trick: the program offers its victims a choice to pay via PayPal as well as the usual Bitcoin route. If a victim chooses to pay via the internet’s payment method of choice he or she will be directed to a convincing-looking phishing web page attempting to steal the user’s PayPal credentials. Once a user submits their information, the data is sent to http://ppyc-ve0rf.890m.com/s2[.]php, where as a result gets stolen. The phishing page then tells the user their account is unlocked and they are redirected to the PayPal login page and prompted to log in.
New Djvu Ransomware is found
by Bleeping Computer – 15 January 2019
In December 2018, a new ransomware dubbed Djvu, which is presumably a variant of STOP, was discovered. At that time, the malware was also heavily promoted through crack downloads and adware bundles. Originally, this ransomware was developed as a variation of the .djvu string as an extension to encrypted files, but the latest variant has switched to the .tro extension. banking data. Originally it was unknown how the ransomware was being distributed as specialists could not find a sample of the main installer. However, the majority of the victims insisted that they had been infected after downloading a software crack. During encryption, the ransomware encrypts almost all files on the computer, including executables. Experts strongly recommend that you are sniffing the traffic on your network in order to recover your files for free in such situation.
140 airlines affected by a security breach
by Bleeping Computer – 16 January 2019
A vulnerability that has been recently found in Amadeus online reservation system might have put at risk data of millions of travellers. The loophole was discovered by a hacker and activist Noam Rotem when he tried to book a flight on Israel’s ELAL airline. “By simply changing the RULE_SOURCE_1_ID, we were able to view any PNR and access the customer name and associated flight details,” he said. Despite the fact that a hacker must know a PNR code to exploit the vulnerability, the researchers, who developed a script to patch the vuln, contacted ELAL to report the vulnerability and recommended the airline to introduce captchas, passwords and a bot protection mechanism. The Amadeus vulnerability, as well as last year’s Marriott breach, “provides foreign actors with the patterns of life of global political and business leaders, including who they traveled with, when and where. The aviation industry is built on trust. Preserving that trust requires layers upon layers of cybersecurity,” – commented Todd Probert, vice president of mission support and modernization at Raytheon Intelligence,Information and Services.