Week 35 Cyberattack Digest 2019 – teen hacker from England, Imperva, Hostinger and others
It is Monday again, and, as always, we have a new portion of cyber incidents for you in our week 35 cyber attack digest.
A teen from England sentenced to 20 months in prison
by Infosecurity Magazine – 19 August 2019
Elliot of Mounteney Close, Norwich, England, was sentenced to 20 months in prison and pleaded guilty to hacking, money laundering and breaching a Sexual Harm Prevention Order imposed in 2016. Gunton was sentenced at Norwich Crown Court on Friday, August 16; before that, he pleaded guilty at an earlier hearing. Now, Gunton has to pay back more than £400,000 he made in cryptocurrency. Before the hearing, the police found cybercrime-enabling software on Gunton’s laptop at his home in April 2018. The search had been carried out in terms of a Sexual Harm Prevention Order imposed by the court in 2016 for earlier offences. According to the information found on the laptop of the teen, Gunton had offered to provide a third party with mobile phone numbers allowing malefactors to intercept calls and texts to commit cybercrime. Also, there is a certain possibility that Gunton had been advertising compromised data for sale and offering his services as a hacker-for-hire.
Imperva expressed apologies to affected customers
by ZDNet – 27 August 2019
Imperva, a cybersecurity company, learned about a security incident that affected its customers, who used cloud web application firewall (WAF), also known as Incapsula. “On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” the company commented. The data that was accessed by malefactors included customer email addresses and hashed and salted passwords; among the impacted customers were the ones who had registered up until September 15, 2017. Also, several API keys and customer-provided SSL certificates were exposed.The officials of the form said that they began notifying the affected customers as soon as they had learned about the incident. Imperva expressed its apologies to customers and said that forensics experts had been engaged to help with the investigation.
Hostinger resets user passwords after an unauthorized access
by TechCrunch – 25 August 2019
The Hostinger web host revealed it had to reset user passwords as a “precautionary measure” after an unauthorized access to its database had been detected. The breach is believed to have taken place on Thursday. The organization received an alert that one of its servers was accessed by an unauthorized party. The cyber attacker managed to break into to the company’s systems, including an API database, with the help of an access token found on the server. The token is supposed to give access to systems without needing a username or a password. That database that was accessed contained customer usernames, email addresses and passwords scrambled with the SHA-1 algorithm. The organization has since changed its password hashing to the stronger SHA-2 algorithm. Company’s officials claim that affected customers have already been sent out an email with a recommendation to reset their passwords. There is no evidence that any financial data has been compromised. Still, one of the affected customers accused the organization of being potentially “misleading” about the consequences of the breach.
Another victim on the list: New Kent County Public Schools
by WTVR.com – 27 August 2019
As a school year has started, the amount of cyber attack victims among schools increases every week. This time we are talking about New Kent County Public Schools that recently have experienced a ransomware attack. As a result of the incident, the data located on the schools’ internal hard drive has been encrypted.The system is currently unable to access the files without paying a ransom. “Simply said, we cannot access many of the documents and data the faculty and staff have created, and this will cause an undue burden as we work to start school on time and ready for our students to learn,” commented superintendent Brian J. Nichols. According to the officials, the school system has hired cybersecurity experts investigate the incident. The experts are helping the school to get back online as soon as possible. “We have also notified the FBI and are working with federal law enforcement,” Nichols said. “At this time, we do not believe any personal identifying information was taken by the cybercriminals.”