Week 4 Cyberattack Digest 2019 – Elasticsearch, Telegram, Collection 1 breach and others
We are not breaking with the tradition of posting our cyber attack week digest. So, let’s move on to the latest incidents of the week 4.
‘Collection 1’ breach exposes millions of emails and passwords
by Fortune – 17 January 2019
A giant ‘Collection 1’ breach exposed 773 million unique emails and 21 million passwords. The large collection of records on the MEGA cloud service containing almost 773 million unique emails and 21 million unique passwords was posted on a hacking forum. The stolen files came from a number of breaches and sources, according to security researcher Troy Hunt. The expert claims that the compromised data has since been removed from MEGA. “Yet again, we are seeing a breach of proportions that were unimaginable only a few years ago. We are becoming immune to such incidents, accepting that this kind of thing is now part of our daily lives, and there is where the danger lies,” commented Stan Lowe, Zscaler’s Global CISO. The Collection 1 breach is composed of “a set of email addresses and passwords totaling 2,692,818,238 rows,” Hunt explained in a blog post, saying that the total number of unique combinations of emails and passwords amounts to more than 1.16 billion. The data includes “dehashed” passwords that have been cracked and converted back to plain text.
Elasticsearch database exposes 24.3 million records
by SC Media – 24 January 2019
Another incident that touches a leakage of a giant volume of data is connected to the Elasticsearch database. The incident resulted in 24.3 million mortgage and credit reports being exposed. An independent cybersecurity researcher Bob Diachenko discovered the 51GB of optical character recognition recorded pieces data earlier this month with the help of public search engines, such as Shodan and Censys. The records contained sensitive personal information including Social Security numbers, names, phones, addresses, credit history, and other details. “This information would be a gold mine for cybercriminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” said Diachenko. A large number of the records indicated they were originating from CitiFinancial, and Diachenko contacted that firm’s disclosure team on Jan. 10 explaining the incident. The security expert managed to get in touch with a Citi representative; the files were secured as of January 15.
GoodSender malware discovered in Telegram
by TechNadu – 19 January 2019
What messenger do you prefer for chatting? Well, we suggest that you do not choose Telegram. Researchers concluded that a Telegram bot chatter was actually a new Windows malware, called GoodSender. It uses the messenger platform to listen and wait for commands and creates a new administrator account that enables remote desktop once it infects a user’s device. In other words, the malefactor uses Telegram to communicate with the malware and send HTTPS protected instructions. Experts suppose that the malware is fairly simple and no more than one year old. Also, the malware revealed a loophole in Telegrams BOT API. This was not the first time hackers have used commercial products to communicate. Researchers noted threat actors tweeting malware commands in a different malware case.
Sammamish city hall and Salisbury PD hit by ransomware
by SC Media – 24 January 2019
The City of Sammamish, Wash., and the Salisbury, Md. Police Department experienced a series of ransomware attacks. These resulted in shutting down large portions of municipalities’ computer networks. The attacks took place on January 23; the city had to bring in outside security professionals to help mitigate the problem. The city is currently working to find out exactly which systems are impacted, the level of penetration the attackers achieved, and how to regain access to the data. “The city’s computer system is under a ransomware attack. We are bringing in a security expert to assist the city with assessing which systems have been affected and to what extent,” commented the officials of the city.