Week 40 Cyberattack Digest 2019 – Demant, Ghostcat malware, Electronic Arts and others
Have you been waiting for our new cyber attack digest week 40? Here it comes! Grab a cup of tea or coffee and enjoy a portion of the hottest cyber security news.
Manufacturer of hearing aids faces giant losses
by ZDNet – 30 September, 2019
Demant, one of the most famous manufacturers of hearing aids, is facing losses of up to $95 million as a result of a security incident. The case is characterised as a ransomware infection that affected the organization at the beginning of the month.
Everything started on September 3 as a short statement appeared on the website of the company saying the organization was putting down the whole internal IT infrastructure due to “a critical incident.” That was the only information known as the company revealed nothing besides the fact that its “IT infrastructure was hit by cyber-crime.” Reports in Danish media described the incident as a ransomware attack, as it seemed so from the outside.
According to the official statements, all the organization’s infrastructure was severely affected. The incident touched the company’s ERP system, production and distribution facilities in Poland, production and service sites in Mexico, cochlear implants production sites in France, amplifier production site in Denmark, and the whole Asia-Pacific network.
While companies normally recover after data breaches within day, in case of Demant, it took weeks, and the organization is still recovering assets today. Also, expects say that it may take two more weeks to recover in full.
GhostCat Malware targets publishers
by Infosecurity Magazine – 1 October, 2019
Experts from the Media Trust Digital Security & Operations (DSO) found and managed to thwart a malicious campaign. This exploited advanced obfuscated code and delivery patterns for evading signature-based defenses used by publishers. The malware was dubbed Ghostcat-3PC. Over the course of three months, over 130 distinct outbreaks relating to the malware have been discovered.
“What makes GhostCat-3PC unique is the scale of this highly orchestrated campaign, the sophistication of obfuscation techniques to outsmart security tools, and what appears to be an attempt to test and track the response of signature-based security defenses,” commented Mike Bittner, The Media Trust’s associate director of digital security and operations.
The DSO researchers have already published a report explaining how the creators of GhostCat hid malicious code inside another code so that the malware could get past ad blockers.
The researchers said the following: “Most blockers work by detecting known malicious signatures found in an ad tag or on a publisher site. These signatures are typically static in nature and therefore must result in an exact match to the malicious code in order to be successful. Any change to the targeted code, no matter how minor, will prevent the blocker from producing a match to the specified signature.”
Electronic Arts website exposes its users’ data
by ZDNet – 4 October, 2019
Not an attack actually, but a data leakage: as a result of a website glitch, Electronic Arts (EA) gaming company experienced an exposure of the personal data of about 1,600 users. The website was designed for EA’s FIFA 20 Global Series, a competitive tournament FIFA 20 soccer-themed game recently launched by the organization.
The website has been available since October 3, and the glitch took place right away. Players claimed that they could see other people’s details during the registration process. The exposed data included player IDs, birthdays, email addresses, and country of origin, according to multiple screenshots posted online.