Week 44 Cyberattack Digest 2018 – Pakistani bank, Radisson Hotel Group, U.S. Geological Survey and others
Today, we are not breaking our tradition and release our week 44 cyber attack digest. We have prepared something interesting for you.
Data is on sale
by SC Media – 31 October 2018
Voting systems have never been out of attackers’ attention. Ahead of the 2018 midterm elections, over 20 different state voter databases have been found that contained some 81.5 million voter records. Such data included names, genders, voter IDs, addresses, citizenship status, and phone numbers and was supposed to be sold on the dark web. Thousands of Instagram followers, Facebook likes, YouTube views and Twitter retweets were found on sale there for “a small amount of cryptocurrency” with some listings offering “’laser-focused’ ads” to recipients. Such databases are quite easy to be bought with the help of freelancers or dark web-oriented search engines. “Being offered for sale and being purchased are very different. A lot of this information is either public, already leaked by services like Facebook or can be purchased legally from several sources,” commented Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies.
Unknown losses of Pakistani bank
by ZDNet – 29 October 2018
Last Sunday, Karachi-based Bank Islami reported a security breach. It was previously mentioned by an unknown source that the attack had been performed as of a flood of suspicious PoS transactions made at Target stores in Brazil and US that had resulted in a loss of $6 million. Local press characterized the case as the biggest cyber-attack in the country’s history. Still, according to the officials, the attack affected the payment cards system of the bank, but there was no evidence that any financial losses had taken place there. The malicious actions were detected Saturday morning, October 27, when internal security system informed about “abnormal transactions” originating from Pakistani debit cards outside the country’s borders. After that, the bank’s access to international payment networks was shut down. The bank’s representatives claim that the bank returned all the funds withdrawn from customers’ accounts. The sum was only estimated at around 2.6 million Pakistani rupees, or, roughly$19.500. “There is a clear breach of information at BankIslami’s part and it is being speculated that a digital copy of BankIslami customer’s credit card information was leaked to hackers,” comments the local newspaper PakistaniToday presuming that the bank may know more than it’s letting up.
Radisson Rewards program affected
by by The Daily Swing – 1 November 2018
Hotel service is another sphere of human activity that is supposed to be a quite common target. This time, the Radisson Hotel Group reported its Radisson Rewards program was affected by a data breach sometime before 1 October. Malefactors got away with member’s personally identifiable information. According to the organization’s officials, an attacker gained access to the database storing member name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number and any frequent flyer numbers. As Radisson claimed, no credit card or password information had been compromised. “The fact that passwords and financial information does not seem to be affected makes the likely impact of the breach much smaller. The two large implications of this particular incident revolve around how the EU decides to enforce GDPR,” explained Ross Rustici, Cybereason’s senior director, intelligence services.
Adult sites are dangerous
by SC Media – 30 October 2018
It has never been a secret that adult websites – due to their popularity – have always been a dangerous place in a security sense. As it has been reported recently that an employee of the U.S. Geological Survey (USGS) had infected his agency’s network with a malware by spreading it on adult websites. As it was said by Matthew T. Elliott Assistant Inspector General for Investigations in a letter to the USGS, a malefactor visited over 9,000 pornographic webpages on the agency’s network. Many of them had connections with Russian servers. The malware infected the organization’s network when the man downloaded these images to his personal USB device and personal Android cell phone. By doing this, the employee he eventually connected to a government-issued computer which subsequently infected the network. “We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web address) or domains and regularly monitor employee web usage history,” commented Matthew T. Elliott.So, as you can see, this week we have collected attacks on the most influential and therefore attractive spheres: government, hotel service, finances and… adult websites, yes. To learn about cyberattacks, follow us on Twitter, Facebook, and LinkedIn.