Week 9 Cyberattack Digest 2019 – Fortnite, Palisades Park, WinPot malware and others
We have prepared for you a new portion of cyber news in our week 9 cyber attack digest. Enjoy, please!
Free show tickets sold by hackers
by Infosecurity Magazine – 4 March 2019
Back in February, Fortnite hosted DJ Marshmello who played a 10-minute set inside the game attended by 10 million viewers. The show was supposed to be free to all Fortnite players. Still this fact did not stop scammers from attempting to sell tickets to the concert. Malefactors put tickets for sale on Twitter. What is more, even those who purchased the tickets tweeted that they were thrilled to have done this. Experts emphasized that the chat aspect of the scam was particularly disserving as the majority of Fortnite players are young people.
Palisades Park recoveres $200,000
by northjersey.com – 28 February 2019
Palisades Park recovered $200,000 after a cyber attack on municipal computers when attackers managed to get away with nearly half a million dollars stolen from the accounts at Mariner’s Bank. The bank that is based in Edgewater and has seven locations in Bergen County notices that $460,000 was missing from the borough’s accounts. The local security experts concluded that the incident was caused by a fraudulent wire transfer. It is believed that the theft itself was performed on the borough’s computer systems, not a bank. A $200,000 insurance check was handed to the Borough Council on Tuesday by Ezio Altamura, the town’s risk manager from Otterstedt Insurance. “This is an advancement to help soften the burden. We still anticipate getting all of the missing money back,” commented Dave Lorenzo, the borough administrator. Later on, a Mariner’s Bank investigation revealed that the money was accessed and authorized through the borough’s systems and there was no breach of the bank’s data. “There was no malice on the borough or borough employees. No one did anything wrong or took money. This was done through clever sources with good abilities to do this type of hacking. They were possibly not even in this country,” Lorenzo said.
ATM jackpotting malware tricks users
by SC Media – 20 February 2019
Cybercriminals have introduced something new to the ATM jackpotting with a malware variant called WinPot. The malware includes a slot machine-like interface that easily tricks victims. The screen running a malware displays cassettes and has a reel numbered 1 to 4, while 4 is the max number of cash-out cassettes in an ATM. There is also a SPIN button along the number of bank notes in each cassette. When a user presses the button the ATM dispenses cash from the corresponding cassette. What is more, the malware includes modifications to trick the ATM security systems using protectors and other tools. This makes each new sample unique overcoming potential ATM limitations, such as maximum notes per dispense. “Automation of all kinds is there to help people with their routine work, make it faster and simpler. Although ATM fraud is a very peculiar sort of work, some cybercriminals spend a lot of effort to automate it,” researchers commented.