The recent updates from the world of cybersecurity touch many crucial areas and offer critical insights for individuals and businesses who are keen to improve their digital security. Hence, we compiled all major cybersecurity events and other developments which will enable them to take a step forward for establishing a robust cyber-security infrastructure.
Lion Air’s Customer Records Go Viral
Malindo Air and Thai Lion Air – the two airline companies, owned by Lion Air, have recently been the subject of a massive data compromise. Data belonging to approximately 14 million Malindo Air and 21 million Thai Lion Air customers was available in an open AWS storage bucket on the web. However, investigators cannot determine the exact time for which the databases have been there on the internet.
Investigators speculate that the lost data includes names, e-mail addresses, phone numbers, physical addresses, passport numbers, passport expiration dates, dates of birth, and passenger and reservation IDs. Additionally, it has been available on data exchange from August 10, implying that the data has probably been in circulation for over a month now.
Investigations Under-Way: Says Malindo Air
According to an official from Malindo Air, they shall only comment or present any advice to the affected users after they have conducted a thorough internal investigation. The company plans to hire an independent cybersecurity firm to get to the roots of this data breach.
15,000 Private Cams Available Online
A scary number of 15,000 private web cameras were online, and researchers claim that anybody with an internet connection can access them. Web camera manufacturers like AXIS net cameras; Cisco Linksys webcam; IP Camera Logo Server; IP WebCam; IQ Invision web camera; Mega-Pixel IP Camera; Mobotix; WebCamXP 5 and Yawcam were missing any protection service.
Wizcase worker, Avishai Efrat found that these cameras were installed equally by both households and businesses in nations from Europe, the Americas and Asia.
Reason: The Vulnerability of The Users Or Manufacturer’s Aggressive Marketing Strategy?
This lack of phishing protection reveals user information and approximate geolocation. Hence, it gives adversaries the scope to rob the monitored premises, blackmail users, and also steal PII for identity fraud. It happens because the manufacturers are so engrossed in making device installation hassle-free that they tend to overlook security standards, let alone maintain them.
Hence users must make it a point to configure a home VPN network so that the webcam remains safe from the public-facing internet.
International Hotel Chains Hit With Credit Card Stealing Malware
The online hotel reservation system of international hotel chains spread across 14 countries and 180 locations, was detected with credit card-swiping malware. The malware Mageart (used for the attack) uses a technique called ‘script injection’ which involves running untrusted code exploiting the vulnerabilities in e-commerce platforms. It speaks of the inefficient anti-phishing protection of the platforms.
What Was The Modus Operandi?
The Magecart attackers coded a simple fix by creating a natural-looking form that included a CVV field. It also translated the questionnaire into Dutch, English, French, German, Italian, Portuguese, Russian, and Spanish. The compromised online hotel reservation system is a part of Roomleader – a Barcelona-based provider of solutions for the hospitality industry.
No Hacks Needed, Medical Records Of Americans Already Out
Perhaps a rare sight but a critical situation is the one recently revealed jointly by ProPublica and German broadcaster Bayerischer Rundfunk. They announced that the medical servers of the US had been most carelessly designed to be accessible by literally anybody with an internet connection. The investigation found that the medical data of about 5 million patients in the US was accessible through some free software or a simple web browser.
Phishing Attack Protection Takes A Back-Seat
This issue gains significance because it is akin to serving information to the hackers on a platter. Around 187 medical servers spread throughout the US were found to be unprotected, missing even a password, let alone other sophisticated cybersecurity measures! Protection from phishing attacks takes a back-seat when creators leave sensitive details of patients unguarded on the web. These include name, birthdays and even social security numbers (in some cases). Moreover, many of those same servers were running outdated software, making them vulnerable to a variety of known exploits. Mentioning the figures, ProPublica pointed out that about 13.7 million medical tests and 400,000 x-rays for patients in the US were out in the open for attackers to find, use, and exploit.
Medical Units Accept The Flaw
Although ProPublica couldn’t prove that the records were accessed and copied elsewhere, yet this speaks volumes of the vulnerability of the medical servers. This vulnerability marks a violation of the federal government’s Health Insurance Portability and Accountability Act (HIPAA). HIPAA (enacted in 1996) is an act governing the handling of sensitive data. ProPublica informed the clinics of the fatal flaw in their servers, and many of them have taken immediate measures to strengthen their online security. However, it shall take plenty of time before each of these medical units gets rid of the vulnerability.
Another Ransomware Attack On A School
Stagnating the functioning of almost 3000 computers in the Wallenpaupack Area School District, attackers recently launched a ransomware attack. It encrypted all the files stored in the machines and then flashed a message on the screen directing the victims to an e-mail address that displayed the ransom payment guidelines.
For A Change: District A Step Ahead Of The Adversaries
But it’s unlikely that the district will succumb before the attackers as they are not on the losing end because of this attack. They have most of their files backed up and are now focusing on retrieving everything. As protection against phishing, the district hired a security consultant to analyze the incident and extract the encrypted systems. Simultaneously, work continues for restoring Powerschool and other educational programming systems. Their determination to challenge the attackers doesn’t end here. They also plan to train their teachers and staff on how to identify phishing e-mails that can lead them to fall prey to a probable scam. The district’s IT department shall work in close association with the hired security consultant to improve the security systems of the region.
Data Breach Of 24.3 Million Users Of Lumin PDF
A hacker recently released details of more than 24.3 million Lumin PDF users on a hacking forum. These details included full names, e-mail addresses, gender, (language) locale settings, and a hashed password string or Google access token belonging to the users.
A Brief Intro About Lumin PDF
Lumin PDF is a third party cloud-based PDF service. It lets you view, edit, and share PDF files over a web-based dashboard, inside a browser extension, or through the company’s mobile apps. It is more prevalent among Google Drive users for opening problematic PDF documents by installing it on their accounts.
An Act Of Revenge
The hacker (whose identity is unknown) claims that he contacted the Lumin administrators several times regarding his queries, but they remained unresponsive throughout the past few months. He doesn’t mention how their ignorance equates to sharing user details on a hacking platform, but it appears to be a vindictive act. The hacker adds that he could access the files from an exposed and unprotected MongoDB database of Lumin PDF, way back in April 2019.
Lumin PDF: Invalid Google Access Tokens
Lumin PDF, on the other hand, claims that the hacker’s comment that the leaked data contained valid Google access tokens weren’t accurate. They say that had it been true then the abused tokens would have allowed attackers to impersonate real users and access Google Drive accounts. They add that the tokens were all expired. They concluded that the vulnerabilities which were exploited by the attacker were patched to prevent phishing attacks in the future.
Google too was contacted who informed that their experts were investigating the issue. Google advised users to revoke app permissions for Lumin PDF and add the app once again to their Google account. Thus, they can be 100% sure that the access tokens are indeed ineffective. The guidelines to do so are available on the support page of Google Drive.
No Privacy Left For Ecuadorian Citizens
In what seems like the worst form of data theft, the personal details of almost the entire population of Ecuador was exposed on the internet. The details include the names, financial information and local data, official government ID numbers, phone numbers, family records, marriage dates, education histories, and work records of approximately 17 million people, including 6.7 million children.
A Data Breach That Touches Multiple Sectors
The security company vpnMentor discovered this massive breach. The breach exposed citizens’ financial records and account balances of bank customers on the one hand. It also revealed the tax records and official revenue ID numbers of companies.
This breach stands out as a serious one simply because of the expanse of data it reveals and the multitude of people affected by it. After this breach, the list of the wealthiest Ecuadoreans, their home addresses, the cars they drove, and their registration plate numbers, etc. was accessible to anyone with the click of a button. But thankfully, the Ecuador Computer Emergency Response Team has disabled access to the data to ensure protection from phishing and any further damage.
Ransomware Attack Hits Entercom
Entercom Communications – the Philadelphia-based broadcasting company, was recently hit by a ransomware attack. It disrupted the functioning of radio stations by spreading infection in internal digital systems, including e-mail systems, music scheduling, production, billing, and shared network drives. Consequently, some radio stations were compelled to complete music logs manually and function without commercials.
The attacker infected Entercom’s computer network and demanded a ransom amount of $500,000 to release the locked systems.
A Slew Of Disruptions For The Broadcasting Company
The attack initially infected a hacked machine in programming with ransomware and then seized the e-mail systems, music scheduling, production, billing, and shared network drives of Entercom. This attack has not only disrupted the smooth functioning of the radio stations, but it has also put a halt at e-mail services and internet connectivity. In addition to this, the print server ‘Mabosprint’ has also become dysfunctional.
The Administrations Springs Into Action
As an anti-phishing measure, the employees were asked to avoid connecting the company laptops to the wired network, which was infected by the attack. Since they could not afford to let the radio stations be inactive, they locked down the playout systems. It made it possible for radio stations to keep broadcasting without any interruption. Likewise, all those disconnected computer systems with the Active Directory continued to operate unaffected. However, Entercom made it very clear that they shall, under no circumstances, comply with the demands of the attackers. They will not pay the ransom and have apologized to the subscribers and the public for the inconvenience. Entercom is sincerely trying to set things right.
Second Ransomware Attack In Wolcott School System Causes Mayhem
Still recovering from the attack that hit the Wolcott school system in Wolcott, Connecticut, the school was once again the victim of a second cyberattack last week. This attack could be an act of revenge for not paying the demanded ransom in the previous attack, but it might also be just a coincidence. This attack held the teacher lesson plans as a hostage and consequently, the school had to stop its computer system once again. This second attack has come at a time when the school is still struggling to revive from the previous cyber setback, and naturally, it has created much mayhem among the authorities.
Its High Time To Deploy Robust Anti-Phishing Measures
Attacks on schools and municipalities have grown ominously in recent times, and the fact that these attacks are only increasing speaks a lot about the quality of anti-phishing solutions incorporated by these sectors. Additionally, the fact that the ransom amount gets readily paid to the adversaries without retaliation acts as an incentive and motivation for the attackers. Thus, they keep launching newer and more advanced attacks to target the vulnerabilities that exist in the system.
The reason why the schools and municipalities become easy targets of the attackers is that these sectors do not spend enough resources to ensure phishing attack prevention for their systems. Hence, the authorities need to consider this aspect seriously and spend wisely beforehand to save spending on ransom later.
Data Breach At Carle Foundation Hospital
In a recent incident of a data breach, attackers could get through the e-mail accounts of three top physicians at Carle Foundation Hospital in Urbana, Illinois. This act of intrusion via a phishing e-mail on the part of the adversaries led to a system breach that compromised the details of several patients. The leaked data includes names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plan of some of the patients. Though the attack revealed the details of selected patients availing cardiology or surgery services at the Carle Foundation Hospital, yet the hospital was prompt in taking action against the breach.
Hospital Administration Quick To Act
Immediately after the unauthorized third-party got access to the e-mail accounts of the three employees, the hospital appointed a renowned cybersecurity firm. It began an extensive investigation to get to the roots of the attack and locate the amount and extent to which they had lost data in the bargain. Also, the compromised e-mail accounts got secured at the earliest.
Hospital Administration: The Breach Is Contained
The three employees whose e-mail accounts got hacked exhibited poor e-mail phishing protection skills. The hospital was fortunate enough to not lose sensitive details of patients such as their Social Security numbers or financial information. The hospital also assured that the attackers hadn’t misused the details of the patients, and their privacy is still very much intact.