Cybersecurity is the biggest challenge that confronts all netizens today. No matter how strong and secured a network chain is attackers manage to exploit the loopholes, using it to their benefit and misguiding the users to extract personal details. Individuals and organizations deploy anti-phishing measures, but bad actors always look forward to outsmarting them. Here we have a list of the main headlines from the digital world for the cybersecurity enthusiasts:
Cafepress Reveals Data Breach To Customers After Months
T-shirt flogger CafePress recently intimated the customers about a data breach which took place way back in February. An e-mail from CafePress informed users that the breach led to a loss of customer names, e-mails, physical addresses, phone numbers, and unencrypted passwords. In some cases, attackers accessed even the last four digits of payment cards of customers, along with the expiry dates. Though the e-mail informs customers of the breach, yet it continues to uphold the sense of security that the firm otherwise promises. It is evident in its e-mail message where it says that diligent efforts were made to investigate the breach.
Researcher Jim Scott later revealed that almost half of the 23 million compromised users had their passwords exposed encoded in base64 SHA-1.
CafePress Working In Tandem With The US Law Enforcement
CafePress announced that it is collaborating with US law enforcement to deal with the data breach. As a phishing prevention tactic, the company shifted the database and adopted stringent security measures for their systems. To ensure that customers get uninterrupted services despite the attack, it tied up with Experian, Transunion, and Equifax for the time being. However, CafePress remains silent when asked about its incompetent encryption methods which made the breach possible in the first place.
SEPTA Closes Online Store To Avoid Any More Cyber Attacks
Southeastern Pennsylvania Transportation Authority (SEPTA) – the American transport authority was attacked by a malware attack in June 2019, and they responded by shutting down their online store permanently. Their online store shop(.)septa(.)org was famous for booking travel tickets online and also for the SEPTA-branded mugs and clothing. The attack probably began on June 21 and ended on July 16. When the authorities discovered that the malware attack stole sensitive personal details of over 761 customers, they were too apprehensive of continuing their online business. Amazon Web Services hosted the SEPTA online store. The success of the attackers in stealing details like credit card numbers, names, and addresses often makes the victim lot doubt the phishing protection service as well.
A Vigilant User Unearths The Attack
This attack was brought to light by a user who received a malware warning while browsing the online store. SEPTA did not act immediately upon this and patiently waited till it gathered enough information about the individuals affected in the attack. SEPTA made use of proper reporting protocols and were very systematic in their approach; making sure also to notify the FBI and the Pennsylvania Department of Transportation.
Cyber Attack Hits Woodstock City
The City of Woodstock recently had its e-mail access blocked along with several other notable files related to the operation of the municipal government. It is a massive cyber-attack that appears to be a ransomware attack but is probably a virus. The virus was detected last week, but the intensity of its damage was only discovered on Saturday morning. There were no demands for ransom until the publication of the report. Neither have the authorities tried contacting the attacker nor has the attacker attempted to reach out.
Quick Response By The Administration
Woodstock summoned outside consultants for their anti-phishing services to give shape to a three-pronged strategy. It involves
- ‘Containment’ or alienation from outside connections to avoid virus propagation.
- ‘Investigation’ or analysis of endpoints and service points of the network and extraction of evidence.
- And lastly, ‘recovery’ of their system.
The city of Woodstock seeks to know how the attackers could get through their two-layered malware protection. However, the good news is that the attackers were not able to access any private information illegally.
Presently, the access to e-mail stands blocked for all residents of Woodstock. However, all conventional services seem to be operating normally.
Campbell County Health Hit By A Ransomware Attack
The Campbell County Health (CCH) in Wyoming was recently hit by a ransomware attack that caused much inconvenience to the functioning of CCH’s computer network. The attack brought them back to the conventional method of keeping records on paper. They also transferred some patients to other hospitals to save them from unnecessary trouble.
Though the attack was a massive one, yet no information indicated the possibility of patient information compromised in the attack. No specific details on the attack are available as such but investigations continue in this regard. As for anti-phishing protection, CCH roped in a third-party cybersecurity firm in addition to local, state and federal law enforcement.
Authorities Keep Information Seekers In A Loop
The hospital refused to share any information about the attack, be it the ransom amount demanded or its plan of action. They however informed that the attack wasn’t able to deter their resolve of serving patients diligently.
Planet And Psycho Face Indictments Of Wire Fraud And Aggravated Identity Theft In The US.
Elliott Gunton and Anthony Nashatka, known by the nicknames of Planet and Psycho are facing charges for misusing the internet and for conducting crypto attacks. Chances are, they might receive charges going up to 20 years. The UK based teenager Elliott Gunton, who is 19 now, was accused of hacking TalkTalk and being responsible for a cryptocurrency fraud involving at least $800,000 (£640,000) in the US.
Gunton hacked the telecommunications firm TalkTalk when he was 16 and faced a sentence of 20 months in prison at Norwich Crown Court for his computer misuse offenses. Anthony Nashatka, on the other hand, is a US citizen, whom authorities alleged of being involved in wire fraud and identity theft along with Gunton.
The US Department Of Justice Tightens Its Noose Around Etherdelta Currency Exchange Defrauders
They were held guilty by the US Department of Justice of defrauding customers on the EtherDelta currency exchange site from 13 to December 26, 2017. They withdrew hundreds of cryptocurrency from EtherDelta users, with the amount going up to $800,000 from just one customer.
Gunton himself admits to five charges leveled against him which includes computer misuse and money laundering offenses. As phishing protection laws get stringent, Gunton was instructed to return £407,359. Authorities also put restrictions on his use of internet and software for a period of three-and-a-half-years.
Chrome Removes Malicious Ad Blockers From Web Store
Andrey Meshkov, a researcher from AdGuard, discovered two malicious extensions “AdBlock” and “uBlock” that impersonated legitimate blockers and fooled the Chrome users. Chrome removed these two ad blockers from its Chrome Web Store after Meshkov’s discovery.
Cookie Stuffing To Reap Hefty Commissions
These fake ad blockers operated to perform cookie stuffing. Its purpose to create a phony hype around an ad, making it appear as though more people clicked on an affiliate ad than the actual number. Cookie stuffing helps criminals win money with ad fraud. They get hefty commissions on purchases that a user makes on sites stuffed with the cookies.
It is challenging to identify a fake ad blocker from a genuine one, and the false ad block can only come into notice after 55 hours. The extension then behaves abnormally. Meshkov found evidence of the two fake extensions receiving hijacking cookie commissions from several sites like Microsoft.com, Linkedin.com, Aliexpress.com, and Booking.com.
The rate at which these fake extensions fool users is alarming. They have over 1.6 million weekly active users who got stuffed with cookies of over 300 websites from Alexa Top 10,000.
Attackers Target Singaporeans, Steal Over 1700 Card Details
The dark web was recently found vibrant with a database of the credit card details of over 1700 Singaporeans. As most Singaporeans tend to shop online from e-commerce websites, and while making payments online is where the attackers come in and steal their information.
Several of the e-commerce websites visited by Singaporeans got infected with skimming software as per recent updates. Group – IB, a Singapore-based cybersecurity firm hinted at the possibility of this database being a contributor to the 26,102 compromised payment cards issued by Singapore banks. Hackers sold these on the Dark Web between January and August 2019.
Group-IB’s Advice To The Customers
According to Group – IB online card skimmers make use of shady software which operates to intercept payment card details from infected websites. It then sells the procured data on the Dark Web. As phishing prevention tips, Group-IB asked people who frequently shop online to use a specific card for all their transactions online. It includes e-commerce shopping, paying off phone bills, or filling up forms to ensure that not all their bank details go viral in case of a cyber-attack.
First Of Its Kind Whatsapp Attack On Tibet
In what appears to be a first of its kind attack in Tibet, the Apple iPhones and Android devices of renowned Tibetans were the target of a hacking scheme that works through WhatsApp messages. A mere click on the link embedded in the Whatsapp text is sufficient to have a permanent tracker installed unknowingly on the mobile devices of the victims. It undoubtedly comes out as the most sophisticated attack on Tibetans to date.
An Agenda Of The Chinese Government?
The Chinese government is supposedly the sponsor of the attackers who was nicknamed ‘Poison Carp’ by Citizen Lab – a group of surveillance-tracking researchers at Toronto University.
Citizen Lab found close ties between Poison Carp and the group responsible for the attacks on the iPhones and Android devices of Uighurs by Google Project Zero and Volexity in August.
A Setback For The Anti-phishing Policies Of The Tech Giants
This sensational Whatsapp attack by Poison Carp enables them to view and exploit weaknesses in the Android browser or Apple’s iOS operating system. It activates the moment a victim clicks on the Whatsapp link. It is a drawback of the phishing prevention software with Apple and Android because none of the exploited vulnerabilities were recent. However, there is one case where the attackers targeted a Google Chrome bug whose patch wasn’t yet made available to the users.
Regular Updates Are The Key To Stay Safe
Anyone who duly updates Android or iOS software remains safe from this Whatsapp attack. As for those without the latest update, the attack becomes successful, and the attackers get access to their messages on WhatsApp and Facebook, their location, contacts, call and text histories, and Gmail. Eminent people affected by the attack from November 2018 to May 2019 include the offices of the Dalai Lama, the Tibetan government-in-exile and Tibetan human rights groups.
However, Apple and Google both affirmed that they recently patched the vulnerability for the Tibetan customers.
Indian ATMs Targeted By North Korean Malware
ATMDtrack, a new malware developed by the North Korean hackers, was found on the network covering Indian banks. It is capable of recording and stealing data from credit and debit cards when inserted into an ATM. Another advanced version of ATMDtrack is DTrack which comes with the features of remote access trojan (RAT). It functions as a spy and data theft device, instead of a financial robber.
Tracing Back The Roots Of The Malware To North Korea
Both of these malware ATMDtrack is DTrack show striking resemblance with the malware used by North Korea’s biggest state hacker group – the Lazarus Group. The malware used in “Operation DarkSeoul” and DTrack seems to have similar roots.
DTrack is perhaps the most recent invention of the Lazarus Group with its first implementation dating back to late summer of 2018, and last activity spotted in September 2019. DTrack is designed to perform multiple operations such as keylogging, retrieving browser history, gathering host IP addresses. It also collects information about available networks and active connections, lists running processes, and lists files on all available disk volumes.
However, investigators cannot ascertain which of the two malware strains developed first and which evolved later.
Verlo Mattress Factory Leaves Database Unprotected, 387,604 Customer Records Exposed
Security Discovery researchers recently found an unprotected database belonging to Verlo Mattress Factory on the web, which exposed the details of about 387,604 customers. The compromised details include the names, phone numbers, e-mails, home addresses, and billing addresses of customers. Additionally, it includes their system information such as IP addresses, ports, pathways, and storage info, including login credentials with hashed passwords. But the credit card information or payment details of customers remained concealed despite the data leak.
More Carelessness, Less Attack
Jeremiah Fowler from Security Discovery first saw the exposed database on September 05, 2019. It was evident that it was no scheme of any hacker but the carelessness of the mattress company. The database contained a folder named “Customers” with each file referring to Verlo Mattress Factory explicitly. Such negligence against phishing prevention makes the customers associated suffer severely.
Fowler tried to reach out to the mattress company but never heard back from them. Nonetheless, the database was brought down soon after the company received the intimation forwarded by Fowler. Fowler says that the duration for which the database remained exposed on the web is unknown. He is also unsure whether the company took charge of informing the affected customers about the probable access of their data by unauthorized third parties. He fears that an absence of such notifications would make the customers all the more vulnerable. Because, instead of taking precautionary measures, they’d then be sitting at home, totally oblivious of the threat to their details and safety.