As phishing protection methods soar new heights, there is an equivalent (if not more) progress by adversaries. They continuously strive to attack weaker systems and networks via malware or phishing attempts. There are many cyber attacks taking place in every corner of the world, and their success rate is quite high. Being aware of the developments in the cyber arena is pivotal for everyone as it helps in staying aware, alert, and vigil. The following are some of the major news headlines from the past week in the world of cybersecurity.

Phishing Scam Compromises Customer Details Of Air New Zealand Airpoints Members

Details of some 70,000 Air New Zealand Airpoints’ members got compromised in a recent phishing scam. The compromised data doesn’t include passwords and credit card details, but it involves information about membership profiles. Addressing the members in an e-mail, the Regional General Manager of the airlines – Jeremy O’Brien said that they regret that the scam happened because of which there was a compromise of the personal details of users. The attack affected two of the Air New Zealand staff accounts. The airline has taken the required steps to inform customers of the same and ensure phishing attack prevention in the future via the implementation of stringent rules and barriers. It has already secured the two attacked accounts and is conducting an in-depth investigation to capture the culprits. The airline also released a list of the Do’s and Don’ts in the interest of the affected customers.

Airlines A Prime Target For Attackers

Since they have enormous databases of information linked to customers, airlines are the prime target for hacking and phishing attacks. Earlier this year, leading airline British Airways had to cough up $360 million for the security breach of its systems.


Second Ransomware Attack On Lincoln County In The Same Fortnight

For the second time in two weeks, Lincoln County, North Carolina has undergone a ransomware attack. This unusual event suggests either the attackers making enormous progress that makes them surpass any walls of protection or an incompetent security system at the county. It may be a result of their negligence of the gravity of the matter. The first of the two ransomware attacks got spotted on July 26. This attack infected county networks, encrypted access to employees’ computers, and captured Lincoln’s website. The next attack occurred on August 6 and was much more powerful and severe. It crippled communications throughout the county and even disrupted the functioning of some of the computer systems of the North Carolina Police. However, the attackers haven’t demanded any ransom as yet.  It seems like the two consecutive attacks acted as an eye-opener for the authorities who are now strengthening the security measures for their IT systems.

Not The Only Incident Reported By North Carolina’s Security Experts

The Lincoln County attack is not an isolated incident in the state. Computer systems in Concord and Anson counties were under attack a few weeks ago. The 2017 ransomware incident in Mecklenburg County also gained significant headlines.


Malware Varenyky Engages In Alleged Sextortion Campaign

Defying all anti-phishing protection measures, a malware called Varenyky spotted in May this year, is known for distributing different types of spam. While one of those spams involves a survey redirecting the user to a fake Smartphone promotion, the one that raised eyebrows is the sextortion campaign. This spam targets the users of Orange S.A., a French ISP. What Varenyky does is that it monitors the browser of the users. Every time there is a search related to adult topics, it records the screen of the victim via an FFmpeg executable. The malware then uploads the video to the C&C server through a downloaded TOR client.

How Does The Varenyky Function?

  • The malware distributes through malspam e-mails that are camouflaged to appear as messages containing invoices and bills. There is also a word document attached to these e-mails.
  • Once the user accesses the attached document, the malware comes to life and first checks if the French language is enabled. If yes, then the malware gets successfully downloaded on the victim’s system, and if not, then the installation fails.  
  • Once installed, the trojan auto connects to the Command & Control server and also carries out other malicious activities. These include downloading and executing files and PowerShell commands.
  • It is also designed to auto-update or uninstall from the victim’s computer. Additionally, it can activate NirSoft’s web browser PassView and Mail PassView tools. These tools are then used to steal web browser and e-mail client passwords.


The Sextortion Allegations

The videos recorded by Varenyky can be used to blackmail a user. However, it is unclear if these videos were logged out of curiosity of the hacker, or for monetizing them.


office 365 advanced threat protection


New Variant Of Ursnif Trojan Goes Viral

The Ursnif Trojan that is in existence since 2007, now has a new variant. Ursnif is highly used by attackers ever since its source code was leaked and became easily accessible to the attackers. The latest version, however, functions through phishing e-mails that include malicious word documents attached to them. Ensuring e-mail phishing protection becomes difficult in spite of having all the trackers and protections in place because there is always someone who falls into the trap. The phishing e-mail prompts the victim to enable macros to view the attached word document, and if a user complies, then the infected VBA code begins downloading the trojan malware. After completion, several “iexplorer.exe” processes execute which appear on and off.


E-Ticketing System Flaw Reveals Customer Data – British Airways

A flaw in the security measures of the e-ticketing system of British Airways left sensitive information of passengers unencrypted. It was available for unauthorized access by anybody who is on the same network as the passenger. The compromised data includes the flight details and personal information of passengers, such as their booking reference numbers, phone numbers, and e-mail addresses. Additionally, itineraries, flight numbers, flight times, seat numbers, and other details were also accessed.

A Security Blunder And Denial By The Airline Authorities

The flight check-in links sent to British Airways passengers on mail were left unencrypted. Because of this security blunder on the airline’s part, anyone on the same network as the passenger can easily access their information and even make alterations to their bookings. In the last six months, the affected British Airways domains reported approximately 2.5 million connections. But, the airlines’ authorities claim that no information about passengers’ passport or payment were misused or exploited so far. They also said that protection from phishing attacks is critical to them, and they take every measure required to uphold this interest.


Data Breach At Choice Hotels Reveals 700,000 Customers’ Data

One of the largest hotel franchises – Choice Hotels, disclosed some time back that they have undergone a data breach caused due to a misconfigured MongoDB database. Using this to their advantage, adversaries stole data belonging to as many as 700,000 customers and asked for a ransom amount of $3,800 or 0.4 Bitcoin in exchange for these customer details. Although Choice Hotels secured the server by incorporating anti-phishing solutions, yet the volume of data compromised remains massive. It included the names, e-mail addresses, physical addresses, and phone numbers of customers. Fortunately, there was no violation of information related to financial and personal details of customers.

Authorities Dismiss Reports Of Any Significant Losses

In response to this breach, the authorities at Choice Hotels said that no such loss occurred to their customer records. The fields were mentioning the passwords, reservation details, and payment information comprised of fake test data. And, the majority of the 5.6 million records in the database were test data. This information, they said, brings down the number of real people who were affected by this breach.


Private Chats Of 10 Million Users Revealed By Chinese App Sweet Chat

Sweet Chat is an app similar to Tinder and gained tremendous popularity in the recent past. It is the most used social app in Latin America, the Middle East, and some other regions. With a user base of over ten million people, the Chinese app came under fire for revealing private chats of its users because of an unsecured server. The app authorities were informed of this security flaw by security researcher Darryl Burke as early as on July 21, 2019. However, no immediate action was visible until August 12 when they released only a temporary patch for the flaw.

What Is The Flaw?

Any application using the MQTT messaging protocol must be very cautious of ensuring appropriate implementation of the protocol and failing to comply leaves private data vulnerable to unauthorized access. The exact thing happened with Sweet Chat, which was unable to ensure accurate implementation of the MQTT messaging protocol. It has now brought the allegations of a data breach upon them. Merely releasing a patch shall not fix the problem faced by Sweet Chat. They need to take stern anti-phishing measures that can safeguard them from any such vulnerabilities in the future.


The City Of Naples Loses $700,000 In A Cyber Attack

In a recent cyber-attack that hit the city of Naples (Florida) in the United States, the authorities fell for the trick of the attackers and gave away $700,000. This enormous economic loss comes at a time when several other cities of the US have undergone similar cyber attacks. As per the information received, the attack was a sophisticated one which was hard to detect for the authorities. The attackers conducted a very complex spear-phishing campaign, targeting a particular person or department. The attacker impersonated to be representative from the Wright Construction Group – a group handling the infrastructure work on Eighth Street South in Naples downtown. The adversary asked for a funds transfer to a bank account, which was fake. Victims transferred funds to the tune of $700,000 to this fake account, leading to this massive financial loss. The attackers tricked the victims into transferring the funds to a fake bank account under their control. They were posing as representatives from the Wright Construction Group. It was a failure in preventing spear-phishing attempts by the network security experts. However, the silver lining is that the attack couldn’t affect the city’s data systems. Officials reported the scam to the relevant authorities, who launched an investigation into the matter.


India Is Most Prone To Cyber Attacks As Per Latest Report

For the second time in a row, India ranked top in the list of victims of cyber attacks in the IoT space. The country saw a rise of 22% in the number of cyber-attacks, which makes it the most attacked nation in the IoT space for the last quarter. The report, authored by telecom solutions provider SubexData, collected data from 15 Indian cities. It concluded that Mumbai, New Delhi, and Bengaluru were the ones with the highest number of cyber-attacks recorded. Throughout the quarter, 33,450 high-grade attacks got recorded, 500 of which were highly sophisticated attacks. Clearly, the incorporation of an incompetent phishing prevention system explains a lot about these rising figures. SubexData has its headquarters in Bengaluru. Attackers used several sophisticated malware that targets critical infrastructure projects, and this resulted in a massive rise in the number of attacks that the nation faced. There are over 2,550 different types of malware in operation in India.


Serious Security Flaw In Suprema Biometrics Lock System

Suprema recently got listed as a firm that keeps user data unprotected. Suprema is a security company in charge of the web-based Biostar 2 biometrics lock system, which facilitates centralized control to warehouses or office buildings. They use fingerprints, facial recognition, unencrypted usernames and passwords, personal information of employees to ensure that only authorized people get access to buildings. The UK Metropolitan police, defense contractors, and banks use their services. However, their Biostar 2 platform recently amalgamated with AEOS which has a broad user base and has a presence across 83 nations. Researchers tried searching for Biostar 2’s database by manipulating the URL search criteria in Elasticsearch to gain access to data. Surprisingly, they could quickly gain access to the data. More than 27.8 million records and 23 gigabytes-worth of data comprising admin panels, dashboards, fingerprint data, facial recognition data, and face photos of users were visible.

Additionally, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff became accessible to the researchers. Most of the procured usernames and passwords were unencrypted. Also, the data researchers could easily modify the data. In response, Suprema’s head of marketing, Andy Ahn, said that the company was conducting a thorough evaluation and that they take the protection of customers very seriously. Researchers point out that Suprema is not the only victim. Supply chain vulnerabilities affect data of many Fortune 500 companies.