Week 36 Cyberattack Digest 2018 – British Airways, Huazhu Group, CamuBot and others
We are ready to give you a new portion of the freshest security news in our weekly cyber attack digest. Keep in touch with the latest incidents of the security area.
British Airways suffers a major breach
by Euronews – 6 September 2018
As a result of a security breach of British Airways credit card details of hundreds of thousands of its customers leaked over a two-week period. The worst ever attack was performed on the company’s website and app. Recently, the airline had learned that bookings dating back to the period from Aug. 21 to Sept. 5 had been infiltrated in a “very sophisticated, malicious criminal” hack. Attackers managed to compromise over 380,000 card payments, the airline representatives said. Also, names, street and email addresses, credit card numbers, expiry dates and security codes were obtained. The company was forced to apologise last Friday; BA Chairman and Chief Executive Alex Cruz said the airline was “deeply sorry” for the disruption caused by the sophisticated attack. He commented that the attackers had not broken the company’s encryption but there is no information on how the malefactors had obtained the customer records.
Hotels put at risk 500 million records
by 2-spyware.com – 31 August 2018
Huazhu Group reported about a massive data breach last Tuesday. The company monitors over 3500 hotels in China and possesses data of millions customers, a vast part of which was affected in an incident. The breach touched major hotels of Shanghai and, as it was revealed to the police, up to around 500 million records from various customers were affected. The organization learned about a leakage as about 140 gigabytes of sensitive information was put on sale on the darknet for 8 BTC, which equals to some $55,600. Researchers suppose that the compromised data includes millions of registration details, such as names, ID codes, phone numbers, dates of birth, addresses, check-in details, and other personal details. Experts believe that the hack was iniciated by inexperienced hackers. “It looks like human error is to blame for this breach. It also looks like the threat actors selling the data don’t have the contacts or infrastructure to monetize the stolen IDs individually, he explained”, – commented Lastline’s director Andy Norton.
US charges WannaCry hacker
by The Verge – 6 September 2018
The U.S. government announced charges against a man from North Korea. The verdict of guilty was declared over the 2017 global WannaCry ransomware cyberattack and the 2014 cyberassault on Sony Corp. Prosecutors concluded that the accused took part in performing the 2014 Sony Pictures attack at the behest of Pyongyang officials. Park Jin Hyok was then charged in a major 2016 Bangladesh heist and the 2017 WannaCry malware. Together, these are ones of the world’s most notorious cyberattacks of the recent years with respectively stealing $81 million in 2016 and affecting 200,000 computers in 100 countries in 2017. The attacker was an employee of Park and Chosun Expo, the Chinese-based front company. where he worked; now, the U.S. Treasury Department has imposed sanctions against the organization. “The department has charged, arrested and imprisoned hackers working for the governments of China, Russia and Iran. Today, we add the North Korean regime to our list, completing frankly four out of four of our principle adversaries in cyberspace,” – commented John Demers, the Assistant Attorney General of the National Security Division.
Brazilian Banking Customers are targeted by a new malware
by Security Intelligence – 2 September 2018
We always say that banks are too attractive targets for attackers to fall out of their attention for a prolonged time, and this week’s incidents demonstrate that. IBM X-Force researchers examined new financial malware targeting affluent Brazilian banks and affecting their business banking customers. The malware was dubbed CamuBot because due to its ability to camouflage itself as a security module required by the banks. CamuBot first appeared in Brazil in August 2018 in attacks against business banking users. researchers concluded that the malware was mostly applied to target companies and public sector organizations with the use of social engineering and malware tactics for fooling strong authentication and security controls. Unlike classic banking Trojans, CamuBot’s deployment can be identified. It may use bank logos and brand imaging to mimic a security application. CamuBot is personalized and this way it gains victims’ trust. Since the malware targets businesses in Brazil, it may have gathered data from local phone books, search engines or professional social networks to get to business owners details.
As always, major organization that possess loads of customers data are the main targets of attackers, and we see this regularly. This trend is not going to disappear in the future, still, no matter what organization you are working in, never forget to care about your security and follow us on Twitter, Facebook, and LinkedIn.