Posts

TARGET: Technical Documents for U.S. Air Force Drone Leaked through Router Vulnerability

July 11th – In June 2018, Recorded Future observed a hacker on the Dark Web selling the technical plans and training manual of the MQ-9 Reaper UAV (unmanned aerial vehicle) for $150 to $200. The MQ-9 Reaper was introduced in 2001 by General Atomics and is currently in use by the U.S. Air Force, the U.S. Navy, the CIA, and U.S. Customs and Border Protection.

The hacker was English speaking and appeared to disclose the method of how he or she was able to obtain the sensitive documents from a computer of a captain at 432d Aircraft Maintenance Squadron Reaper stationed at the Creech Airforce Base in Nevada.

In early 2016, security researchers published findings regarding Netgear routers with remote access capabilities were vulnerable if the default FTP credentials were not changed out. Additionally, NetGear routers have a “ReadySHARE Storage” feature that allows individuals on the router’s network to connect USB storage and share the contents of the USB. If an attacker is able to access certain NetGear routers with this feature remotely via FTP, they can access the data stored on the router via the USB share feature. It was disclosed that the attacker was able to obtain a collection of sensitive files from a U.S. Airforce Captain’s computer via FTP remote access.

Beyond the documents stolen, the hacker also has disclosed that he or she is also able to access footage from U.S. border surveillance and can watch footage of certain predator drones flying over the Gulf of Mexico. The individual also disclosed that he or she was not targeting the U.S. Airforce when obtaining the plans for the Reaper, but rather came across information about the vulnerability through doing a search in Shodan (Shodan is a search engine platform used by hackers to identify vulnerabilities and configurations that are internet facing and susceptible for attack). The identity of the hacker has not been disclosed at this time from the sources researched.

Proficio Threat Intelligence Recommendations:

  • Inspect SOHO equipment that might be at remote sites for vulnerabilities or unsafe configurations.
  • Assess blocking well-known social networks that do not have business use to potentially reduce future channels of command and control.
  • Disable USB storage sharing over Wi-Fi if this feature is currently used in the environment.
  • Put security controls in place to guard against unauthorized access of the organization’s sensitive data.

Recorded Future Investigation – Click Here

TARGET: Dixons Carphone Breach exposes 1.2 million customers data

On June 13th, The popular U.K. based electronic and telecom retailer Dixons Carphone disclosed that it has recently discovered that it was breached in 2017 which may have compromised almost 6 million payment cards and 1.2 million personal data records. The company disclosed that there had been unauthorized access to sensitive data starting in July 2017 with no evidence of persistent access.

With GDPR now in full force, Dixons Carphone was legally required to send out a breach notification within 72 hours of discovery otherwise face potential fines. Dixons Carphone did not disclose which specific systems were targeted in the 2017 breach, only that payment cards in one of the processing systems was compromised.

Dixons Carphone took precautionary measures by immediately notifying card companies about the potentially compromised cards to alert and protect customers of possible fraud. The company may also be required under GDPR to provide credit monitoring for the affected individuals for a year or more. There has not been any reported use of the 6 million cards in question at this time.

The Proficio Threat Intelligence Recommendations:

  • Regular credit checks and reviews of monthly financial statements to ensure fraudulent activity has not occurred
  • If an organization falls under the scope of GDPR, note the new articles explaining the new requirements around data breach notifications.

General Info – Click Here

Target: Exactis Data Leak – 340 Million Records Exposed

Published June 28, 2018, the database leak of Florida-based marketing and data aggregation firm Exactis has been disclosed to the public. Exactis focuses on the mass collection and trading of data in order to provide highly accurate and targeted advertisements to its audience. This is considered to be one of the biggest breaches of all time, affecting over 340 million records, with over sixty percent affecting consumers and the rest affecting businesses

The vulnerable information was discovered by a security researcher who observed Exactis’ database visible on a publicly accessible server, unguarded by perimeter devices. It is unknown if this data had been acquired by other parties prior to the disclosure, but Exactis has reported that the data is no longer publicly accessible.

The information available from this exposure could allow malicious actors to improve the success of their social engineering attacks due to the highly personal nature of the data exposed. Some of the leaked data includes: age, gender, phone numbers, email addresses, home address, religious preferences, clothing size, gender of children and other information classifying behavioral data, lifestyle interests and more. At this time, no financial information or Social Security numbers have been leaked.

Proficio Threat Intelligence Recommendations:

  • The severity of this exposed information allows for the heightened accuracy of social engineering attacks. If an email looks suspicious or is from an unknown entity, it is advised to delete the email immediately. Do not click on links shown within the email.
  • Ensure sensitive company-owned data is not publicly accessible.

 

McAfee Source Link –

Click Here

 

Wired Source Link –

Click Here

Target – FAPD Phishing HIPAA Breach

On June 1st, the Florida Agency for Persons with Disabilities (FAPD) disclosed that a phishing attack had compromised a single email account. The email account contained information that had PHI of over 1,951 customers and/or guardians. Although no evidence was gathered that indicated the information was accessed, FAPD could not completely rule out that it had not been. As a result, FAPD is providing the potentially affected patients with breach credit monitoring services for the following year for free.

The Proficio Threat Intelligence Recommendations:

  • Implement multi-factor authentication for email access of users that may access ePHI
  • Validate that auditing has been enabled to prove what emails were accessed during a user session
  • Limit email access to IP addresses geolocated within the organization’s place of business

General Info – Click Here

TARGET: Two Major Canadian Banks Breached

Two Canadian banks claim to have been breached by attackers this week. Simplii Financial which is owned by CIBC, has claimed that it may have lost personal and account information for over 40,000 bank customers. The Bank of Montreal then followed this news by claiming that they too had been breached and lost up to 50,000 individuals’ personal and account information.

The attackers had tipped off both banks that they possessed the data and threatened to take the information public if they were not paid one million dollars worth of cryptocurrency each. Based on the nature of the situation, both banks decided to go public and not give in to the attacker’s demands.

The attacker’s actions are unusual compared to recent trend of events. Most recent “ransom” attacks have involved gaining control of assets within an organization and then encrypting the contents held within those assets using ransomware. In this particular attack, the attackers attempted to blackmail the banks by threatening to release information regarding the breach if the banks did not pay up.

The method of how the banks were breached are unknown at this time. It is suspected that the attackers may have targeted some type of account reset feature held on servers that store user account information. They may have then used an application that had some type of algorithm that could access bank account numbers and then systematically pull user account information.

Proficio Threat Intelligence Recommendations:

  • Ensure the application security of password reset features on relevant applications
  • Enforce strict access controls and monitoring against assets that hold personal user information, especially banking applications that may hold bank account information.

General Info – Click Here

TARGET: Nuance Communications – Lost Revenue and PHI

Nuance Communications, a healthcare software company which specializes in speech and imaging, has had a run of bad luck with external and internal incidents in 2017.

Last year NotPetya malware cost the company $92 million in revenue, mainly from the disruption of transcription services and systems used by healthcare customers. Nuance quickly attempted to restore client functionality which took over a month for complete remediation and restoration. This attack constituted a security incident under the HIPPA Security Rule but not a breach of PHI under the BNR (Breach Notification Rules).

In December 2017, only months following the NotPetya incident, there was an unrelated data breach from a former Nuance employee involving the PHI of 45,000 individuals. The records included healthcare provider’s patient assessments, diagnoses, dates of service and care plans. The attacker  stole these records through an unauthorized access of a transcription platform.

Nuance stated that it continues to enhance its security protection to prevent further cyberattacks as these incidents have resulted in negative press and has lost potential revenue.

Proficio Threat Intelligence Recommendations:

  • Proper network segmentation to mitigate the spread of malware outbreaks
  • Implement and enforce access controls to prevent unauthorized access
  • Backup critical systems and store them off-network

 

General Info – Click Here

TARGET: Coca-Cola Data Breach

Things are starting to fizz up! Back in September 2017, a disgruntled former employee of the soda pop conglomerate, Coca-Cola, managed to walk out the door of their global headquarters with an external hard drive containing over 8,000 confidential employee records. Although they would not disclose the specifics of the information stolen, the company did reveal that employee personal information had been compromised.

The crime went unnoticed until law enforcement officials brought it to the company’s attention. It appears that Coca-Cola had no idea that the external drive and personal data were missing until the FBI found the hard drive in the possession of the former employee. Coca-Cola has since notified the affected employees.

Proficio Threat Intelligence Recommendations:

  • Implement additional access controls around sensitive data.
  • Invest in solutions such as a UBA (user behavior analytics) platform to detect insider threat activity.

General Info – Click Here

Target: Ikea TaskRabbit – Security Breach

The Ikea owned application TaskRabbit announced a security breach had occurred that could have left user account credentials vulnerable. Unauthorized attackers gained access to the system exposing account details such as usernames and passwords. It is still unclear if any user personal payment information had been exploited. The application was taken offline and the situation was assessed by TaskRabbit, law enforcement officials as well as a third party cybersecurity group. The details surrounding the data breach are sparse, as the investigation with a cyber forensic team is currently ongoing. After multiple days, the app has since been brought back online.

In a statement released on Twitter, TaskRabbit urges users to change their credential information as soon as possible as well as closely monitor their personal accounts for suspicious behavior.

TaskRabbit is a mobile application which links customers with “Taskers” who are willing to do odd jobs and chores for payment. TaskRabbit was acquired by the Swedish furniture giant in September of 2017 and launched a furniture assembly service through the application.

Proficio Threat Intelligence Recommendations:

  • Adhere to security best practices by limiting password reuse through the implementation of unique passwords for individual accounts

General Information – Click Here

Target: Expedia Orbitz – 880K data breach

Travel giant Expedia Orbitz, has disclosed a security breach that’s affected at least 880,000 customer payment cards. It appears that the attackers had potential access to the data between the Oct. 1, 2017 and Dec. 22, 2017. The investigation revealed that the attackers had potentially exposed customer names, addresses, payment card information and email addresses when the Orbitz.com legacy site was compromised. Expedia Orbitz reported the issue on March 27th and says the issue was addressed when it was discovered on the 1st of October 2017.

Orbitz doesn’t have direct evidence of what information was actually stolen at this time. Working closely with law enforcement, Orbitz was able to confirm that no U.S. social security numbers were exposed.

General information on the data breach –Click Here

Target: MyFitnessPal – 150 million hacked

Athletic Apparel & Footwear mogul Under Armour announced that their popular fitness app, MyFitnessPal, has suffered from a massive data breach. Investigation has revealed that somewhere close to 150 million accounts have been compromised. The account information exposed includes: usernames, email addresses and hashed passwords. Under Armour revealed that no credit card information or other payment information had been affected by the hack.

In regards to the total number of records compromised, SecurityScorecard revealed that this is the largest data breach this year and is in the top five to date.

Under Armour became aware of the breach on March 25th and has since required all users to change their passwords and recommends that they closely monitor their accounts for suspicious behavior.

Proficio Threat Intelligence Recommendations:

  • Adhere to security best practices by limiting password reuse through the implementation of unique passwords for individual accounts

General information on the data breach – Click Here