Issue 41 - Week of Nov 30th

1.       Chennai Rains: Attackers frequently see large events as an opportunity to launch cyber-attacks on a curious population, these events are used as effective lures. People are exposed to information on social media and they have to often wade through rumors, hackers exploit this. In the past, hackers have used major crisis to spread malware - like they did during the Boston Marathon blast in 2013. Chennai Rains offers a ripe opportunity to hackers and one needs to take precaution before opening any email or clicking on any URL. US elections is another such event that hackers may exploit!

2.       Vtech hack: Hong Kong-based Children's toy company Vtech announced it was hacked last week. 6.4 million children's accounts and 4.9 million parental accounts were accessed. The hack exposed general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history. The company on its website confirmed that no Credit card information or personal identification data was lost. The hack occurred on 14th Nov 2015. The company discovered the breach, after being contacted by a journalist, 10 days later on the 24th Nov. Customers were informed on 27th Nov.

3.       Hacker leaks customer data after UAE bank fails to pay ransom: A hacker who broke into a large bank in the United Arab Emirates made good on his threat to release customer data after the bank refused to pay a bitcoin ransom worth about $3 million. The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month and began releasing customer account and transaction records via Twitter. Although Twitter closed the account, the hacker opened a new one and released the account statements.

4.       Gambling darling Paysafe confirms 7.8 Million customers hit in hacks: The newly-branded Paysafe Group confirmed in a London Stock Exchange announcement that information related to 3.6 million Neteller accounts and 4.2 million Skrill users were leaked. Paysafe group lists itself as a British online payments company with Neteller and Skrill being its subsidaries. The Neteller attack involved an exploit of a vulnerability in the Joomla content management system, whilst the Skrill breach saw a VPN, designed to provide secure access to the firm’s network, hacked and a transaction database accessed.

5.       New Windows ransomware steals passwords before encrypting files: Several badly secured websites are being used by hackers to redirect the visitors to sites that are hosting the notorious Angler Exploit kit. A mere visit to such sites installs the exploit kit without the user's knowledge and then the exploit kit delivers the payload (Crytowall 4) to the system. Before Cryptowall encryts the machine, the hackers systematically harvests all usable usernames and passwords from the infected system and sends them to servers controlled by hackers. This enables hackers to acquire working logins for websites, e-commerce sites, and even corporate applications, which they could further steal data from. We discussed Cryptowall 4 last week.

6.       JD Wetherspoon loses data of over 650,000 customers in cyber-attack: In an email to customers sent last week, the food and drink chain said the firm's website had been hacked between 15^th and 17^th June this year, resulting in the potential loss of customer data including names, dates of birth, email addresses and phone numbers -- as well as a small amount of credit card records. However, it is applaudable that the company went public with the news, quickly after it was told about the breach on 1^st December.

7.       Pickpocketing the Mobile Wallet: Mobile wallets and new payment technologies will introduce additional opportunities for credit card theft and fraud. Hacks targeting mobile devices and new payment methodologies will impact payment security more than EMV (Chip and PIN Credit card). The increase in non-traditional payment methods on mobile devices or via beacons (a system to allow retailers to detect a mobile app user’s presence in the store) and smart carts will open up the doors for a new wave of retail data breaches.

8.       Anonymous leaks Paris climate summit official’s private data: Hackers have leaked the private login details of nearly 1,415 officials at the UN climate talks in Paris in an apparent act of protest against arrests of activists in the city. They hacked the website of the summit organizers, the UN Framework Convention on Climate Change (UNFCCC), and posted names, phone numbers, usernames, email addresses, and secret questions and answers onto an anonymous publishing site. The damage is likely to be limited, and can mitigated by changing the passwords on any other accounts of the officials that use similar passwords.

9.       Over 50,000 cyber security incidents reported in India this fiscal: As many as 54,483 cyber security incidents such as phishing, spam and malicious code have been reported in the current financial year, Parliament was informed last week by the Communications and IT Minister. These incidents were reported to the Indian Computer Emergency Response Team (CERT-In) by various Indian organizations, individuals and agencies from other countries.

10.   Chimera Ransomware tries to turn malware victims into Cybercriminals: Chimera ransomware is taking victims hostage, then trying to recruit them to be part of the criminal team. Compared to other ransom messages, Chimera's is brief, straightforward, and polite: it says 'please' twice and invites the victims with a message - 'Take advantage of our affiliate program!'. The hackers are trying to build a ransomware-as-a-service (RaaS) business and are offering 50% commission for spreading and infecting other victims. This Malware first appeared in September with a unique tactic of threatening to publish the victim's files online if payment is not received.  In Issue 38, we did discuss - a similar model from CryptoLocker.