Cyber News 2016 – this page aims to provide you with all the latest news in the world of cyber, hopefully what we find interesting is interesting to you……. read all about cyber news.
December – Cyber News 2016
The US have expelled 35 Russian intelligence operatives based in the Russian embassy in Washington for alleged interference into the recent presidential elections.
The allegations are that Russia directed hack attacks against the Democratic Party and Hilliary Clinton’s campaign. Russia has strongly denied these allegations and are considering retaliatory measures.
The US have described Russia’s involvement as “significant malicious cyber enabled activities” which was allegedly used to collect intelligence.
Groupon has revealed that stolen usernames and passwords have been utilized to access their website in order to make fraudulent purchases.
The first indications of suspicious activity were identified earlier in the month where account holders were receiving confirmation e-mails for items that they had not purchased.
The usernames and passwords are thought to have been obtained from other websites where passwords had been reused by individuals.
Similar attacks in recent weeks have taken place at the UK National Lottery and Deliveroo.
15th December 2016
Yahoo have announced that they have discovered a further cyber attack that took place in August 2013 where in excess of 1 billion user accounts were compromised.
This is twice as many user accounts that were reported in the 2014 cyber attack.
It is not know who carried out the attack but Yahoo believe it might have been state sponsored.
The hackers reportedly used forged cookies which are pieces of code that remain on a users browsers cache which results in a website not requiring a login with every visit. This then allows a hacker to to access user accounts without the need for a password as it misidentifies anyone using them as the owner of an e-mail account. Yahoo have intimated that it may have been related to the theft of their proprietary code.
The stolen user information consisted of names, e-mail addresses, telephone numbers, dates of birth and hashed passwords. No payment card data or bank information was stored on Yahoo’s computer system.
Yahoo is in the process of notifying all the users that were affected by the breach and are asking them to change their passwords
November – Cyber News 2016
Up to 900,000 Deutsche Telekom customers have had their broadband service cut off, the cause is believed to be the result of a hacking attack on its hardware. The customers were unable to access the internet, telephone connections were also affected and TV reception was impacted.The German Federal Office for Information Security has officially confirmed that the incident took place.
It is believed that it was caused by a botnet attack thought be part of global attack on selected remote management ports of DSL routers which leads to malicious software being infected into a network.
The attack was problems caused by the hacking attack varied from a temporary loss of service to a significant deterioration of service with some customers loosing their service completely.
The Register has reported that the cause may have been a modified version of the Mirai worm that exploits vulnerabilities in Internet of Things devices which causes them to crash or to be part of a botnet within a distributed denial of service attack.
The company has issued a software update in response to this.
The adult dating and pornography website Friend Finder Networks has suffered a hacker attack which has resulted in the personal details of over 412 million accounts being compromised… ..this is now the largest data breach ever recorded.
The attack took place in October where addresses, passwords, IP addresses and site membership status were revealed. Hashed passwords appear to have been altered to all be in lower case which makes them easier to break.
Included within the leaked accounts were US military e-mail accounts, US government e-a mail addresses and hot mail accounts. 15 million deleted accounts were also accessed.
Friend Finder Networks also operates Adult Friend Finder which has 40 million members
Another issue is that despite Penthouse.com being sold earlier in the year Friend Finder Networks still had the database containing the users details after the sale and these were compromised as well.
It is not clear yet who was responsible for the hacker attack.
A Canadian casino has been subject to a hacker attack where “decades” of sensitive data has been stolen from their computer networks.
The data breach from the Casino Rama Resort was claimed to have been accessed between 2004 and 2016. The data taken included financial reports, e-mails, payroll data and date of births.The breach was however only discovered on the 4th November
The casino has told customers and employees to monitor their bank accounts and credit card transactions for any suspicious activity. There is also concern that the information could also be published on-line in the coming months or possibly the Dark Web. There is no evidence that the casino games were affected.
This is a further example of data breach occurring over a long period of time without the business being aware of this and demonstrates that businesses must at all times be vigilant for any unusual activity taking place on their computer networks.
Two of the largest banks in Russia , Sberbank and Alfa Bank have been hit by cyber attacks in the last few days. It is understood that a distributed denial of service (DDoS) was instigated and that a number of other banks had also been targeted.
Following the alleged cyber attacks from Russia during the Democratic Party’s campaign , it is perhaps conceivable that these could be a form of retaliation from the US.
Russian banks are regularly subject to DDoS attacks where they are flooded with junk internet traffic in order to try and compromise their computer systems.
It is understood that the attacks were caused by botnets that were spread over a large volume of computers that were situated in different countries.
October – Cyber News 2016
1.30M personal and medical records of Australians donating blood to the Red Cross Services were compromised on-line in one of the largest data breaches to hit Australia.
It is understood that a 1.74 GB file containing 1.28 M donor records published to a publicly facing website was spotted by an anonymous source and forwarded to the operator of haveibeenpwned.com.
Apparently the database was uncovered as a result of a scan of IP address ranges configured to search for exposed web servers that provided a directory containing sql files.
The information included personal details such as names , gender , e-mail addresses, dates of birth and sensitive medical details.
An investigation is taking place headed up by AusCERT , who are the emergency computer emergency response team in Australia.
The Red Cross have advised that about 550,000 individual donors were affected by this incident and they have been notified.
At the moment this compromise of data has been put down to human error rather than an outside hacker attack.
A massive DDoS attack took place today on websites including Twitter Spotify , Reddit , Soundcloud and Paypal .
All of these businesses were customers of Dyn who assist users to find sites on line and made it difficult for these websites to be accessed. This incident occurred over three attacks .It is not known yet who was behind this but the FBI and the US Department of Homeland Security are investigating this.
KrebsonSecurity has reported that the attack was launched with the help of hacked Internet of things devices , namely cctv video cameras and digital video recorders.
It has been reported that a number of Indian banks have suffered cyber attacks where possibly 3.20M debit credit cards could have been compromised. The banks implicated have requested that their customers change their current security codes.
The source of the attack is believed to be the result of malware being on an ATM network.
All affected banks have been notified by the respective debit card networks . The total sums withdraw to date are understood to be 13M Rupees ( £159,031) which has taken place in China and the US as a result of fraudulent bank transactions impacting on 19 banks and 641 bank customers..
The attack has been confirmed by the National Payments Corporation of India who regulate retail payment computer systems in India.
A children’s clinic has been subject to a ransomware attack at the beginning of August. As a result of this there was a loss of patient data which has affected 33,698 individuals who had received care.
It is understood that as the Rainbow Children’s Clinic data was being encrypted the computer systems were shut down to prevent further loss of data.
The stolen data consisted of names, addresses, social security numbers and personal health records.
The Clinics computers systems have now been secured and no further loss of data has been caused.
It is understood that the Clinic has offered the affected patients Identity theft protection from a third party provider.
TV5Monde was taken off air in April 2015 as a result of a significant cyber attack which nearly resulted in the broadcaster being taken off air . It was thought that it was carried out by a group called the Cyber Caliphate however subsequent investigation suggests it may have been a group of Russian hackers.
The cyber attack centered around the use of highly malicious software that was set to bring down the TV networks’ computer systems.The fact that the cyber attack was repelled was mainly due to the fact the station was new and that technicians were still on the premises and were able to combat the massive attack on the computer systems.
It is understood that the hackers first penetrated the network at the end of January 2015 and carried out reconnaissance of TV5Monde’s broadcasting signals. Once they had this identified they were able to use malicious software to corrupt and destroy the internet connected hardware that controlled the TV stations systems namely the encoder systems which is there to transmit the television programmes.
The estimated costs of this cyber attack was £4.50M in the first year and £2.70M in the following years’
One thing that did change significantly was the behaviour of the employees and the heighten cyber security awareness. The TV station is more “cyber aware” with extension authentication procedures now in place which has had a significant cost to the way that media is handled and moved around the globe.
Talk Talk has been issued with a record £400,000 fine by the ICO for security failings that permitted a cyber attack to access their customers data.
The ICO’s investigation ascertained that the cyber attack that took place last October could have been prevented if certain basic security steps were implemented.
The cyber attack was made possible due to a SQL injection which provided access to the data which Talk Talk should have known about. The data was accesssed via attacks on three vulnerable website pages with infrastructure that was outdated The ICO investigation found that personal data of 156,959 customers which included names , addresses , dates of birth , telephone numbers and e-mail addresses was compromised. In 10% of the breaches the hacker had access to bank accounts and sort codes.
The data that was taken related to that of Tiscali’s which was acquired by TalkTalk in 2009.
September – Cyber News 2016
Yahoo has confirmed that they have been subject to the theft of half a billion of its users which relates to a hacker attack at the end of 2014. The theft of information is understood to include user names, e-mail addresses, telephone numbers, dates of birth , security questions and answers and passwords. Of the data stolen it is believed that this belongs to about 8 million UK users.
The passwords were encrypted under the hashed scheme and relatively difficult for hackers to decipher.
The incident is being investigated but it is believed to be a state sponsored attack.
Yahoo has reset the passwords of the affected users and commenced the process of notifying the victims by e-mail.
Yahoo is likely to come under the spotlight from regulators as this is such a high profile attack with a considerable amount of data that has been compromised. There is also the likelihood that Yahoo will questioned as to why the 2014 breach has gone undetected for so long and why the public statement took time to be released.
The Yahoo breach scale is now one of the biggest technology breaches on record sitting along side those of MySpace ( 359 million) Linkedin (164 million) and Adode (152 million)
Over fifty British athletes from the Rio Olympics may have their medical records made public as a result of a hacker attack.
This in the wake of cyclists Chris Froome and Sir Bradley Wiggins having their medical files published by hackers Fancy Bears. This group is also known as the Sofacy Group and are an online espionage group suspected to be linked to the Russian government.
The Fancy Bears also posted medical files of Serena and Venus Williams earlier the previous week.
The Wiggins and Froome was part of the second set of data releases via the Fancy Bears website Twitter account which indicated that both riders made use of TUES .
It is understood that the files were stolen from the World Anti-Doping Agency (Wada) and relate to therapeutic use ( TUES) which allow banned substances to be used for certain medical conditions.
E-mail and data of 68 million Dropbox users from the 2012 breach has been found for sale on the dark web. The 5 gigabyte of data is one of the largest leaks of confidential data seen with the price of the data being sold at two bitcoins by a data trafficker on the dark web.
Dropbox are resetting their accounts and have advised the users to reset their passwords. It does not seem at this stage that the users passwords have been decoded and sold.
Despite the breach taking place in 2012 Dropbox it is only now that the apparent size of the breach is being fully realized
It is understood that the stolen passwords were hashed and salted which are methods that are used to obscure passwords in the event of passwords falling into the wrong hands such as that of a hacker. They can however generally in the end be decrypted
Example of Dropbox clients include Spotify and HP Enterprise offering unlimited data storage and additional security of data.
It is understood that 790,724 e-mail addresses , usernames and passwords are now in the public domain that have come from the adult website Brazzers. The breach occurred on Brazzers forum which is not its core website.
The amount and type of data does however seem to tie back to an incident that took place in 2012 and took place as a result of a vulnerability in third party software.
The compromise has a doubly damaging effect as users seem to have had the same password for both the forum and website.
An investigation is underway and it has been recommended that Brazzers users change their passwords.
A cyber criminal group called Armada Collective have sent a series of extortion demands to owners of small businesses all around the world. Behind this is a demand for bitcoins with the threat of a Distributed Denial of Service (DDoS) attack.
Evidence of these demands have been seen in the UK, a professional musician and South Africa , a book keeping business.
It is understood that the cyber criminals are demanding 1 bitcoin but if the demand is not met it will cost 20 bitcoins to get the cyber criminals to stop the DDoS attack.
We understand that cases have been reported to the Action Fraud website.
Earlier this year similar incidents were reported which may have been connected to the Armada Collective.
August – Cyber News
The Australian Bureau of Statistics 2016 website has been hit by a DDoS attack
It is believed that four DDoS attempts were made which lead to the website being taken down.
The cause of the attack is as yet unknown and it has been denied that this was as a result of a hacker trying to compromise the website. It does however seem that technical issues compounded the impact of the attack and that a degree of unpreparedness was evident.
The Census was at at a critical point which does raise certain suspicions of the timing of the attack which could suggest that this was a targeted attack.
3rd August 2016
The Hong Kong based digital currency exchange Bitfinex has suffered a breach which has resulted in its share price falling by more than 1o%
At present it is understood that 120,000 bitcoins have been stolen from its exchange platform.
Bitcoin trading platforms have at the best been a challenge to make secure as they are a constant target for the hacking community.
The security breach is now being investigated whilst the virtual exchange is suspended.
The size of the bitcoin theft is one of the biggest ever
3rd August 2016
It is understood that in excess of 200 million hacked Yahoo accounts may be for sale on the dark web.
The story is still being substantiated and it is not clear if Yahoo themselves have actually been hacked but account data does now seem to available in the public domain.
There also appears to be a link to the source that was behind the MySpace and LinkedIn incidents .
The data for sale apparently includes usernames, passwords,and e-mail addresses. These are on sale for three bitcoins which is approximately £1,360.
Yahoo have advised that they are aware of this claim but have not passed any further comment.
July – Cyber News 2016
27th July 2016
The Athens Orthopedic Clinic in Georgia has suffered a data breach and is notifying its patients that their personal information has been compromised.
The type of information is believed to be names and addresses , social security numbers , dates of birth and telephone numbers.
The hacker gained control to the clinic’s electronic medical records utilizing log-in credentials of a third party vendor.
Subsequently the third party vendor has been changed and a full investigation is being carried out.
A forensic investigation is underway in order to investigate the data breach and to assist in making the computer systems secure again.
This again demonstrates the possible vulnerabilities of third parties whose systems may lead to a cyber attack against a company dependent on or having access to their computer network.
15th July 2016
A network of bank ATM’s have been hacked stealing an estimated $2.20M
The suspects are two Russian nationals who wearing masks cashed out a number of ATM’s which were operated by Taiwan’s First National Bank. The hackers did not use bank cards but it appears they gained control of the ATM’s with a “connected device ” possibly a smartphone.
The ATM’s were owned by German manufacturer Wincor Nixdorf and they advised that three strains of malware were located on the compromised ATM’s machines.
First Bank and other Taiwanise banks took action to suspend all withdrawals as a precaution following these attacks to examine further the hack attack.
A number of theories have been suggested as to how the hack took place. One such theory is that ATM’s are known to have network management systems with well-known default passwords, cyber criminals can then assess USB ports to load malware from a flash drive. The malware was probably installed in advance which then enabled a wireless connection to take place linking all the ATM’s.
12th July 2016
Omni Hotels & Resorts have been a victim of a malware attack and a data breach that affected over 50,000 customer credit and debit cards at majority of its 60 locations.
Apparently the attack occurred on May 30th but the company wished to defer notifying its customers until it had ascertained what caused the breach by working with a IT security firm.
The type of data stolen is said to be credit and debit card numbers , security codes and expiry dates
Omni have said that the malware was active from December 23rd last year to 14th June last month , but it is understood that most systems were only impacted for a shorter period of time.
It is not yet know how the breach was discovered or how the hackers managed to infiltrate Omini’ computer systems.
7th July 2016
The Polish telecom company Netia SA has suffered a data breach as a result of a Ukraine hacker called Pravy Sektor. It is understood that the data has been posted for public access on an underground forum.
The attack targeted Netia’s web page netia.pl and accessed two types of forms sent via Netia’s website by individuals wanting to make contact with the company or sign a contract with Netia.
The hacker posted SQL files which contained details of data that included full names , home addresses and IP addresses. It is understood that the data was last updated in 2014.
Based on previous data breaches in this sector , such as the TalkTalk breach, it could have been an SQL flaw which allows hackers to access protected data.
10,000 Facebook members have been hit by a malware attack which seemingly came from a message from a Facebook fried but was instead the apparent source of the malware.
This was initially discovered by Kaspersky Lab who ascertained that the compromised devices had hijacked the Facebook accounts in order to distribute the malware through the victims Facebook friends.
It is understood that the attack which ran through primarily Europe and South America delivering messages from a Facebook friend stating that the recipients were mentioned in a comment. This was the plan for the delivery of a two-stage attack.
In the first instance a Trojan would be downloaded onto the users computer which delivered a Chrome browser extension, this then permitted the second step which took over the targets Facebook account.
Privacy settings were then changed where data was then taken which in turn spread the infection via the victim’s Facebook friends. As a result of this it was possible to spread spam , steal identities and change “likes” and “shares” of the Facebook accounts that were compromised.
Facebook have now blocked the threat and there is apparently no evidence of further attacks. Google have also removed the suspected extension from their Chrome Web Store.
Kaspersky Lab suspect that the language signs in the malware and the deployment techniques could be associated with that of Turkish -speaking threat actors.
www.scmagazineuk.com : facebook users infected by malware attack
June – Cyber News 2016
It has been revealed that more that 150,000 members details of the dating website Muslim Match have been posted online.
The breach of personal details includes approximately 700,000 private messages between member varying from religious discussions to every day conversations to marriage proposals. Other details also hacked were members employers , location , marriage status, names , e-mail addresses and whether they a convert to Islam.
It is believed that the hacker may have used SQL injection which is a commonly effective web attack utilized to access data and was also thought to have been behind the TalkTalk breach last year.
Muslim Match is not the first dating website to be compromised with Beautiful People and the high profile breach of Ashley Madison.
www.motherboard.vice.com : hacked private messages from dating site muslim match
At the beginning of the week the Hard Rock Hotel & Casino in Las Vegas reported a data breach after point of sale malware was found on their computer systems.
Fraudulent activity was discovered with payment cards used at the hotel where signs of unauthorized access were noticed. It is likely that any cards used between October 2015 and March 2016 in the hotel complex may have been subject to this data breach. It is possible that card holder names , numbers , expiry dates and verification codes might have been compromised.
Forensic investigation is on-going with the affected accounts being monitored. It is understood that the hotel is working closely with a cyber security company in order to improve their computer systems.
This is not the first time that the hotel has been subject to a malware attack on their point of sale server , as similar incident occurred last year.
The concern with this type of breach is the length of time that elapsed with these malware intrusions being active and having the ability to affect thousands of customers.
It has been reported that hackers have stolen $10,000,000 from a bank in Urkraine where the Swift messaging system was compromised.
The attack is believed to be of a similar nature to that experienced by the Bangladesh Central Bank recently where $81,000,000 was taken by hackers.
The bank has not yet been named as strict non-disclosure agreements are in place by analysts and can only revealed once the bank in question has gone public themselves.
This is another attack on a Swift operated bank and it would appear that the banks who have already been attacked my not be sharing the cyber breach information which almost certainly would have assisted in mitigating this hacking attack.
The investigation so far has not discovered how the attack actually took place but initial reports suggest that the hackers exploited money transfers sent via Swift which lead to the accessing of the money.
Swift banking systems remain a clear target for hackers, Swift however have stated that their core computer systems remain in tact and have not been compromised in any way.
Cyber crime does not pay….. as the ringleader behind the StubHub incident in 2014 has now pleaded guilty with sentencing now imminent which could be up to 12 years
The man behind this data breach was Vadim Polyakov who apparently coordinated an international operation that took control of StubHubs accounts utilizing credit card holders information in order to purchase high profile tickets for events for US sporting events, concerts such as Justin Timberlake and a number of Broadway shows which were then sold on at excessively marked up prices.
This case demonstrates that, despite a cyber criminal who operates overseas they can still be bought to justice and held responsible for their actions
The data breached that occurred in 2014 was caused as the result of the use of logins and password information being harvested partly from other data breaches at other companies, key loggers other malware on customers own computer systems.
This breach is a very good example of where individuals have used a single login and password for more than one websites which in not an untypical for internet users and obviously is not recommended.
It is still uncertain who carried out the recent hacker attack on The Democratic National Committee’s computer systems earlier this week.
Originally it was thought that two groups of Russian hackers , working for competing government agencies penetrated the computers systems of the D.N.C. in order to access e-mails and opposition research against the Donald Trump’s party.
There is now a possibility that this may have been a lone hacker who is describing themselves as “Guccifer 2.0.
Subsequently a 200 page document purporting to be the hacked D.N.C research file has been leaked on-line.The document was reportedly leaked to “The Smoking Gun” and Wikileaks and sets out discussion points and strategies utilized by the Democratic candidates during the current political campaign.
The Cyber security specialist Crowdstrike are working with the D.N.C to investigate the breach further. Crowdstrike has so far ascertained that the hackers were using advanced intrusion techniques to avoid being detected which enabled them to gain access the the computer system network.
The University of Calgary has paid C$20,000 to hackers as a result of a ransomware attack which was aimed at its e-mail system and was paid to regain access to this and to prevent a possible loss of data.
The vice-president of the university has said that no personal data was obtained.
It is understood that the malware caused emails and files to be encrypted.
The Canadian Cyber Incidence Response Centre did issue a warning earlier in the year of the likely increase in the use of ransomware by hackers.
The CCIRC has estimated that there were more than 1,600 ransomware attacks a day last year against Canadian individuals and businesses.
Ransomware exists in more than 120 strains and its increasing use is becoming a major concern to all business sectors.
Social Media websites appear at the moment to be a significant focus for hackers, with VK.com being the latest one to be hacked , following MySpace , Tumblir and Linkedin where large amounts of data were sold on line.
May – Cyber News 2016
Another Swift bank has been hit, this time in the Philippines, the banks name has not yet been disclosed
It is understood that the group targeting the banking sector is know as “Lazarus” after investigation by Symantec researchers who identified the code that shared properties used in the other Swift attacks.
The hackers it is believed infected desktop computers but the exact method of how they managed to access the Swift system is unknown. In terms of the money taken , it is not clear what amount of money was taken if any at all.
A further series of SWIFT attacks has been discovered.
These occurred on January 21st last year where theft of $12,200,000 took place from the Banco del Austro who are based in Ecuador.
It is understood that the money was transferred from the bank’s HSBC account in San Franciso, Hang Seng bank accounts in Hong Kong , and a Wells Fargo account in Los Angeles plus a number of other banks around the world.
It is believed that an unauthorized user remotely accessed the bank’s computer system after hours and logged onto the Swift network on the premise that they were the bank. As a result of this they were able to redirect transactions to new beneficiaries.
The type of attack carried is thought to be an advanced persistent threat (APT) which is where a network is breached by malware and remains undetected while stealing data and providing information to the hackers.
The bank however holds Wells Fargo responsible for not advising that the transactions appeared suspicious and are requesting that Wells Fargo return the missing funds. The bank has consequently issued a lawsuit alleging Wells Fargo of fraud.
A hacker it is believed is looking to sell 167M Linkedin account records on the darknet .
Linkedin were aware of the proposed release of the data and have been in the process of making the passwords in question obsolete in respect of the accounts that might be affected.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” said LinkedIn’s Chief Information Security Officer Cory Scott.
The darknet consists of private networks using unconventional protocols and are part of the deep web which is a large network that is not indexed by the major search engines.
Swift have announced that a cyber attack has taken placed that was not dissimilar to the one that took place at Bangladesh’s Central bank earlier this year .
Swift did not originally name the bank in question but it is understood to be a Vietnamese bank, it is not know the amount of money that may have been taken.
The type of attack suggests that the hackers had in depth knowledge of the bank’s computer systems and that attacks of this nature tend to have had the help of insiders with the required information to disrupt systems.
Wendy the fast food chain announced that the recent data breach which occurred only impacted on approximately 5% of their restaurants.
Wendy’s have advised that they thought that malware installed through a compromised third party vendor caused the breach which affected a point of sale system . The number of restaurants involved are thought to be 300 out of a total of 5,500 franchised within the Wendy community.
Despite the fact that only a relatively small number of restaurants were impacted , sometimes smaller breaches are more difficult to detect and still do have the desired impact of causing a data breach and the adverse publicity that is associated with this .
The Bank of Greece was hacked by the Anonymous activist group causing a distributed denial of service attack that resulted in the bank being temporarily shut down.
The attack occurred on a Bank Holiday.
Anonymous have since advised via YouTube that further attacks will follow on the banking industry.
April – Cyber News
The Lansing Board of Water & Light was subject to a ransomware attack and had to shut down its accounting system and e-mail services that were controlled by it’s internal computer systems.
It also impacting on telephone lines and a customer help line . Power and water shut-offs of the utility provider were also suspended as a precautionary measure.
It is understood that an employee opened a malicious attachment where the malware was dropped and infected their computer system encrypting files as it ran through the systems.
It is not know if the ransom was paid to the hacking entity.
The FBI are also investigating this attack.
Computer viruses have been found on office computers in a German nuclear power plant. The system in question was used to model the movement of nuclear fuel rods.
The viruses were located on the fuel rod modelling system and on 18 USB sticks that were utilised as removable data stores within the office computers.
It is understood that the control systems were not connected to the Internet therefore the viruses were therefore unable to be activated.
The malware used was the malicious programs of Ramnit and Conflicker which are used to access data remotely. It therefore poses the question for the reason for the attack which may have been to steal data so that the systems could be accessed remotely in the future.
It has been reported that the web hosting company 123-reg has inadvertently deleted a number of its customers websites which has resulted in data loss for some of theses customers.
123-reg has commenced recovery of the data , but has also suggest that its customers utilize their own back up arrangements in order to rebuild their websites as 123-reg did not retain data of all the websites that it looked after.
Apparently 123-reg host approximately 800,000 websites but it is not know how many websites have been affected by this incident , however it did only affect 67 out of 115,000 servers in Europe.
The company was apparently undergoing a clean up of its VPS computer systems when a coding error in the software seem to have caused the software to delete its companies websites
123-reg have said that it intends to assess the current processes in place and will look to put in place procedures where it is not possible to delete customers websites without some form of human approval.
bbc.co.uk 123-reg deletion of data incident
Hackers from Eastern Europe installed malware to steal $4,000,00 from 24 American and Canadian banks in very small small window of 3 days.
It is understood that the hackers used a combined code consisting of two malware types , Nymaim and Gozi to create something called GozNym which is a very strong and powerful Trojan
Whilst the focus appears to be on banks, credit unions and high profile e-commerce platforms are also being targeted by this form of malware.
The US is still a principal target for hackers, in particularly the financial sector and this still looks to be a continuing trend for the coming months. This is perhaps a word of warning for the rest of the world as no doubt this trend will eventually become more of a global threat.
forbes.com bank malware steals $4M from US banks
A hacker has posted personal data of 50 million Turkish citizens which included names,addresses,birth dates and the Turkish identifier number . To rub salt in the wound the leak included a message referring to poor data protection in place, the hardcoded password and unencrypted database. It appears that the hackers behind this attack were from the US which is evidenced by reference to presidential candidate Donald Trump
wired.com hack attack on Turkey
March – Cyber News 2016
The National Records of Scotland has been hit by a ransomware attack as a result of virus that forced its closure. The genealogy service had its access blocked making it not possible to view census records of details of births , deaths and marriages.
It is understood that the shutdown took place last week at the ScotlandsPeople search rooms in New Register House in Edinburgh which has never occurred before.
The issue was contained however access to the records is still not possible.
Verizon enterprise solutions website suffered a breach of a database which it is believed contained personal information of approximately 1.50M customers
This was identified by journalist Brain Krebs who spotted that data was being made available on an underground forum where it was for sale for $100,000
The hackers were also offering smaller portions of data of 100,000 records for $10,000 each and information on potential security compromises on Verizon’s websites.
21st and 22nd March
Ransomware attacks on hospitals in the Canada and the US are in the news this week , the Ottawa hospital in Canada has been hit by a ransomware attack , it is understood however that it was possible to contain this attack. Another Canadian hospital, Norfolk General hospital in Ontario had its website compromised to spread ransomware to its visitors , staff and patients.
MalwareBytes LABS reports Canadian hospital ransomware attack
It is understood hackers demanded a ransom from two Southern California hospitals last week, the federal authorities are investigating the case. Prime Healthcare Services Inc., the national hospital chain, said the attackers infiltrated computer servers at two of its California hospitals, Chino Valley Medical Center in Chino and Desert Valley Hospital in Victorville.
The hospital chain declined to make any comment on whether the actual ransom was paid.
Kaiser Health News reports http://khn.org/news/hackers-take-aim-at-two-more-california-hospitals/
The health industry is a prime target for hackers as it is still perceived to be vulnerable to cyber attacks due to its fragmented and dated IT systems and are more likely to succumb to a ransomware attack.
The online editions of Sweden’s main newspapers were knocked out for several hours by unidentified hackers at the weekend .The head of the Swedish Media Publishers’ Association, Jeanette Gustafsdotter, told Swedish news agency that this was a very serious attack.
The attack was understood to be a DDOS attack , it lasted 3 hours on Saturday affecting seven newspapers.
The Bangladesh’s Central bank was subject to a cyber attack caused by malware installed in their computer systems where hackers managed to steal over $80 Million from the institutes’ Federal Reserve bank account.
The group of hackers broke into Bangladesh’s central bank and obtained credentials for payment transfers from Federal Reserve Bank of New York and then transferred a number of significant sums to fraudulent accounts based in the Philippines and Sri Lanka.
It is understood that due to a typo in some of the transactions this prevented a further $850 Million being stolen.The Bangladesh Bank is working with anti-money laundering authorities in the Philippines, where it suspects the stolen $81 million arrived in four tranches.
As a result of this attack the Central bank governor Atiur Rahman resigned.
The Hacker News reports how this was carried out Bangladesh bank hacking attack
Malware to encrypt Apple Mac computers in order to demand ransom has been discovered. Apple products are understood to be one of the safest systems in the world but it now seems that even these may contain possible vulnerabilities.
This is believed to be the first active malware specifically aimed at Apple Mac designed to make ransom demands from its users. More and more businesses utilize Apple products and hackers may be seeing this as a focus to direct their attacks upon.
The UK is seeing an increase in ransomware attacks across different business sectors according to the UK National Crime Agency, it is therefore no surprise that Apple Mac are being targeted.
Snapchat has suffered a data breach which exposed payroll information of current and former employees on Friday.
It is understood that the Snapchat data was stolen by an hacker who exploited the trust of an employee. The hacker pretended to be Snapchat chief executive, Evan Spiegel and conned an employee into emailing over access details according to a blog posted by Snapchat.
It is believed that 700 current or former employees had information compromised including their names, Social Security numbers and wage data.
This again demonstrates the cyber threat posed by human vulnerabilities and no matter how much training that takes place how difficult it is to manage and a keep a business secure.
This is not the first time that Snapchat have been targeted, a few years ago, a bug left usernames and phone numbers of users exposed, another group threatened to release information about 4.60M account users as a statement of the level of the security that was currently in place.
February – Cyber News 2016
The Hollywood Presbyterian Medical Center in Los Angeles hospital paid hackers $17,000 in bitcoins so as to regain control of its computers this week . Ransomware attacks are on the increase throughout the world and the health sector could be particularly vulnerable due to the amount of sensitive data that is held by businesses operating in this sector.
Video streaming accounts are now a significant target for cyber criminals , according to a recent Symantec blog with evidence of phishing and malware attacks having been seen.
In Denmark, users received a phishing e-mail posing as Netflix , requesting them to update their accounts as there was an issue with monthly payment processing, this was to get customers to provide their login details which can be sold on. Hackers are also looking to access Netflix at reduced prices and watch films at the same time as the original customer.
Software firms who provide encryption products are under the microscope in the US health sector. An enforcement action has been made against an office management software provider for dental practices who allegedly falsely advertised the the level of encryption provided to protect patient data. The company in question has been fined $250,000 and has been asked to change certain marketing practices.
January – Cyber News 2016
Israel’s suffered one of its largest cyber attacks when the country’s electricity supply was hit by what is believed to be a ransomware attack. Computers were shut down for two days , but no outages were reported, it is understood that the appropriate software was in place to combat the virus. It is not know who carried out the cyber attack.
This is further evidence that critical infrastructure of countries is becoming a focal point for hackers and that the intention is not always to make a financial impact but to cause as much disruption as possible.
It is understood that Affinity Gaming, a casino operator in the Chicago is suing a cyber security company, Trustware for not containing a breach it was employed to close down.
Trustwave were employed Affinity Gaming in 2013 to investigate a hacker attack which compromised the details of credit cards of 300,000 customers who used them at restaurants, hotels and gift shops on its casino properties. Affinity also alleges that a second hack took place whilst Trustwave was reviewing its systems but they did not spot this and advised that the original breach was contained.
Affinity Gaming is understood to have utilized $1.200,000 of its $5,000,000 cyber insurance policy in relation to expenses incurred to date and are apparently seeking damages from Trustwave.
Pinsent Mason’s Ian Birdsey also posted a recent article in Out-Law.com which suggests that the landscape for cyber security firms could now be changing.
Time Warner have reported that a total of 320,000 customer passwords may have been stolen in a hacking attack . It is believed that this was taken either through malware downloaded through phishing attacks or indirectly through data breaches of other companies that stored Time Warner customer information.
It is understood hackers caused a power outage in the Ukraine during the Christmas break. This is the first of a such a disruption where a black out caused half the homes in the Ukraine’s Ivano-Frankivsk region to be without power for several hours.
This was initiated by a virus that caused a blackout which disconnected electrical sub-stations from the grid. the type of malware utilized was BlackEnergy which wipes files of computer systems , shutting them down which results in a blackout.
An hacker attack of this nature can have severe wider consequences on infrastructure such as transportation systems and communication lines with a community.
It is understood that the compromising of the information network of the electricity distribution companies occurred about 6 months prior to the outage with the aid of social engineering with the distribution of e-mails carrying a BlackEnergy type virus to employees which had open access to the infrastructure.
Cyber News 2016….. Cyber News 2016…..Cyber News 2016…..Cyber News 2016…..Cyber News 2016…..Cyber News 2016….Cyber News 2016…. Cyber News 2016….Cyber News 2016….. Cyber News 2016….Cyber News 2016…. Cyber News 2016…Cyber News 2016….. Cyber News 2016….Cyber News 2016… Cyber News 2016…..Cyber News 2016… Cyber News 2016…..Cyber News 2016…Cyber News 2016…Cyber News 2016.. Cyber News 2016..