The target: Dave.com, a digital banking app
The take: 7.5 million records of customer information including: real names, phone numbers, birth days and home addresses.
The attack vector: The breach at Dave.com was due to another breach at one of Dave.com’s third party service providers, Waydev (an analytics platform used by engineers), which in turn exposed Dave.com’s user data. The attackers used a blind SQL injection (an insertion of malicious code) to gain access to Waydev’s database and stole authorization tokens which let them penetrate Waydev’s systems and pivot to steal access to data from other firms, such as Dave.com.
This highlights the cascading negative effects cybersecurity incidents can have on companies which rely on third-party vendors for operation. Holding third-party vendors to an organization’s security requirements is a very challenging prospect. Vigilant monitoring and applying advanced analytics to watch for malicious activities are some of the proactive strategies used to pinpoint suspicious activity before it turns into a breach.
Businesswire: The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity professionals saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey released by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG). As the global impact of COVID-19 manifested itself in the middle of March, ESG and ISSA conducted an in-depth survey in April 2020 as a point in time assessment of challenges posed by the pandemic.
Coindesk: In a note to clients, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party. The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.
Kaspersky: Incident analysis by Kaspersky of two cases in Europe and Asia has uncovered that VHD ransomware – first discussed in public in spring 2020 – is owned and operated by Lazarus, a prominent APT group. The move by Lazarus to create and distribute ransomware signifies a change of strategy and indicates a willingness to engage in big game hunting in pursuit of financial gain, which is highly unusual among state-sponsored APT groups.
PoliticsHome: Tom Tugendhat, chair of the foreign affairs select committee, said professional contacts received bizarre fake press releases, while friends and family were sent untrue claims about his private life.
Forbes: Yet again, there has been a major cyber attack, this time of Garmin, the navigation company. It was hit by a ransomware attack on Thursday, leaving customers to wonder whether Garmin will pay $10 Million in ransom. In the case of some hacks, people and companies pay, since the cost of being frozen out can just be too big.
Independent: Releasing a 50-page document earlier this week, the Intelligence and Security Committee (ISC) warned that Moscow’s influence in the UK was the “new normal” and accused successive governments of not wanting to address the issue surrounding the 2016 vote with a “10-foot pole”.
The target: Benefit Recovery Specialists Inc, a Houston-based billing and debt collection vendor.
The take: 275,000 records of Personally Identifiable Information such as: name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. For a small number of the records, Social Security numbers were also leaked.
The attack vector: The attackers accessed BRSI’s systems with stolen employee credentials, and used their access to deploy malware internally. While not confirmed by BRSI, experts believe the description of the attack match those of a successful phishing campaign. BRSI’s IT systems hosted the malware for 10 days before the malicious activity was discovered.
This breach highlights the importance of regular employee training and education around common social engineering attacks. The records exposed in this incident, and similar data held by other medically related vendors, underscores the severity of this type of data exposure as it can lead to sophisticated identify theft. It also is a critical reminder for companies using third party vendors that their overall security posture is dependent upon the robustness of all the firms which hold their data.
ZDNet: The UK's National Cyber Security Centre has detailed the cyber threats faced by the elite sports industry – and revealed that more than 70% of sports institutions have been the victim of some kind of attempted cyberattack or hacking incident over the past 12 months.
Radio Free Europe: Artem Radchenko, 28, and Oleksandr Ieremenko, 28, acquired inside information on publicly traded companies by stealing test versions of quarterly and annual reports filed with the SEC but not yet available to investors, the Secret Servicesaid in a statement on July 22.
Tech Crunch: In the heels Hippo’s funding round and our exploration of how the private markets appear to be more conservative than public investors at the moment, we’re asking a new question: are a bunch of insurtech startups undervalued?
Financial Times: Fraudsters have cloned the Financial Conduct Authority's website, including a page which encourages firms to register for online invoicing and pay annual fees.
McKinsey: Few corporate functions shifted priorities so much and so quickly when the COVID-19 crisis struck as corporate cybersecurity operations and the technology providers that support them did. As legions of employees suddenly found themselves in a work-from-home model, chief information-security officers (CISOs) adjusted, pivoting from working on routine tasks and toward long-term goals to establishing secure connections for newly minted remote workforces.
Computer weekly: An industry panel appointed by the Australian government to provide inputs on the country’s 2020 cyber security strategy has called for clear consequences for cyber attacks targeted at Australia, among other recommendations.
NBC News: In the latest attempt to "name and shame" China’s government-sponsored cyber theft, the Justice Department announced an indictment Tuesday charging two Chinese nationals — both in China — with hacking governments, dissidents, human rights activists and private companies, including those engaged in COVID-19 vaccine research.
The target: Cashaa, a British-based cryptocurrency exchange.
The take: $3 million USD in Bitcoin
The attack vector: The attackers compromised Cashaa’s systems by installing malware onto a company computer used to make their transactions. Once this malicious software was active, the attackers received a notification which informed them when one of Cashaa’s employees logged into the computer to make transfers from another crypto exchange site’s wallet. The hackers used their backdoor to access this wallet to drain the funds, receiving all 336 Bitcoin instead of the intended party.
The point of entry for an attack can have cascading consequences and this incident shows why securing company computers with proper malware detection is absolutely critical to strong cybersecurity. The breach which led to the malicious software being installed and the further monitoring failure which allowed the malware to send out notifications to the attackers, facilitated the theft.
CBC: The Communications Security Establishment (CSE), responsible for Canada's foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.
CNN Business: Twitter accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, among other prominent handles, were compromised on Wednesday in what Twitter said it believes to be an attack on some of its employees with access to the company's internal tools.
Help Net Security: There was an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found.
CRN: Advent International and Forescout have called off their dueling lawsuits and agreed to move forward with an acquisition for $4 per share less than the deal initially proposed in February.
ACS: Microsoft has taken legal action to bring down a sophisticated cyber fraud scheme that targeted CEOs in more than 60 countries around the world.
ZDNet: A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service.
The target: Clubillion, an online gambling and casino app.
The take: Over 200 million user records containing the following personally identifiable information: emails, private messages, winnings, IP addresses, and movements in the app itself.
The attack vector: An unsecured Elasticsearch database hosted on Amazon Web Services was left unsecured and publicly accessible. Unlike other recent cases, this database was not a single static backup/archive of information, but was a live, ‘production’ database, constantly updated with up to 200M new records per day.
In addition to the usual phishing attacks that could be launched with access to personal information, the inclusion of app movement and the fact the exposed data was continuously updated makes highly targeted spear-phishing campaigns extremely likely to succeed. While it is always disappointing to see lapses in security around database backups, it is absolutely crucial that production systems housing sensitive data are adequately protected.
CTV: A report from the Cybersecure Policy Exchange at Ryerson University in Toronto found 57 per cent of respondents in an online survey in May had encountered at least one cybercrime.
DarkReading: Thoma Bravo, a leading private equity investment firm focused on the software and technology-enabled services sector, today announced the completion of its acquisition of Exostar, LLC, a leader in trusted, secure business collaboration.
Saudi Gazette: Sheikh Hamdan Bin Mohammed Bin Rashid Al Maktoum, crown prince of Dubai and chairman of the executive council of Dubai, on Wednesday launched the Dubai Cyber Index, an initiative aimed at supporting the efforts of Dubai’s government entities to ensure the highest standards of cybersecurity. The first initiative of its kind in the world, the index seeks to establish Dubai as the city with the safest cyberspace in the world.
Cision: More than half of financial services companies plan to accelerate implementation of their next generation technology strategies, according to a new global survey of 500 financial services C-Suite executives and their direct reports released today by Broadridge Financial Solutions, Inc. (NYSE:BR), a global fintech leader.
Bleeping Computer: Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic.
ITProPortal: The company that sells services related to data management claims to have polled 1,000 workers, coming to the conclusion that more than a third (37 per cent) expect both the number and value of fines to rise by 2025. Furthermore, six per cent expect a “dramatic rise”, while just three per cent expect the figures to fall.
ITProPortal: A report by Beaming says that a quarter of UK businesses fell victim to cybercriminals last year, most of which were large enterprises. That’s roughly 1.5 million businesses, up from 755,000 back in 2015.
The target: V Shred, a Las Vegas based fitness company which sells fitness plans, nutrition advice, and supplements.
The take: The combined Personally Identifiable Information of 99,000 of customers and potential clients including: names, home addresses, email addresses, dates of birth, usernames and passwords, age, gender, citizenship status, and user photos.
The attack vector: All of this information was hosted on a very common problem, an unsecured Amazon Web Services storage server accessible to the public online. However, in this case, anonymous users were also able to access the information without login credentials making the breach wider and deeper.
The exposed information could lead to highly sophisticated phishing attacks, and crucially, the user photos to identity theft. Credential management around publicly available company data is paramount to robust cybersecurity.
IT Wire: Medfin, a subsidiary of the National Australia Bank that works with healthcare professionals, was hit by an attempted cyber attack on 14 June, the company's chief executive Paul Freeman says.
ZDNet: Security researchers have revealed the anatomy of a ransomware attack, showing how cyber criminals gained access to a network and deployed ransomware -- all in the space of just two weeks.
BNN Bloomberg: The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.
ZDNet: IBM released the results of a global survey, conducted by the Ponemon Institute and featuring responses from over 3,400 security and IT staff worldwide. The research suggests that while investment and planning are on the uptake, effectiveness is not on the same incline, with response efforts hindered by complexity caused by fragmented toolsets.
Coin Telegraph: Fraudulent websites successfully have stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain and more. The attack was executed as a targeted multistage Bitcoin (BTC) scam propagated by a number of fraudulent websites.
ABC News: The Federal Government wants to create more than 500 new jobs in its highly secretive cyber intelligence agency as part of what it says is Australia's largest-ever investment in cybersecurity.
Forbes: The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million (£925,000) to the criminals behind a cyber-attack on its School of Medicine.