Industry News: ESG5

2019-05-19

ChyperNews: On May 8, Amazon announced that it had fallen victim to an "extensive" fraud involving unidentified hackers letting money from trading accounts onto the platform for a six-month period. The company believes that it was a victim of a serious cyber attack and that the attackers had compromised around 100 accounts. The motive? As is the case with most of these attacks, money. As Amazon explains, that is very likely the accounts were compromised using phishing techniques that misled the sellers to give away their login details. With this information, the hackers were able to change the bank details on the Seller Central platform, so that the money earned by the sellers ended up in the criminal's accounts, according to the legal documents presented in the UK...

The target: Saks Fifth Avenue and Lord & Taylor, high-end department stores.

The take: 5 million credit and debit card account numbers.

The attack vector: Attackers appear to have gained complete access to the breached department stores’ networks, and installed card-scraping malware on point-of-sale terminals at all 51 Lord & Taylor and 83 Saks Fifth Avenue locations. The compromise appears to have initiated in May of 2017 and was discovered and remediated one year later.

Read more...

2019-05-16

Reuters: Police in six countries have dismantled a complex cybercrime network that operated from Eastern Europe and fleeced victims - including small businesses and charities - of some $100 million, Europe’s police agency said on Thursday. The GozNym network, led by a man from Tbilisi, Georgia, used phishing emails to infect the computers of more than 41,000 victims with malware. Specialised members of the group in Bulgaria and Ukraine then seized control of victims’ online bank accounts and tranferred their funds to laundering accounts...

2019-05-14

TheTelegraph: WhatsApp has urged users to update their messaging app after concerns were raised that hackers could inject spy software on to phones via the call function. The Facebook-owned company said the spyware was spread by an “advanced cyber actor”, and infected multiple mobile phones using a major vulnerability in the app. The spyware, developed by the secretive Israeli spyware company NSO Group, has the ability to give hackers full access to a phone remotely, allowing them to read messages, see contacts and activate the camera...

2019-05-16

Globe Newswire: The healthcare organizations are increasingly adopting cyber security solutions to keep cybercriminals at bay. The healthcare providers are taking more precautions in securing devices and connected networks, which, in turn, is increasing the popularity of healthcare cyber security tools and solutions. The key factors driving the cyber security in healthcare market is the increasing number of cyber-attack threats, as the medical records contain huge volumes of information that can be used to perform identity fraud...

2019-05-15

ABC10: In the greater Sacramento region, 6,311 people lost a total of $29,595,487.70 to various cyber crimes in 2018, according to the Federal Bureau of Investigation's Internet Crime Complaint Center. Overall, the state of California has the most amount of victims to cyber crimes and the most amount of loss by these victims in the nation, according to the 2018 report on cyber crimes. In California, nearly 50,000 victims lost over $450 million to cyber crimes...

2019-05-16

CTV: A proposed class-action lawsuit seeking $60 million in damages against Casino Rama following a cyber-attack has been denied. Lawyers for the plaintiffs argued as many as 200,000 people might have had their personal information stolen in the hack, including employees and patrons. In November 2016, the casino announced it had been the victim of a cyber-attack through which a large quantity of personal information was stolen from two of its servers...

2019-05-10

CBS Baltimore: The FBI is investigating a ransomware attack on Baltimore City’s network, while city officials try to bring back the network to its full capacity. Although city services are no longer are being affected, hackers are still accessing the system, according to Mayor Jack Young. “These people are so sophisticated that their job is just to disrupt,” Young said. “I wish they would use it for more good than they are for just bad in trying to extort money from cities and companies. It’s just not right.”...

2019-05-10

Silicon UK: New malware from North Korea used to raise much needed funds has been identified by FBI and DHS Authorities in the United States have this week identified malware allegedly from North Korea, which is said to be part of that country’s hacking program to raise funds from targets aboard. The malware, dubbed ‘ElectricFish’, was identified by both the FBI and Department for Homeland Security (DHS)...

The target: Uber, a ridesharing service.

The take: The personal data of 57 million customers and drivers, including names, e-mail addresses and phone numbers, as well as driver’s license numbers for hundreds of thousands of American drivers.

The attack vector: Attackers gained access to an AWS-hosted server with credentials an Uber engineer left publicly exposed in a Github repository.

Uber later came under fire for failing to report the breach at the time that it occurred, and attempting to pay the hackers a $100,000 ransom to delete the stolen data. The handling of the incident resulted in the dismissal of Uber’s Chief Security Officer.

Read more...