Cyber security weekly summary 10 - 16 July

During the week from 10 - 16 July several cyber related events took place, including data leaks, another publication in the WikiLeaks Vault 7 initiative, and new activities connected to Russian state hackers.

On 12 July American telecommunication company Verizon confirmed a leak of its clients' data. The error, caused by a misconfigured security setting on a cloud server, made customer phone numbers, names, and some PIN codes, all used to identify people calling for customer service, publicly available online. The data were exposed because of a mistake by the Israeli company NICE Systems, who cooperated with Verizon on customer service calls facilization. An option to freely access the data was disabled on 22 July - 9 days after Verizon had been notified about the shortcoming in database configuration.

Another data breach concerns the clients of several hotel chains, including Hard Rock Hotels & Casinos, Loews Hotels and Trump Hotels. Unknown hackers compromised the guests' payment information, including cardholder names, payment card numbers, card expiration dates, and possibly security codes. The hackers, who have been able to access the system for 7 months, may also have compromised guest names, emails, phone numbers, street addresses, and other consumer data.

Major online black market AlphaBay hosted on the dark web came offline on 5 July. The platform, which served as a marketplace for illegal goods such as drugs, weapons, and hacker tools, was reported to be non-functional due to technical issues, but many users and security researchers speculated that the whole incident is a scam towards the clients, whose current transactions were held by the AlphaBay owners. Neither of the possible causes has actually proven to be true, as the site has been taken down by U.S. and European authorities. The operation also led to the arrest of the alleged founder of AlphaBay, Alexandre Cazes, who was apprehended in Thailand.

As a continuing initiative in the Vault 7 project, WikiLeaks released new documents about the CIA's cyber equipment. The latest leak describes a tool known as HighRise, which as an Android application for intercepting SMS messages and redirecting them to a web server. The tool has to be installed by its operator, who may subsequently set up the application manually. Based on features like TLS/SSL secured internet communication support, HighRise was presumably meant to form an encrypted communications channel between CIA operatives and their supervisors.

On 29 June, Russian Ministry of Foreign Affairs became a victim of a "large-scale cyber attack with severe consequences". The Ministry's press secretary Maria Zakharova stated, that unknown perpetrators took advantage of a compromised account of the Russian embassy in Iran, which was then used to distribute a wave of phishing e-mails sent on the Ministry's web domain. The messages, weaponized with an attachment mimicking the login screen of a Ministry email account, allowed entrance into the mailboxes of individual workers.

According to British media, hackers allegedly supported by the Russian government targeted the UK's energy networks. Confirmed attacks recorded in June 2017 were directed against Irish state energy company Electricity Supply Board (ESB). The perpetrators, who were presumably trying to compromise the electric grid control systems, used malware delivering emails sent to senior ESB engineers.

The report raises concerns mainly in context with the repeated cyber attacks on Ukrainian energy industry and other critical sectors. These, according to some experts, serve as a testing ground for future possible attacks against critical infrastructures. Russian hackers are also suspected in attacks against U.S. power plants that have been covered in the previous cyber-summary.

About author: Roman Šulc

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace