[Security Weekly] Data Breach in U.S. Department of Defense Agency Involves 200,000
4th Week of February 2020
1. US Department of Defense agency discloses serious data breach, 200,000 possibly involved
The Defense Information Systems Agency (DISA), an entity under the U.S Department of Defense, is responsible for providing telecommunications and IT support to the government. Its clients include the White House, military personnel, and diplomats.
On February 11, DISA’s CIO Roger Greenwell issued a letter to those involved, informing that a serious data breach could have potentially compromised their personally identifiable information. The breach was said to have taken place between May and July 2019.
The disclosure did not contain the details on which areas were affected, how the attack was played out, and by whom the attack was from. It is also unclear whether it only affected employees, or whether clients were also involved. The DISA employs more than 8,000 staff, but many experts speculate that the number of people affected could be around 200,000.
Since the agency did not experience any service interruptions during the breach, many suggested that the breach most likely affected its external database, without compromising its internal secret database.
Sources: ZDNet, Infosecurity
2. Smartphone skin maker Slickwraps hit with a data breach, 857,000 affected
Slickwraps, the largest manufacturer for smartphone and laptop skins, disclosed a massive data breach last Friday.
Attackers gained access to Slickwraps’ customer database by exploiting a vulnerability in its server configuration. One of the attackers was trying to help by sending out mass emails to those customers on the list, notifying them that their personal information has been compromised.
The exposed information includes the customers’ names, email addresses, and physical addresses. Although no financial information was leaked, this information could be used for further phishing activities.
Some of the customers claimed that they have not been using the site for more than five years and yet their information was still included in their database. Since this is a clear violation of the GDPR, many in the EU are now suing Slickwraps.
With regulations like the CCPA and GDPR, companies are being held legally responsible for data breaches, making data security crucial to all businesses. [D’Amo is Penta Security’s answer to data encryption. By using a diversified pool of encryption technologies, it provides an optimized encryption framework for each business. Learn more at D’Amo.]
Sources: Infosecurity, Lifehacker
3. Australian banks threatened by DDoS attackers for ransom payments
Earlier this week, banks and other organizations in the Australian financial sector received emails from self-claimed hackers who threatened to flood their service with DDoS attacks unless a ransom is paid. Payments were demanded in the Monero cryptocurrency.
The Australian Cyber Security Centre (ACSC) has issued a security threat advisory regarding the incident. The attackers claimed to be Silence, an infamous Russian-speaking hacking group categorized as an advanced persistent threat (APT). In recent years, Silence has significantly expanded its global presence and attack frequency. Some of their common tactics include sending out phishing emails to infect the victim’s computer or sending out emails asking for the victim’s information – such as the cybersecurity solutions used in their company – for the purpose of further attacks.
Experts suggested that whether the attacks were really done by Silence is questionable because many hackers tend to claim to be famous groups just to intimidate the victim.
This attack is seen as part of the global campaign of DDoS ransom attacks that started in October 2019. Security experts strongly advise the victims to not pay the ransom and to contact a cybersecurity agency for help.
Sources: IT News Australia, ZDNet
4. Racoon malware steals sensitive data from up to 60 popular web applications
Recently, security researchers have noticed the increased ability of a malware named Racoon. Different from other malware, Racoon is a malware-as-a-service sold through many hacking forums, available at a price of $200 per month. It is extremely versatile so that even those without any technical skills can deploy it.
Even though Racoon was first discovered in April 2019, researchers have noticed during the past year that not only has it received a lot of feature updates, its price has dropped significantly.
Racoon targets 24 chromium-based browsers including Chrome and Opera and is capable of extracting data from up to 60 popular web applications. It can easily steal login credentials, payment information, cryptocurrency wallets, as well as browser information.
Racoon mainly spreads in two different ways. It either exploits the kits embedded in a website to infect users with unpatched browsers and operating systems or by hiding a macro script in a link sent through a phishing email.
To keep your business safe, be sure to always update your systems and applications with the latest patches. Also, invest in a web application firewall to keep your network fully protected.
Sources: Security Boulevard, SC Magazine UK
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Web Application Firewall for Cloud: WAPPLES SA
Database Encryption: D’Amo
Authentication: ISign+
Smart Car Security: AutoCrypt