Breach Report – May 2019
Welcome to your one-stop shop for the hottest topics in cybersecurity and overviews of major cyberattacks.
Security Topics of the Month
Cyberattacks Soaring in 2019
According to a recent report by Malwarebytes, cyber threats are up 235% year-over-year in Q1 2019, mostly due to a surge in ransomware and trojans.
The study also found that cybercriminals are increasingly targeting SMBs. These businesses have less money and fewer resources to devote to cyber defense.
Most prominently, cybercriminals are relying on ransomware. Corporate ransomware attacks are up 195% from Q4 2018, and they have grown an astonishing 500% since April 2018.
New Phishing Scam Uses Google Chrome Extension
Beware the fake address bar in Chrome on Android. Typically when you use Chrome on Android, as you scroll down a webpage the URL bar vanishes. Attackers can use this vulnerability to display a fake URL address bar called an “inception bar” that won’t disappear until you visit another website.
The fake bar displays a real website’s address, fooling you into thinking that you’re on a different site than you actually are. By hiding the original URL bar, you can be easily directed towards malicious third-party sites where you could expose your personal or financial data.
Here’s how you can tell if you’re seeing an “inception bar.” Lock your phone and unlock it while on the webpage. The real address bar will show up on top of the fake one, exposing the scam.
Card Data Stolen From 200+ Online Campus Stores
A group of hackers has planted malicious code that steals payment card details inside the e-commerce system used by colleges and universities in Canada and the U.S. The code was found on 201 online stores catering to 176 colleges and universities in the U.S. and 21 in Canada.
Known as a Magecart attack, this code collects payment information from customers using an affected platform. Once the financial data is collected, it’s stored by hacking groups who then sell it on the Dark Web.
Interestingly, cybersecurity researchers noticed that Magecart groups often don’t pursue e-commerce sites directly. Instead, they target components that accompany the online store, such as chat and support widgets.
The Month in Breach
Atlanta Hawks NBA Team Shop Stuck with Payment Skimmer
Fans who ordered merchandise through the team’s online store on or after April 20th had their name, address, and credit card number stolen. That’s thanks to some malicious code planted on the site’s checkout page that records keystrokes. The code bears the signature of Magecart, a well-known collective of online credit card thieves.
The attackers allegedly gained access to the online store through unprotected third-party components of the shop’s cloud hosting service – such as database management tools, marketing plugins, and connected accounting software.
With more than 7 million visitors to the Hawks’ online store every year, this attack impacts a large number of people. E-commerce security scanners can help identify and prevent attacks like this one.
Hackers Steal Citrix Employee Information
Hackers took advantage of weak employee passwords and gained entrance to the company’s network via password spraying. During a password spray attack, a hacker attempts a single commonly used password (such as ‘Password1’ or ‘Summer1999’) against many accounts. If that is unsuccessful, the hacker tries a second password against the accounts, and so on. This technique allows them to remain undetected by avoiding rapid or frequent account lockouts.
Once inside the Citrix network, the hackers accessed information on former and current employees for about six months.
Financial information and social security numbers of employees were at risk, in addition to internal business assets. Even worse, the company disclosed the hackers were able to view personal information regarding employees’ beneficiaries and dependents.
Password spraying targets single sign-on accounts. Using multi-factor authentication and difficult-to-guess passwords can help prevent this form of cyberattack.
Office 365 Accounts Compromised
Hackers used brand impersonation, social engineering, and phishing scams to gain access to the email accounts of Office 365 users. To infiltrate their targets’ accounts, the cybercriminals impersonated companies like Microsoft to convince potential victims to visit phishing landing pages and send over their account credentials.
The bad actors also leveraged usernames and passwords acquired in previous data breaches. Since people often use the same password for multiple accounts, hackers reused the stolen credentials to access additional accounts.
Once inside, the cybercriminals sent thousands of emails to facilitate spear phishing, business email compromise attacks, and malvertising campaigns. Reports show more than 1.5 million malicious and spam emails were delivered by the hackers using roughly 4,000 accounts compromised in March 2019.
Baltimore Back in the Hot Seat
A ransomware attack on city computers this week has left many employees all but unable to do their jobs. The attack has disabled many computerized functions for the Baltimore City Government, including email, online payment platforms, and more.
Business operations have been interrupted for almost every department. City officials have started using library computer labs to process payroll for employees. It’s possible that paychecks for city employees will be delayed.
Indiana Pacers Parent Company Falls to Phishing Campaign
Using phishing tactics, hackers accessed several Pacers Sports & Entertainment (PSE) employee accounts containing sensitive personal information between October 15 and December 4 of last year. The company first learned of the incident almost six months ago but is only just now beginning to notify customers.
PSE did not say if the compromised data belonged to employees or customers. However, the information includes names, addresses, dates of birth, password numbers, health insurance information, driver’s license numbers, social security numbers, debit/credit card numbers, digital signatures, usernames, and account passwords.
Along with the damaging outcomes of a data breach, the organization will now face media scrutiny and resulting customer attrition.