Privacy Roundup #0130 • May 2017
Leaked NSA exploits powered the WannaCry worm while breaches, phishing campaigns and a record fine made May 2017 a brutal month for data protection.
1. WannaCry ransomware hit the NHS and spread around the world
On 12 May the WannaCry worm encrypted files on hundreds of thousands of computers across more than 150 countries, forcing English hospitals to turn patients away. The malware spread through the EternalBlue SMB exploit that had leaked from the NSA the month before.
2. Google Docs phishing worm hijacked Gmail accounts
On 3 May a fake "Google Docs" app spread through Gmail by abusing OAuth permissions, emailing itself to every contact of each victim. Google shut the campaign down within an hour, but it had already reached around a million users.
3. EternalRocks worm bundled seven leaked NSA exploits
Researchers found a new SMB worm called EternalRocks that used seven of the NSA tools dumped by the Shadow Brokers, where WannaCry had used only two. It carried no payload at first, but every infected machine could be weaponised later.
4. DocuSign breach fed a targeted malware campaign
DocuSign confirmed on 15 May that intruders had stolen a list of customer email addresses from a non-core system. Attackers then used that list to send convincing fake signing requests carrying malware-laced Word documents.
5. Sabre disclosed a breach of its hotel reservation system
Travel technology firm Sabre revealed unauthorised access to payment and customer data in its SynXis reservation platform, which serves more than 32,000 hotels. The company called in Mandiant and notified law enforcement while it assessed the scope.
6. Fraudsters looted W-2 tax data through Equifax's TALX division
Equifax acknowledged that thieves had reset weak four-digit PINs to break into employee tax records held by its TALX payroll unit. The stolen W-2 data exposed salary and employment histories for staff at firms including Northrop Grumman.
7. Bell Canada lost 1.9 million customer email addresses
Bell Canada disclosed on 15 May that an anonymous hacker had stolen roughly 1.9 million active email addresses along with about 1,700 names and phone numbers. When the firm refused to pay, the attacker dumped part of the data online.
8. Edmodo breach exposed 77 million student and teacher accounts
A hacker stole around 77 million accounts from the school learning network Edmodo and offered the data for sale on the dark web. The haul held usernames, email addresses and bcrypt-hashed passwords belonging mostly to children and educators.
9. Zomato breach put 17 million accounts up for sale
Restaurant guide Zomato admitted that 17 million user records, including email addresses and hashed passwords, had been taken and listed on a dark web market. The company traced the intrusion to a compromised developer account and negotiated removal of the data.
10. Chipotle confirmed card-stealing malware at most of its restaurants
Chipotle reported the findings of its investigation on 26 May, confirming that point-of-sale malware had captured payment card data at the vast majority of its locations. The malware harvested card numbers, expiry dates and verification codes from the magnetic stripe.
11. Target settled its 2013 breach with 47 states for 18.5 million dollars
On 23 May Target agreed to pay 18.5 million dollars to settle investigations by 47 states and the District of Columbia over its 2013 card breach. The deal, the largest multistate data breach settlement to that point, also imposed new security requirements.
12. OneLogin breach exposed the ability to decrypt customer data
Identity provider OneLogin disclosed on 31 May that an attacker had used stolen AWS keys to reach its US data centre. The firm warned that the intruder may have obtained the means to decrypt encrypted customer data.
13. EU fined Facebook 110 million euros over WhatsApp claims
On 18 May the European Commission fined Facebook 110 million euros for giving misleading information during its 2014 takeover of WhatsApp. Facebook had told regulators it could not match accounts across the two services, then began doing exactly that.
14. EFF warned that gutting Title II would gut broadband privacy
The EFF cautioned that FCC chairman Ajit Pai's plan to strip broadband of its Title II classification would dismantle the legal basis for both net neutrality and ISP privacy rules. Without that authority, the agency would struggle to stop ISPs selling subscriber data.
15. EFF challenged the FBI's mass hacking in the Playpen case
The EFF argued before a federal appeals court that a single warrant used to deploy malware against more than 8,000 computers worldwide was unconstitutional. The case stemmed from the FBI's decision to run a child abuse site for two weeks to infect its visitors.
16. Macron campaign emails were leaked days before the French vote
On 5 May, two days before the French presidential runoff, Emmanuel Macron's campaign reported a massive coordinated hack that dumped fifteen gigabytes of stolen emails online. The campaign warned that forged documents had been mixed in to spread disinformation.
17. Hacked HandBrake downloads spread the Proton Mac trojan
For several days in early May a download mirror for the HandBrake video tool served a tampered build carrying the Proton remote access trojan. The malware could siphon the entire macOS keychain, so infected users were told to change every password.
18. Judy adware infected millions of Android users through Google Play
Check Point uncovered an auto-clicking adware campaign called Judy hidden in 41 apps on the official Play store. The apps had been downloaded millions of times and quietly generated fraudulent advertising clicks on victims' phones.
19. Conservative manifesto promised tighter control of the internet
The UK Conservative manifesto declared that government should regulate online life, proposing new powers to fine technology firms and police what people post. Critics warned the plans pointed towards weakened encryption and broad state oversight of the web.
20. Kmart confirmed card-stealing malware on its payment systems
At the end of May Kmart disclosed that malware had infected its store payment systems and may have captured customer credit card numbers. The retailer said no names, addresses or social security numbers were exposed in the incident.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: