Weekly Executive Summary Week Ending June 24, 2016

By Joseph Lorenz on June 24, 2016

Targeted Industries

  • Transportation
  • Software
  • Information Technology
  • Telecommunications
  • Internet

Active Threats

  • Anonymous
  • GCHQ (UK)
  • Lizard Squad
  • Inj3ct0r Team
  • APT28 Pawn Storm – Tsar Team

Major Events

  • ACER Ecommerce Site Spills Credit Card Information of Thousands
  • GoToMyPC Suffers Major Password Reuse Attack
  • Voter Database Leak Exposes 154 Million Sensitive Records
  • Crypto-ransomware Attacks Hit Over 700,00 Users in One Year

Conclusions

A letter was released last week from Taiwanese electronics company ACER, stating that there was a data breach in its e-commerce site where customer’s names, addresses, card names, expiration dates, and three-digit CVV security codes were accessed by a third party. Anyone who purchased an item from the site from May 12, 2015 – April 28, 2016 may have been affected according to the company. The company says that they regret that the incident occurred, and are working hard to enhance their security. They reassured customers that they do not store social security numbers and that username and password credentials don’t seem to be affected. This attack should not be taken so lightly, as credit card fraud is becoming a common occurrence in today’s rise of third-party breaches and the information could easily be used to make online purchases.

Source: ACER Ecommerce Site Spills Credit Card Information of Thousands

A remote desktop access service “GoToMyPC” which is owned by Citrix Systems is forcing all of its customers to reset their passwords, because of a sophisticated attack that targeted password reuse. Attackers would use usernames and password credentials that were leaked from other websites to gain access to the Remote Access service. Once Citrix became aware of the attack they took immediate action, by including mandatory password resets for all GoToMyPC users. Though password reuse attacks normally aren’t very sophisticated, there have been successful attempts against several popular services including Github, Facebook, Netflix, Reddit, TeamViewer, and Twitter. This is an excellent example of why users should use strong and unique passwords on every account, the company urges for the similar practices and mentions the importance of enabling two-step verification to prevent unauthorized access.

Source: GoToMyPC Suffers Major Password Reuse Attack

A white hat hacker Chris Vickery discovered a database of 154 million U.S. voter profiles on an unprotected server. It was full of sensitive data including voter names, addresses, email addresses, phone numbers, gun ownership information, preferences on gay marriage, and links to individual social media accounts. The data was initially owned by voter data broker L2, who sold it to an undisclosed U.S. based company. L2 claims that the U.S. company accidently left it unprotected sitting on a Google cloud account.  Vickery stated that he was not the first person to find this vulnerable server, and after reviewing the server logs he found that multiple people had accessed the server before him including an IP address from outside the United States. The database was removed only days after receiving the information from Vickery, but he mentioned that this is not the first or even largest unprotected voter database he had found.    

Source: Voter Database Leak Exposes 154 Million Sensitive Records

Kaspersky Lab has found a significant increase in encryption ransomware attacks this year compared to last, about 5 ½ times as much or 17.7% with 718,536 users being hit by the attacks from April 2015 – March 2016. A senior malware analyst at Kaspersky Fedor Sinitsyn, says that “The biggest problem with crypto-ransomware today is that sometimes the only way to get the encrypted data back is to pay the criminals, and victims tend to pay. ” . Sinitsyn also mentions that companies and everyday users should implement regular backups, and keep up-to-date on the latest cybersecurity risks to protect themselves from attacks like these.  

Source: Crypto-ransomware Attacks Hit Over 700,00 Users in One Year

 

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity.

Mail us at: uhwocscc@hawaii.edu