Welcome to the latest edition of GlobalSign’s weekly cyber security news re-cap.
One of the most impactful stories in the last week has to be that confidential documents were swiped from a U.S. military nuclear missile contractor. The attack is believed to have been carried out by the threat group MAZE, which made the headlines last month after claiming to have attacked Minnesota egg supplier Sparboe Companies with ransomware.
An in-depth story by well-known security researcher Brian Krebs detailed how a Romanian skimmer gang in Mexico – who Krebs has been following for years – ultimately swindled $1.2 billion from its victims.
Earlier in the week it was revealed that an Australian football fan site Aussie Rules Football has leaked up to 70 million records, including users’ personal details and racist private messages, via an unprotected Elasticsearch instance.
Finally, an Austrian village was the victim of ransomware attack by the group NetWalker. The village of Weiz found that its public service system was affected, and as a result, data was leaked from building applications and inspections. While it does not appear to be a major attack, the email subject line regarding the coronavirus was used to bait employees. Remember, don’t click on links if you suspect they are malicious!
For all these stories and more, grab your coffee and read on. Thanks for reading this post, and wherever you are in the world, hoping you have a fantastic weekend!
Top Global Cybersecurity News
InfoSecurity (June 4, 2020) NATO Condemns Cyber-Attacks
"NATO has issued a statement condemning cyber-attacks perpetrated in the midst of the ongoing global health pandemic.
In particular, the organization slammed cyber-criminals who chose to target essential healthcare services, including hospitals caring for those infected with COVID-19 and medical research institutes trying desperately to find a cure for the novel coronavirus.
The statement was issued yesterday in English, French, and Russian. In it, NATO said: 'We condemn destabilizing and malicious cyber activities directed against those whose work is critical to the response against the pandemic, including healthcare services, hospitals and research institutes.'"
EETimes (June 4, 2020) U.S. Critical Infrastructure Full of Security Holes
"The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure, such as industrial control systems (ICS) and operational technology (OT) networks, from home.
But that critical infrastructure, which keeps modern society going even during a pandemic, is seriously under-protected against cyberattacks, say recent reports from cybersecurity companies.
'Critical infrastructure' means more than the obvious utility companies, water systems, and transportation networks. In defining essential workers during Covid-19-related lockdowns, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) lists 16 categories of critical infrastructure. These also include chemical plants, commercial facilities, communications, critical manufacturing, dams, defense, emergency services, financial, food & agriculture, government facilities, healthcare and public health, and IT."
InfoSecurity (June 3, 2020) Cyber-Attack Hits US Nuclear Missile Sub-Contractor
"Confidential documents have been swiped from a US military nuclear missile contractor in a cyber-attack, according to Sky News.
Today the news service reported that cyber-criminals were able to gain unauthorized access to the computer network of New Mexico company Westech International.
The attack is believed to have been carried out by the threat group MAZE, which made the headlines last month after claiming to have attacked Minnesota egg supplier Sparboe Companies with ransomware."
KrebsOnSecurity (June 3, 2020) Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion
"An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.
The multimedia investigation by the Organized Crime and Corruption Reporting Project (OCCRP) and several international journalism partners detailed the activities of the so-called Riviera Maya crime gang, allegedly a mafia-like group of Romanians who until very recently ran their own ATM company in Mexico called “Intacash” and installed sophisticated electronic card skimming devices inside at least 100 cash machines throughout Mexico.
According to the OCCRP, Riviera Maya’s skimming devices allowed thieves to clone the cards, which were used to withdraw funds from ATMs in other countries — often halfway around the world in places like India, Indonesia, and Taiwan."
InfoSecurity (June 1, 2020) Aussie Football Fan Site Leaks 70 Million Records
"An Australian football fan site has been found leaking 70 million records, including users’ personal details and racist private messages, via an unprotected Elasticsearch instance.
The 132GB leak was discovered by SafetyDetectives researchers led by Anurag Sen and is linked to BigFooty.com, a website and mobile app dedicated to Aussie Rules Football, which has around 100,000 members.
Although the information found in the leak wasn’t always personally identifiable as users are mainly anonymous, some of the private messages seen by the researchers contained email addresses, mobile phone numbers and usernames and passwords for the site and live streams."
Coin Telegraph (May 31, 2020) Ransomware Attack Kidnaps Austrian City
"Malware team, NetWalker, launched a ransomware attack against the Austrian village of Weiz. This attack affected the public service system and leaked some of the stolen data from building applications and inspections.
According to the cybersecurity firm, Panda Security, hackers managed to penetrate the village's public network through phishing emails related to the COVID-19 crisis.
The subject of the emails — 'information about the coronavirus,' — was used to bait employees of Weiz's public infrastructure into clicking on malicious links, thus triggering the ransomware."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.