Hello and welcome to the Memorial Day weekend edition of the GlobalSign weekly cybersecurity news wrap-up.
Once again, data breaches were at the top of the news cycle this week. From new attacks to reports about them, there was quite a lot to digest.
- European airline EasyJet announced it was the victim of a data breach that exposed personal details for nine million of its customers.
- Meal kit delivery service Home Chef confirmed that a data security incident exposed some customer information, including names, email addresses, phone numbers and the last four digits of credit card numbers. Encrypted passwords and account details such as frequency of deliveries and mailing addresses may have also been compromised.
- It was revealed that the State of Arkansas was forced to temporarily shut down an unemployment benefits program last week after an attack potentially exposed the personal information of some 30,000 residents.
- Verizon released the details of its annual breach report.
- New research published by cloud solutions company iomart says that tech companies could lose an average of $174 million per day – or $37.3 billion per month – as a result of compromised records per data breach.
Read on for all this week’s top cybersecurity stories.
Top Global Cybersecurity News
FirstPost (May 21, 2020) Microsoft Alerts About a Covid-19 Phishing Attack in which Malicious Excel Attachments are Being Sent via Email
"Microsoft has cautioned its users about a COVID-19-themed phishing attack, in which hackers send malicious Excel attachments to people through emails to get remote access.
'We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros,' Microsoft wrote on Twitter. The company posted a number of tweets to explain how this campaign is being run."
Wired (May 21, 2020) ShinyHunters Is a Hacking Group on a Data Breach Spree
"Data breaches have become an all too common threat in recent years, exposing personal information through attacks on companies and institutions. Some of these assaults are the result of sophisticated nation state espionage operations, while others are fueled by online criminals hoping to sell the stolen data. Over the first two weeks of May, a hacking group called ShinyHunters has been on a rampage, hawking what it claims is close to 200 million stolen records from at least 13 companies.
Such binges aren't unprecedented in the dark web stolen data economy, but they're a crucial driver of identity theft and fraud. Without new breaches, user details that are already in circulation—like account login credentials, names, addresses, phone numbers, and credit card data—simply get repackaged again and again and passed around criminal forums at lower cost. Fresh data is like gold. But while ShinyHunters came on strong in early May, dropping trove after trove of freshly stolen data, the group now seems to have gone quiet.
'What’s interesting about this is how this group appeared out of nowhere and had all this new data for sale,' says Vinny Troia, CEO of the IT security firm Night Lion Security who has been tracking ShinyHunters. 'I always find that as an immediate flag. Nobody just drops into the scene with all this stuff. So that's why I don't believe Shiny is a new player to this market.'"
TechRepublic (May 20, 2020) New phishing campaign impersonates LogMeIn to steal user credentials
"Phishing campaigns try to trick people by spoofing well-known companies, brands, and products. Such campaigns often strive to reference items in the news to catch the attention of those concerned about current events. As more people work from home due to the coronavirus, a new phishing campaign is impersonating the remote access tool LogMeIn to obtain the account credentials of unsuspecting victims. In a blog post published Tuesday, security provider Abnormal Security explains how this campaign works.
Spotting this new phishing attack for first time in May, Abnormal Security noted that the recent impersonations of LogMeIn and other remote collaboration tools such as Zoom are likely due to the shift in remote work. In this particular attack, the phishing email claims to be from LogMeIn with a notice informing the recipient of a fix to a zero day vulnerability found in LogMeIn Central and LogMeIn Pro. As such, this campaign is also taking advantage of the security concerns raised about these remote access platforms."
CBC (May 20, 2020) Spy agency flags possible security breaches at Canadian pandemic research facilities
"Canada's cyber spy agency says authorities are investigating possible security breaches at Canadian organizations doing COVID-19-related research — less than a week after it warned that Canadian intellectual property linked to the pandemic is a "valuable target" for state-sponsored actors.
'We've seen some compromises in research organizations that we've been helping to mitigate and we're still continuing to look through what's the root cause of those,' said Scott Jones, head of the Communications Security Establishment's Cyber Centre, during an appearance in front of the Commons industry, science and technology committee this evening.
'Yes, we've seen activity coming from organizations where they've seen malicious activity, or at least suspicious [activity], and we're working with them to determine whether or not it was malicious, where it came from and who, and was a success or not.'"
SC Media (May 19, 2020) Six need-to-know takeaways from the Verizon breach report
"Phishing attacks and stolen credentials have become attackers’ most popular avenues of network compromise, and employee errors are helping pave the way according to Verizon’s newly released 2020 Data Breach Investigations Report (DBIR).
Verizon researchers analyzed 157,525 known 'incidents' (defined as a security event that results in the compromise of an information asset) and 3,950 confirmed breaches (meaning data exposure to an unauthorized party was officially disclosed) — all taking place from Nov. 1, 2018 through Oct. 31, 2019. From this data set, the researchers gleaned a trove of insights into recent cybercriminal activity and behavior. Here are six of the more insightful findings from the report."
DataBreachToday (May 19, 2020) EasyJet Data Breach Exposes 9 Million Customers' Details
"European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details.
'Our investigation found that the email address and travel details of approximately 9 million customers were accessed,' according to a notice of cybersecurity incident issued Tuesday by EasyJet, which is based at London Luton Airport, located 28 miles north of central London.
Affected customers will be contacted by May 26, EasyJet adds. 'If you are not contacted then your information has not been accessed.'"
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.