Welcome back to GlobalSign’s weekly news round-up. As always, there is lots to review!
One of the biggest developments of the week was here in the US, where the Department of Justice brought down indictments against six Russian military officers. The US government alleges the officers are members of Russia’s main intelligence directorate, also known as Sandworm. The officers are suspected of carrying out major hacks including the 2015 Ukrainian power grid attack, deploying destructive NotPetya malware and even attacking the 2018 Olympics. It is also possible the unit interfered with the 2016 US election.
Also notable this week are the hackers who say they are giving back, because, they “want to make the world a better place.” Hmmm, how about not extorting money for a living to begin with?? But anyway, the Darkside group says it has donated a portion of the ransom demands it collected to Children’s International, and The Water Project. It’s the least the group can do since as recently as last month it carried out attacks which have allegedly garnered millions of dollars in extorted money.
After receiving numerous complaints regarding children’s personal data on Instagram, Ireland’s Data Protection Commission launched two investigations into the organization. The first inquiry will assess Facebook’s reliance on certain legal bases for its processing of children’s personal data on the Instagram platform. The second inquiry will focus on Instagram profile and account settings and the appropriateness of these settings for children.
Meantime, the White House is denying reports that a Dutch security researcher accessed President Trump’s Twitter account last week by guessing his password: “maga2020!”. Victor Gevers, chair of the Dutch Institute for Vulnerability Disclosure, told TechCrunch he guessed the president’s account password and was successful on the fifth attempt. Gevers said the President’s Twitter account was not protected by two-factor authentication.
That is all for this week. Thanks for stopping by our blog!
Top Global Security News
Graham Cluley (October 22, 2020) Sopra Steria hit by cyber attack. IT services group suspected of falling victim to ransomware
"European IT services group Sopra Steria has been hit by a cyber attack.
Which would be unfortunate for any business at the best of times, but is possibly even more galling for a firm like Sopra Steria which has a specialist cybersecurity branch which claims to help customers 'protect sensitive information, and prevent costly data breaches.'
Naturally Sopra Steria’s corporate clients, some of whom rely upon the firm to operate their core business processes and IT systems, will be concerned and will have plenty of questions regarding the nature of the attack."
TechCrunch (October 22, 2020) President Trump’s Twitter accessed by security expert who guessed password “maga2020!”
"A Dutch security researcher says he accessed President Trump’s @realDonaldTrump Twitter account last week by guessing his password: “maga2020!”.
Victor Gevers, a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities, told TechCrunch he guessed the president’s account password and was successful on the fifth attempt.
The account was not protected by two-factor authentication, granting Gevers access to the president’s account."
Bleeping Computer (October 21, 2020) Montreal's STM public transport system hit by ransomware attack
"Montreal's Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems.
On October 19th, STM suffered an outage that affected its IT systems, website, and customer support.
While these outages did not affect the operation of buses or metro systems, people with disabilities who rely on STM's door-to-door paratransit service are affected as it uses an online registration system."
ZDNet (October 20, 2020) Ransomware gang donates part of ransom demands to charity organizations
"A ransomware gang has donated a part of the ransom demands it extorted from victims to charity organizations. Current recipients include Children International, a non-profit for sponsoring children in extreme poverty, and The Water Project, a non-profit aiming to provide access to clean and reliable water across sub-Saharan Africa. Each organization received 0.88 bitcoin (~$10,000) last week, according to transactions on the Bitcoin blockchain [1, 2].
The sender was a ransomware group going by the name of Darkside. Active since August 2020, the Darkside group is a classic "big game hunter," meaning it specifically goes after large corporate networks, encrypts their data, and asks huge ransom demands in the realm of millions of US dollars."
Data Breach Today (October 19, 2020) 6 Russians Indicted for Destructive NotPeyta Attacks
"The U.S. Department of Justice unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking operations, including deploying destructive NotPetya malware - tied to more than $10 billion in damages - and attacking the 2018 Olympics.
All six suspects are allegedly members of Russia's Main Intelligence Directorate, also known as the GRU, and specifically part of GRU Unit 74455, which many security researchers refer to as Sandworm.
At a Monday press conference to announce the indictments, the U.S. Attorney for the Western District of Pennsylvania, Scott Brady, said investigators suspect that GRU Unit 74455 was integral to Russia's attempts to interfere in the 2016 U.S. election."
Irish Legal News (October 19, 2020) Privacy watchdog to probe Instagram over children’s data
"Ireland’s Data Protection Commission (DPC) has launched two inquiries into the processing of children’s data by Instagram, part of Facebook Ireland Limited.
The DPC said it had received a number of complaints concerning the processing of children’s personal data on Instagram and had identified potential concerns which require further examination.
The first inquiry will assess Facebook’s reliance on certain legal bases for its processing of children’s personal data on the Instagram platform."
InfoSecurity (October 16, 2020) Dickey’s PoS Breach Could Hit Three Million Cards
"Another popular US restaurant franchise appears to have been on the receiving end of a major point of sale (PoS) data breach, with dark web traders claiming to have three million cards to sell.
Threat intelligence firm Gemini Advisory analyzed data uploaded to infamous carding forum Joker’s Stash and revealed that Dickey’s Barbecue Pit is the affected restaurant chain.
It said that customers in around a third of locations, 156 of 469, across 30 states may have had their cards compromised between July 2019 and August 2020."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.