Millions of records exposed on a hosting service
by Bleeping Computer – 13 September 2018
An enormous database containing email addresses, passwords in clear text, and financial data has been found on the anonymous file hosting service kayo.moe. The total number of exposed records amounted to 41,826,763.
A representative of the service directed the set to Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site. The records were then compared and checked if this could have been the result of some data leakage.
The expert supposed that the database might be intended for credential stuffing attacks. These usually form a single list of cracked passwords and email addresses and run them automatically against various online services in order to hijack matching user accounts. Such attacks are not that hard to be performed as users tend to reuse credentials on a number of websites.
“When I pulled the email addresses out of the file, I found almost 42M unique values. I took a sample set and found about 89% of them were already in HIBP which meant there was a significant amount of data I’ve never seen before. (Later, after loading the entire data set, that figure went up to 93%.),” Hunt commented.
In order to evade such situations, experts suggest using a password manager that can generate strong unique passwords for every site and turning on two-factor authentication if possible).
Russian extradited to U.S. for a massive attack
by SC Media – 10 September 2018
A Russian hacker conducted a series of attacks on financial organizations. This resulted in the theft of over 80 million people financial records.
Andrei Tyurin from Moscow, 35, was arrested for taking part in a massive hacking campaign targeting a number of U.S. organizations.
“Tyurin’s alleged hacking activities were so prolific, they lay claim to the largest theft of U.S. customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims,” Manhattan U.S. Attorney Geoffrey S. Berman said. “Today’s extradition marks a significant milestone for law enforcement in the fight against cyber intrusions targeting our critical financial institutions.”
Finally, the man was charged with multiple crimes including conspiracy to commit computer hacking, wire fraud count, conspiracy to commit wire and bank fraud, identity theft and four computer hacking charges.
First academic week brings troubles
by The Register – 12 September 2018
It seems that hackers were looking forward for the new academic year to start. The University of Edinburgh became a victim of a major distributed DoS attack on its campus network during its first week of class. As a result, the Scottish university’s websites and wireless network were down due to a flood of traffic. The authorities immediately reported the incident to UK’s National Cyber Crime Bureau. There is no evidence that any data relating to students or employees has been compromised and it is believed that the attack is limited to the one of its network. “While Jisc is responsible for protecting connections to the Janet Network for its members (colleges, universities and research centers), members are responsible for protecting their own cyber space,” said the uni’s internet provider, JISC.
Fetal Diagnostic Institute experiences a ransomware
by SC Media – 13 September 2018
Honolulu-based Fetal Diagnostic Institute of the Pacific (FDIP) reported a ransomware attack. According to the officials, the hack may have compromised patient data as the ransomware gained access to records stored on FDIP servers containing patient information. The malware could have gathered patients’ full name, date of birth, home address, account number, diagnosis, and other details.
“Because this access of PHI was not for the purpose of treatment, payment or health care operations, and did not fall within any of the exceptions to the general rule prohibiting use or disclosure of an individual’s PHI without written authorization as set forth in the Health Insurance Portability and Accountability Act (“HIPAA”) regulations, it constituted a violation of HIPAA,” commented the company’s representatives. “As required by law, FDIP will report this incident to the U.S. Department of Health and Human Services.”
We can see that there are some classic scenarios of attacks that take place almost every week. This week, it was a ransomware attack performed on a medical center, which became victims of attackers very often. As always, do not forget to follow us on Twitter, Facebook, and LinkedIn.
*** This is a Security Bloggers Network syndicated blog from Blog – ERPScan authored by ERPScan PR team. Read the original post at: https://erpscan.com/press-center/blog/week-37-cyberattack-digest-2018-fetal-diagnostic-institute-of-the-pacific-kayo-moe-university-of-edinburgh-and-others/