The Month in Hacks: August 2017

Hackers target another cryptocurrency site, experts warn of hacker initiated power outages in Europe, and OurMine reminds HBO (and all) of the value of two-factor authentication. It's all this and more in The Month in Hacks.

1 million users of Web Developer Chrome Extension targeted by hackers

Hackers compromised a popular Chrome extension, Web Developer, which provides tools for web design and coding and has been downloaded by over 1 million users. Once they accessed the extension, they modified it with ad-injection capabilities to directly display ads in the web browsers of users. Hackers can also view anything happening on a user's browser, including reading website content and recognizing keystrokes.The developer of the app fell victim to a phishing attack, which allowed hackers to inject the malicious files into the plugin. He removed the bug three hours after it was discovered, but hackers may still have received valuable information during the time it was active.

Vulnerability discovered in solar panels allowing for total shutdown

A Dutch researcher recently found security vulnerabilities in Internet-connected SMA inverters, an essential component of solar panels that converts direct current into alternating current. Hackers can easily gain control of a large number of converters and turn them off, resulting in widespread power outages across Europe.The researcher who discovered the flaws outlined a worst-case scenario, saying that a three-hour power outage across Europe could cause around 4.5 billion euros ($5.4 billion) of damage. Currently, SMA denies that the flaws in their inverters exist, and no solution has been presented.

Unpatchable flaw allows hackers to shut down safety features in smart cars

Researchers have discovered a new flaw in the controller area network protocol of electronically-controlled cars. The vulnerability allows hackers to disable airbags and other safety features, including power-steering, parking sensors, and anti-lock brakes. Since the CAN protocol is used in almost every light-duty vehicle being made today, the flaw affects cars made by every major vendor.To execute the attack, hackers override the CAN system with error messages, cutting a device off from the greater CAN system and making it inoperable. While the attack can only be spread if a hacker has access to your vehicle, experts warn that vehicles used for ride-sharing and rentals are easy targets. The flaw cannot be patched with an on-the-air upgrade or a dealer recall, meaning that there is currently no solution to the problem.

Over $490,000 worth of cryptocurrency stolen in Enigma hack

Enigma, an online cryptocurrency investment platform, was targeted by hackers, who accessed their website, Slack account, and email newsletter account. The hacker used the platforms to urge users to send money to their crypto wallet through a fake address, which funneled over $490,000 to the hacker.The hack is believed to have originated from the email of Enigma's CEO. His email was compromised in the hack of a different service in the past, which allowed hackers to access the password information stored in the account easily. In response to the attack, Enigma has implemented new security measures around their employee email accounts, including two-factor authentication.

Desktop email flaw allows hackers to modify sent email content

Researchers have discovered a vulnerability that allows hackers to access an email that is already sent, turning a benign email sent to a desktop client into a malicious one. The flaw, called Ropemaker, allows hackers to modify the CSS and HTML of an email that has already been delivered.While the flaw hasn't been seen in the wild yet, researchers warn that all desktop email clients on both iOS and Windows systems are vulnerable. It may also be possible that the flaw is already being exploited in targeted attacks on certain people.

Ransomware can now easily be created in an app

Android ransomware can now be made in an app. Hackers are selling ransomware-as-a-service (RaaS) kits, which allows non-tech savvy users to set up their own ransomware and spread the virus to a large audience. Users can select what kind of ransomware they want to build and can receive distribution options once the app is created.The apps require that users subscribe to the service and pay a one-time fee to the app's developer. Due to the ease of creating the ransomware, experts warn of a significant increase in ransomware attacks in the next few months.

Wikileaks hacked by OurMine after issuing hacking challenge was recently taken over by Saudi Arabian hacking group OurMine, who claimed that the site challenged hackers to try to hack their site. Challenge accepted. Visitors to Wikileaks were redirected to a page warning Wikileaks that their security is low.The attack used DNS poisoning, which was carried out through hacking Wikileaks' domain provider. Due to the nature of the attack, it's unlikely that Wikileaks' servers were compromised, although they have not commented on the hack yet.

HBO has a bad month, thanks to hackers

Earlier in August, hackers attacked HBO, obtaining and releasing the scripts for upcoming Game of Thrones episodes, as well as episodes for new series like Curb Your Enthusiasm. Now, hackers have gained access to the company's Twitter and Facebook page, posting a message confirming that they controlled the accounts.OurMine, the company responsible for the Wikileaks hack, is behind the social media attacks. They tweeted a message on the HBO account, encouraging the HBO team to upgrade their security and to contact them to get the accounts back. HBO states that the infringement on their social media was “rectified quickly.” This was, however, another case where enabling two-factor authentication of the social media accounts could have prevented the takeover. As Jeff Pollard, security analyst at Forrester Research, explained to Wired, “The majority of the time, the lessons that are learned from these sort of events is that basic security principles and basic security hygiene are often not followed.”

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.