The Month in Hacks: June 2017

WannaCry continues to ravage the internet, US voter data is compromised by an unsecure server, and hackers receive a $1 million ransom. It's all this and more in The Month in Hacks.

Brute force cyberattack targets the UK House of Parliament

A brute-force cyberattack compromised the email inboxes of over 90 MPs, lawmakers, and staff working at the UK Parliament offices, in an attack that lasted for over 12 hours. When the hack was discovered, all emails on the network were temporarily shut down, leaving officials unable to access their email. Security personnel believe that no personal information was compromised in the attack, but can't be certain.

Politicians affected by the hack are at risk of phishing schemes or blackmail. While it is unknown who is responsible for the attacks, the incident occurred two days after the passwords of British cabinet ministers were sold online by Russian hackers.

WannaCry ransomware continues its global attacks

The WannaCry ransomware has reappeared, affecting Honda Motor Company and speed and light cameras in Australia. Honda was forced to shut down production for over 24 hours, meaning that over 1,000 units in the Sayama factory near Tokyo were not produced as planned. Experts state that Honda did not install the critical patch to protect against the ransomware, although the system has since been secured.

Australian private camera operator Redflex was also compromised by WannaCry, announcing that over 55 speed and light cameras in Victoria were affected. Experts do not believe the virus caused the traffic cameras to record incorrect information, but the issue has been referred to the commissioner for further investigation. The cameras were accidentally affected when a compromised USB drive was connected to the network.

Decade-old Linux vulnerability discovered and patched

Researchers found a decade-old vulnerability called “Stack Clash” in several versions of Unix-based software, including Linux, OpenBSD, NetBSD, FreeBSD, and Solaris. The hole allows attackers to gain complete control of a compromised system, as well as access other computers on a network. It is not known how many systems were compromised in the ten years that this vulnerability existed.

Many affected vendors have released a patch for the bug, and administrators are recommended to install the patch as soon as possible. To best safeguard Linux systems against future attacks, experts recommend frequently updating the system with the newest patches and security tools.

NAYANA pays hackers $1,000,000 to retrieve customer data

NAYANA, a South Korean web hosting company, paid hackers $1 million in Bitcoin after Linux ransomware attacked all 153 of its servers, encrypting the websites and data of 3,400 businesses on their network. Originally, the company demanded nearly $4.4 million for the data, but after eight days of bargaining, the parties settled on the $1 million ransom fee, paid in three installments.After examining the attack, researchers discovered that the attackers used Erebus ransomware designed for Linux. The compromised files couldn't be decrypted without RSA keys, meaning that the only way the attack could have been stopped was through preventative measures.

U.S. voters' information compromised due to third-party vendor vulnerability

Over 60% of the U.S. population (198 million people) had their data exposed after it was stored on an unsecured server managed by the Deep Root Analytics and the US Republican National Committee. Researchers stated that anyone could have downloaded the data without needing to enter a password.

The data stored on the server was used by Deep Root Analytics to determine exactly how people would vote in the 2016 election. The server was secured two days after the flaw was reported, and Deep Root has hired a security firm to investigate the extent of data exposure.

DoubleSwitch hack spreads fake news through Venezuela

A new style of hack, called DoubleSwitch, has been circulating Twitter. Hackers accessed the Twitter accounts of a Venezuelan journalist and a politician/human rights activist and used the account to spread fake news to followers.

The style of hack makes it very difficult for the original owner to regain control, as the hacker uses stolen credentials and then updates the email associated with the account. All requests for password resets are then directed to the hacker's email, instead of that of the proper owner. The hack likely could have been prevented if account verification was sent using SMS two-factor authentication instead of e-mail authentication.

Malicious Colourblock app found in Google Play Store

A new puzzle game app called “colourblock” was discovered to be hiding malware. The app, available in the Google Play Store, allows the developer to gain full access to a user's smartphone and all data stored inside. Hackers were able to bypass the marketplace's security checks by uploading a clean version originally, then updating it with a malicious version.

The app has since been removed from the Google Play store, but over 50,000 phones were compromised before the app was discovered. Experts recommend that users who downloaded the game perform a full factory data reset to mitigate the malware.

Fireball malware attacks over 250 million PCs and Macs

A form of malware, dubbed “Fireball”, has affected over 250 million PCs and Macs around the world. Spread in an adware package, the malware allows hackers to take complete control of web browsers, spy on victim's web traffic, and steal their data. Currently, the malware is being used to install plugs to boost ad revenue.

Fireball is bundled with other free software programs that can be downloaded off the internet. The malware is being distributed by Rafotech, a large Chinese digital marketing agency.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.