While a number of successful security breaches went down in July, the month also witnessed a success story. Attacks on several dozen colleges were thwarted, although Capital One cardholders weren't so lucky. Other hacks included attacks on Bulgaria's tax revenue office, the cryptocurrency platform of Bitpoint, and a contractor working with the Russian government. As always, The Month in Hacks provides a perpetual reminder to keep your networks protected and secure.
Capital One has confessed that a hacker has gotten access to over to the personal information of over 100 million Americans. In addition to names, birth dates and balances an additional 140,000 people have had their social security numbers compromised. Our friends north of the border were also affected as 6 million Canadian records were also compromised. The news comes in the same week that Equifax was ordered to pay $700 million in fines. Security experts are advising anyone with Capital One accounts to turn on 2FA.
Hackers hit hard in Bulgaria, where they stole more than 5 million records from the country's tax revenue office. The country's overall population is just 7 million, which means the info of nearly every working adult has been put at risk. Data held by the government in most countries is a prime target for hackers, as it often includes dates of birth and other information that remain valid for years. An investigation into the attack is expected to be launched by the Bulgarian Commission for Personal Data Protection. In the meantime, one arrest has been made. The software and computer used in the hack led police to a cybersecurity worker, who has been detained and had his computer devices and equipment seized.
Hackers apparently helped themselves to an estimated 3.5 billion yen, or approximately $32 million, from the cryptocurrency exchange platform of Bitpoint. They were able to breach the Japan-based company by obtaining unauthorized access to private keys in the company's hot wallet. Bitpoint quickly suspended its services once they discovered erroneous outgoing transfers taking place. It was also able to locate a portion of the missing funds after the breach had been announced. Bitpoint's parent company of Remixpoint Inc. provided a breakdown on the currencies stolen. Bitcoin accounted for the highest amount of losses, followed by the cryptocurrencies of XRP, ETH, Bitcoin Cash (BCH) and Litcoin (LTC). Japan is one of the few nations that legally allow cryptocurrencies as a form of payment, and the country's exchange platforms have been consistently experiencing a series of security breaches.
SyTech, a contractor that works with the Russian national intelligence service of FSA, was hacked on July 13. Hackers stole 7.5TB of data from the SyTech network, including information on projects SyTech was working on with Russia's intelligence agency.Hackers gained entry into the network through the SyTech Active Directory server, which ultimately provided access to the entire IT network. The stolen information included screenshots of the company servicers, which hackers posted on Twitter and shared with another other hacking group. They also topped off the theft by posting a “yoba face” emoji on the SyTech website. The “yoba face” stands for “trolling” in Russia. SyTech has since taken down its website following the incident.
A total of 62 universities and colleges were the target of an attack, one that exploited a vulnerability in the enterprise resource planning (ERP) app all schools have been using. The U.S. Department of Education reported that, although this particular attack failed, organizations that use the same ERP app need to be warned of the risk. The app is the Ellucian Banner ERP, and hackers were specifically targeting a module within the app. The module, Ellucian Banner Web Tailor, allows schools to customize user-facing web applications. An additional module within the ERP app, Ellucian Banner Enterprise Identity Services, is also reportedly at risk. The Department of Education stressed that no security breaches have taken place, even though attempts have been made.