Hackers had a field day in June, attacking a scientific service provider, leaking data stolen from a social engineering forum, and shuttering an airplane parts maker for days. A past hack of NASA data also made its way into the news this month after it was exposed by an audit. You hate to see it.
Check out The Month in Hacks for an ongoing reminder of the importance of fortified cybersecurity.
‘Highly Sophisticated’ Attack on European Scientific and Forensic Service Provider
A “highly sophisticated” ransomware attack hit Eurofins Scientific, a scientific and forensic service provider for a number of UK law enforcement agencies. While CBR Online reported sensitive law enforcement data was thought to be put at risk from the data breach, Eurofins Scientific eventually confirmed otherwise. The company said it found no evidence that confidential client data had been stolen or transferred.
The attack did impact operations of laboratories and systems across the firm. Most of the operations in the affected labs had been restored as of June 17, yet some systems were still inoperable. Eurofins Scientific said the greatest impact of the breach is likely to be financial.
Sensitive NASA Data Stolen Using $25 Computer
Costly damage doesn’t require costly computer systems, as evidenced by hackers who used an inexpensive Raspberry Pi computer to steal data out of the IT network at Jet Propulsion Laboratory. The stolen data consisted of an estimated 500 megabytes of NASA data related to missions to Mars in April 2018, according to Pasadena Now.
This particular attack, which was one of several brought to light during a June audit, continued undetected for nearly a year. Hackers were able to enter the system with an external user account, exploiting security control system weaknesses to remain in the JPL network for 10 months.
Social Engineering Forum Hacked, User Data Leaked to Rival Site
The social engineering forum known as Social Engineered was the target of a data breach that compromised, and then leaked, a massive amount of user data. The breach happened on June 13, ZDNet reports, resulting in the theft of 89,000 unique email addresses. Those email addresses were linked to 55,000 forum account holders, IP addresses, usernames and passwords, all of which were leaked and published online.
Private messages sent by users were also part of the breach, which was reportedly caused by a vulnerability in the free, open-source MyBB software used to create and maintain online forums. Social Engineered has since switched to the paid XenForo platform, asking members to donate to cover the cost of moving away from a free platform.
Ransomware Attack Shutters Airplane Parts Maker Indefinitely
Airplane parts maker ASCO Industries was forced to shut down its plants for days following a June 7 ransomware attack, according to SC Magazine UK. The Belgium-based aviation structure and airplane parts business was forced to tell its employees they were technically unemployed until further notice.
ASCO runs under the parent company of SRIF, and the attack came two months after the European Commission approved an acquisition of SRIF. US-based Spirit Aerosystems had been poised for an all-cash takeover of SRIF to the tune of $650 million since May 2018. There was no indication of any data stolen, or the identity of the perpetrators behind the attack.