Citrix falls victim to weak passwords. Hackers are holding the UK Police Force ransom, and ASUS gets taken down by "Operation ShadowHammer." All this in March's version of The Month in Hacks.
Hackers made away with “an estimated six to ten terabytes of confidential information” from Citrix. This attack was especially concerning considering that Citrix regularly works with the U.S. military, raising concerns about hackers accessing government networks. The stolen information could contain important details about Citrix's networks and projects which would leave the company open to further attacks.
To gain access to Citrix's networks, hackers used a technique called password spraying to exploit weak passwords. Once they'd gained access, the hackers moved to “circumvent additional layers of security,” according to the FBI's statement to the press.
To prevent a similar attack, as CPO Magazine pointed out, “Employees can be encouraged to use other effective password strategies, such as using a password manager or enabling two-factor authentication.”
Hydro, one of the world's largest producers of aluminum, resorted to posting written notices at their offices and facilities to warn staff, telling them not to log into their computers. Workers at many factories were forced to use printed order lists to manually manage production while the systems were down.
The ransomware attack used a relatively new form of malware called LockerGoga which infiltrated the company's networks and, according to Semperis, “Leveraged the organization's own infrastructure to help itself spread.”
Just two days after the attack on Hydro, the U.K.'s Police Federation, which is essentially a union, was hit by a ransomware attack at its headquarters. The organization has 43 office across the United Kingdom but none of these branches except the headquarters was affected. Still, backup data was deleted while email and database systems were encrypted, which disrupted normal services.
According to a statement from the company, “Cyber experts rapidly reacted to isolate the malware and prevent it from spreading.” Investigators found no evidence that data was stolen and believe that the motive was purely financial.
It's clear from these two high-profile ransomware attacks that firms of all sizes must put measures in place, such as two-factor authentication, to make cyber attacks more difficult.
Most ASUS computers come with a program called ASUS Live Update pre-installed. The program ensures that the computer systems are upgraded and patched when they should be, but it's also the very utility which hacker compromised with malware that created a backdoor on at least 57,000 customers' computers.
However, Kapersky Labs—a cybersecurity firm—says that the problem is “much bigger” and may affect “over a million users worldwide.”
The happiest place on Earth is feeling a bit sour as Earl Enterprises has fallen victim to a massive credit card breach. The chain, famous for gimmicky restaurants such as Planet Hollywood and Buca di Beppo acknowledged that two million customer credit card numbers may have been compromised. Malicious software was installed on point of sale systems and that is what led to the attack. The situation has now been contained, just in time for Disney's spring break season.