Cyber Security November Breach of the Month

Published on December 21st, 2017 | by Vishrut Sharma

Breach of the Month, November 2017

Every Friday the SS8 Twitter feed features a notable breach, leak, or hack as our pick for the SS8 #breachoftheweek. At the end of every month, our engineers take a look at each of these ‘finalists’ and select one outstanding breach as our #BreachOfTheMonth pick. Which did we choose for November? This month’s breach threat analysis features the thoughts of Threat Researcher Vishrut Sharma:

Data breach in Malaysia leaks 46 million phone numbers

A Malaysian technology website discovered user data of more than 46 million mobile subscribers being sold on its forums for an undisclosed sum of bitcoins. The data seems to be stolen from multiple commercial websites and includes reserved user data from at least 12 Malaysian mobile operators. The data was traced back to the dark web and had been stolen from multiple sources as was evident from the diverse formatting styles of the dataset. Further investigations also showed timestamps which were last updated in July 2014 and suggest that the data has been available on the dark web for some time now. This leak makes users of the breached data vulnerable to social engineering attacks and also phone cloning.

Boeing 757 hacked by Homeland Security

A Boeing 757 airplane parked in Atlantic City, NJ was successfully broken into by a team of hackers working for the Department of Homeland Security. They exploited a vulnerability in radio frequency communications and Robert Hickey the lead researcher said he was able to accomplish “a remote, non-cooperative, penetration” on the aircraft. After being informed about the test Boeing claimed that the test did not identify flaws in the design of the 757 and the hack was caused because of flaws in RF communication. In the past, there have been instances where security researchers have indicated that connectivity of airlines could “potentially provide unauthorized remote access to aircraft avionics systems.” While the specifics of the experiment were not disclosed Hickey said they were able to establish a “presence” on the systems of the aircraft using “typical stuff” that could get through security. According to the researchers, recent models of aircrafts are better equipped to handle information security challenges but issues remain when dealing with legacy aircrafts that did not examine threats to security during their design.

Uber paid a ransom of $100,000 to cover up enormous data breach

This month saw the disclosure of a data breach that affected 57 million user accounts of Uber customers. The company has admitted to discharging $100,000 to hackers so that the massive data breach is kept secret. CEO Dara Khosrowshahi made the public admission of the breach that took place in October 2016. The data leaked included names, email addresses and phone numbers of 50 million passengers and about 7 million drivers. The dubious facet of the incident is that Uber chose to pay $100,000 to hackers so that the data is “deleted” instead of informing the customers and regulators. The anatomy of the attack was pretty straightforward with hackers accessing data through Uber’s Github account that had credentials for customer data stored on an Amazon server.

Verticalscope breached again!

For a second time in two years, Canadian Web forum manager Verticalscope experienced a huge data breach. This time around, the data contained email addresses, usernames, and passwords of 2.7 million users. Vertical scope is an integrated multi-platform media company that runs a network of websites that supply products to automotive, sports and technology markets. Alex Holden who discovered the hack was able to contact one of the hackers and found that a backdoor “Web shell” was used to perform the attack. Web shells make it possible to remotely gain control over a website and perform all admin level operations including dumping entire databases. It is also speculated that one of the hacked Verticalscope domains leads to an online service called LuiDB. This service acts as a database for accessing personal information leaked during a breach. A query to this database requires a subscription paid for using bitcoins.


Uber paid a ransom of $100,000 to cover up enormous data breach

This hack wins in November because of its impact on brand “Uber”. The attack was not sophisticated and raises serious concerns over how well Uber can manage user data. It is often seen that paying a ransom for data loss does not guarantee the death of an attack and Uber decided to keep the attack secret for almost a year instead of revealing it and raising public awareness. It is also alarming that Uber stored critical user data on a 3rd party server without any encryption. Clearly Uber has much to answer about its security practices and policies.

These factors coupled with the wave of bad publicity and loss of credibility for Uber make it a clear winner for the month of November.

Vishrut is a Threat Researcher at SS8. He believes that in the rapidly changing security landscape of today, signature based malware detection will have to be augmented with AI and machine learning to defend computers from next generation cyber adversaries.

Tags: , , , , ,

Leave a Reply

Back to Top ↑

Show Buttons
Hide Buttons