2 September 2016

Last month was rich on security related events, espionage campaigns and simple data breaches. We still continue investigating huge data leaks from 2012. As it appears, in 2012 almost every big IT company suffered a data leak or was hacked: Yahoo ( almost 200 million accounts), Dropbox (68 million accounts), Infowars (50 000 accounts). And many more…

The exposure of secret NSA tools (zero-days in routers manufactured by Cisco, Juniper and Fortinet), Trident vulnerabilities in iOS and Safari, remote code execution in D-Link made obviously our lives much “easier”.

It was very hard for us to choose the TOP incidents due to a huge number of events and pick the most dangerous and prominent ones.

So, here we start:

1. Delta Air Lines

US carrier suffer a data breach, which led to global flight delays around the globe. While information about the breach is not publicly available, it is known that vulnerabilities in Delta Air Lines network were sold by Chinese hackers on Dark Web back in 2015. Unlike Vietnam Airlines data breach, which led to exposing data of 410,000 VIP member accounts of the carrier’s Lotusmiles program, incident with Delta Air Lines managed to influence global air space.

2. Espionage campaign against Russia

FSB discovered espionage campaign against Russian government and military institutions. According to official statement, third-parties successfully infiltrated computer networks of around 20 Russian government and military institutions, military contractors and other companies from critical infrastructure sector.

3. Carbanak and Oracle MICROS PoS hack

Oracle MICROS point-of-sale credit card payment systems were hacked, according to Brian Krebs investigation. It is believed, behind this incident is the Russian organized cybercrime group known as Carbanak. The hackers were able to breach hundreds of computer systems at software giant Oracle Corp. The attackers have also compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.

4. Attack on New York Times

Russian hackers are believed to be responsible for illegal activities against NYC. According to CNN, FBI is investigating a series of attacks against New York Times and other US news organizations.

5. Espionage campaigns against USA

President elections are one of the major concerns to modern hackers. Numerous incidents keep popping out revealing lots of interesting information and dirty facts on political parties. Ilinois State Board of Elections officials reported a security breach in August. Personal information from fewer than 200,000 voters was exposed through a cyber attack of possible foreign origin that began in June and was halted a month later.

Another incident, involving elections is tied to Guccifer 2.0, who hacked US democrats again. According to TSG, the hacker published a list of cell phone numbers and private emails of most house democrats.

6. Attacks on health care systems

Data leaks on health care systems are reported more often. In our opinion, there are two reasons for this number of incidents: sensitivity of information and absence of adequate protection mechanisms. In August, according to official reports, health care systems in US lost personal information of more than 5 million people.

Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced on August 3 that it is notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations.

Valley Anesthesiology and Pain Consultants (VAPC) reported a data breach involving 882,590 patients and all current and former employees. The leaked information contained names, their providers’ names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and in some instances, social security numbers.

Bon Secours Health System reported data breach, involving personal information of 655 000 patients. The leaked data contained patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, social security numbers, and in some instances, bank account information.

New York State Psychiatric Institute lost records of 21880 patients. Between April 28 and May 4, certain parts of their system were accessed by unauthorized individuals and digital information relating to research participants may have been accessed.

American Family Care (AFC) reported 7200 patient records to be stolen due to security breach.

Beckley Appalachian Regional Hospital and Summers County Appalachian Regional Hospital in Hinton had to shut down their systems after detecting security breach. The hospitals’ parent company, Appalachian Regional Healthcare, issued a two-paragraph statement that their hospitals in West Virginia and Kentucky are on an Emergency Operations Plan, after hackers planted a computer virus in its electronic web-based services and electronic communications.

7. Opera server hack

Opera sync users were kindly asked to reset their passwords due to hacking activity against one of the servers. The total number of victims is supposed to be about 1,7 million. Passwords and account information, such as login names, may have been compromised.

8. OneLogin data leak

OneLogin has reported a security breach, which exposed customers “Secure notes” in clear text. Secure Notes was believed to be a secure feature for storing text information such as license keys and firewall passwords on the company’s servers in an encrypted format using multiple levels of AES-256 encryption.

9. vBulletin hacks

This place will be shared among those, who have decided to use vBulletin and not to patch it. As we were writing last week, vulnerable installation of vBulletin is responsible for numerous hacking incidents:

· Mail.ru forums lost 25 million user accounts

· Dota2 forum lost 1 923 972 records

· Epic Games forum was hacked. 808,000 accounts were stolen including accounts from

10. Attack on Google, Intel, Apple, VMWare developers

Developer forums was hacked leaking usernames, email addresses, plaintext passwords, sign up IP addresses and dates, and in some cases physical addresses. The data includes accounts for Google, Intel, Apple, EA, Panasonic, VMWare, IBM, Toshiba, Samsung, and Sony Ericsson employees, as well as many other companies.