1 July 2016

June was tough on various security incidents and we did not even have time to write about them. In this short review we will try to cover the most remarkable events in cybersecurity and hacking industry. While a lot of attention from security community was paid to Brexit at the end of the month, hackers continued to work hard and achieve their goals.

In this article we will divide incidents by categories and then chose our winners of the month.

Passwords leaks

Forum of a popular Bittorent client uTorrent was hacked. Logins, passwords and other potentially sensitive information from over 150 million users was stolen by hackers.

100 million account from Russian popular social network VK (VKontakte) surfaced after similar reports for LinkedIn, MySpace and others. The data dump originates approximately from 2011-2012. Most likely, the passwords were stolen from infected users’ computers.

iMesh dump exposed 51 million passwords. The data originated after breach back in 2013.

45 million records from 1100 Verticalscope.com domains and communities dumped. LeakedSource bragged.

Twitter accounts leaked. LeakedSource bragged again about adding to their database 32,888,300 Twitter credentials. The nature of this data dump most likely is the same as for all similar incidents: malware infection.

Muslim Match service got hacked, revealing personal messages and conversation along with credentials of 150 000 users.

Personal information leaks

Japanese travel agency JTB Corp. reported a huge data breach concerning 7,93 million people. The incident occurred due to unauthorized access to their server. Information including names, physical addresses, email addresses and passport numbers was stolen by unknown party.

Canadian DAC Group advertising company leaked personal information on 93 000 customers. The leaked data contained full names, email addresses, hashed passwords and geolocation.

Acer Service Corporation reported a massive data breach. More than 34 000 customer data from e-commerce website was leaked. Attackers were able to access this information from May 12, 2015 until April 28, 2016. The hackers were able to gain access to customer names, addresses and cred card information, including card numbers, expiration dates and CVVs.

On June 27 BBC reported that personal information on 112 000 French police officers was uploaded to Google Drive public folder. The breach comes from unnamed organization which provides services for French police.

University of Greenwich lost personal information of 21 000 students after successful hacking attack. The university website was hacked and its database compromised.

Anonymous leaked personal information of 5400 Spanish police officers.

UNM Hospital leaked data of 2800 patients due to wrong mail address. The leaked data include names of patients, names of their providers and medical services.

Personal information on 2,437 US military officials was publicly disclosed during #OpSilence campaign. The revealed data included names, emails, phone numbers, Dob, addresses, zip codes, credit card data including types, numbers, expiration date and CVV codes in plain text.

US National Network of Abortion Funds reported successful hacking attack. The incident occurred in April, when people started to receive threats. The attackers were able to gain access to website, install malware on it and capture information during transmission of donations. The attackers were able to access emails, physical addresses and credit card data.

Citrix GoToMyPC service was resetting customer passwords due to successful hacking attack on company’s resources.

GitHub suffer a massive password re-use attack this month and was notifying customers on potential malicious activity.

Limited exposures

Thomson-Reuters World-Check terrorist database was found online exposing records on 2,2 million people. The leak comes from unprotected CouchDB instance.

Voter database found in one of CouchDB databases contained personal information on 154 million US citizens.

Cambridge Institute has joined the unlucky MongoDB fun club by leaving their database open to everyone. Leaked over 627000 records with personal information, clear text passwords, names, addresses, etc.

US Sutter County Superior Courthouse exposed personal information of several thousand people. The information including defendant’s Social Security number, birthday, driver’s license number and home address was available within 6 hours via public computer.

T-Mobile Czech Republic was very close to losing 1,5 million records to insider, who was trying to sell customer personal information.

Australian NSW Trainlink online booking system hacked. The company denies data leak, claiming they had defense systems in place which prevented unauthorized disclosure of any sensitive data to third-parties.

Attacks on banks and cryptocurrency

Carbanak/Akunak and Buhtrap activity. Ukrainian media reported $10 million stolen from Ukrainian bank. First reports appeared on June 23. The Ukrainian news website liga.net reported, citing head of local ISACA, that hackers infiltrated IT network of unnamed bank and used SWIFT to steal money from customer accounts. Most likely, the bank in question is the biggest bank in Ukraine, called Privatbank.

Decentralized Autonomous Organization (DAO) was abused due to vulnerability in cryptographic algorithms. The hacker managed to withdraw $53 million in cryptocurrency. This transaction was blocked, however DAO might suffer consequences.

CiCi’s Pizza breach was reported by Brian Krebs revealed infiltration into large network of PoS terminals. The attackers posed as technical support specialists for the company’s point-of-sale provider and stole data from customers’ credit cards.

Gatecoin - Hong Kong cryptocurrency exchanger - lost $2 million in cryptocurrency due to cyberattack.

Dark web market Sh0ping.su was hacked, revealing credit card numbers of roughly 9000 website users.

Hacking incidents

North Korean hackers managed to gain unauthorized access to 140 000 computers located in South Korea. The incident involves around 160 companies and government agencies.

Democratic National Committee was hacked supposedly by Russian government hackers.

Over 2100 Malaysia servers hacked, according to Kaspersky Lab, who uncovered a bid on underground market xDedic for over 70 000 dedicated servers worldwide.

Ransomware

Management of University of Calgary are obedient citizens, they do as FBI suggests. The university paid $20 000 after ransomware attack to retrieve encrypted data.

Computers in Janesville airport (Wisconsin) were hit by ransomware. The officials reported the airport staff was tricked into opening fake emails, which had malicious attachments.

TOP-10 Winners

As promised, here is our incident rating. We composed it based on the majority of the incident and possible outcome: