February 16, 2021
By: Kim Morgan
Luxury hotels and cruise shops and satellites OH MY! Though much of the world was still grasping with the effects of COVID-19 related shutdowns, cyber criminals acted as if it were business as usual. We have already examined major cybersecurity breaches of the first quarter of 2020 and second quarter of 2020. Today we will look at a rundown of some of the major breaches of the third quarter of 2020.
On July 7, 2020, Energias de Portugal Renewables North America (EDPR NA) disclosed a cyberattack from April on their parent company’s website. This attack involved ransomware. Luckily, there was no evidence that consumer information was compromised or stolen.
EDP delivers energy to over 11 million customers in 19 different companies. If customer data were breached, this would have far-reaching implications. Often, utility companies require more than the “usual” amount of information to turn on service: banking information, property information, and even personal identification such as social security numbers. Because of this, the company offered customers a free year of Experian identity protection.
The ransomware used appeared to be Ragnar Locker, an operation known for targeting corporations instead of the general populace. Recently, it has been discovered that virtual machines (VMs) are used to load the malware onto systems to bypass whatever security software might be installed.
The popular service that lets users find a couch to “crash” is investigating a possible breach after hackers began selling personal data of it’s 17 million users on Telegram channels and other hacking forums for $700/record via a data broker.
Hacked details include user IDs, real names, email addresses, and CouchSurfing account settings. It is unknown if hackers were able to obtain passwords and chose not to share them or not. The company hired an outside cybersecurity firm to investigate the breach.
Ranked as one of the 11,000 most popular websites on the internet, the service, which was founded in 2004, recently purged its database of inactive users. The total user number dropped to a currently listed 12 million from 15 million. The 17 million figure is thought to include this data as well.
Experts speculate that the “hack” was actually a misplaced backup file. Most backups are stored in the cloud or other virtual environment and can become exposed due to misconfiguration or when firewalls and VPN’s go down.
Usually (though not always) breaches of big and recognizable companies occur because of a misconfiguration or other technical event. However, in August of 2020, The Ritz Hotel in London suffered a data breach in which scammers posed as staff members to steal credit card data.
In a series of tweets from August 15th, the well-known luxury hotel said that the company “was made aware of a potential data breach within our food and beverage reservation system.” This may have led to the disclosure of customers’ personal data.
The scammers utilized spoofing software to appear that they were calling from the hotel chain and asked Ritz restaurant reservation holders the “exact details” of their booking, and then asked for payment information over the phone or say that their card on file was declined and sought an alternative form of payment.
One report demonstrates how sophisticated these scammers were: one guest said a scammer called her a day before she was due to visit the Ritz for afternoon tea. After requesting that she “confirm” her details, the fraudster said her card had been declined and then requested a second payment card. Information in hand, the scam artist then tried to make several transactions exceeding £1000 from retailer Argos.
However, the guest’s bank spotted the odd payments. Perhaps aware this was likely to happen, the scammer then called again — but this time, pretended to be from her bank to obtain the three-digit security code from the back of the payment card, which would authorize future transactions made.
A six-day outage beginning on July 30 on the image.canon website, a service used for uploading and sharing photos through Canon’s mobile application is said to be the source of a cyberattack that may have occurred. After service resumed, Canon revealed that an issue “involving 10GB of data storage” was under investigation. This led to the temporary suspension of related mobile apps as well as the online platform.
Canon maintains that while some of the photo and image files that were saved before June 16th were lost, there wasn’t a leak of image data. “Currently, the still image thumbnails of these lost image files can be viewed but not downloaded or transferred,” the company said. “If a user tries to download or transfer a still image thumbnail file, an error may be received.”
This seems like an isolated, server-related issue, but curiously enough, and internal memo warned employees of IT issues relating to certain apps, Microsoft Teams, and email.
The Group Maze is believed to be behind this. They claim that they stole 10TB of data in the wake of a successful ransomware attack. Their MO, like Ragnar Locker, is to target enterprise level corporations and threaten to expose sensitive corporate information unless the ransom is paid.
On August 17, 2020, Carnival Corporation, the world’s largest cruise line, disclosed they had suffered a ransomware attack over the weekend of August 15th via an 8-K filing with the US Securities Exchange Commission (SEC).
Carnival said the attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. Based on a preliminary assessment of the incident, Carnival expected that the attackers gained access to some guest and employees’ personal data.
The company did not disclose details of the event itself, so the name of the ransomware and extent of the breach are still unknown. Like utility companies, this breach is significant in the type of data travel companies keep on file for their customers. This can include personal IDs (driver’s licenses, passport information), usernames and passwords, and payment details (including credit card information).
Yes, that’s right: satellites. It’s one thing when data breaches are personal information – as troublesome as it may be, there are still ways around protecting individual records. It’s another thine entirely when the system of a 2-ton hunk of metal orbiting the planet.
In September of 2020, three Iranian nationals were indicted on charges of hacking US aerospace and satellite companies, per the US Department of Justice (US DOJ). The hacking spree started in July 2015 and targeted a broad spectrum of victim organizations from both the US and abroad, from where they stole commercial information and intellectual property, officials said.
The three hackers created fake online profiles and email accounts to impersonate individuals, usually citizens of the United States, that work in the satellite and aerospace fields. They would then use these accounts to contact individuals that actually worked in this field to lure them into clicking a link in an email which would install a malware payload.
After infecting victims, the FBI, which investigated these intrusions, said the hackers used tools like Metasploit, Mimikatz, NanoCore, and a generic Python backdoor to search victim devices for valuable data and to maintain a foothold on their systems for future access.
All three hackers are currently on the FBI’s most wanted list.
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About the Author
Kim Morgan is part of the Marketing Department at Mindsight. Since 2007, she has devoted her career to using digital media to educate and effectively communicate a variety of topics at all levels of expertise. Kim’s favorite part about Mindsight is how team members are encouraged to always be curious, and continue developing not only professionally, but also personally. When not working, she can be found toting her 4 kids around in her sweet sweet minivan while rocking out to hits from the late 90’s and early 2000’s.