Security Incident Overview May 11-17, 2020
Last week, a number of large enterprises and organizations became victims of cyber attacks, ranging from data leaks and ending with attacks using ransomware. Read about these and other important security incidents in our review.
As mentioned above, last week ransomware operators of all stripes showed great activity. For example, on May 14, the electricity company Elexon, which plays a key role in the UK power supply system, was attacked. Everything indicates that the enterprise was attacked with the help of ransomware that entered the corporate network through a vulnerability in the Pulse Secure SSL VPN server.
The largest in the United States and one of the largest suppliers of ATMs and payment technology in the world, Diebold Nixdorf underwent a cyber attack using ProLock ransomware. The amount of the buyback required is unknown, but in the case of ProLock, it is usually six-figure ($ 175-660 thousand, depending on the size of the network). The company decided not to pay cybercriminals.
For the second time in seven months, a large courier company, Pitney Bowes, has become a victim of extortion software. The incident became known on Monday, May 11, after the publication of a statement by the cybercrest group Maze about hacking and encrypting Pitney Bowes networks. Company representatives confirmed the fact of a cyber attack.
Last week, a cyber attack on the largest port in Iran, Bender Abbas, became known. As a result of the incident, several computers were damaged, but the attack itself failed. The incident took place on May 8, and at first the authorities denied everything, but then they had to admit the fact of the cyber attack.
Last week there were no reports of data leaks. So, a database was found on the Web with data from 33,726,800 users of the LiveJournal. The database contains user logins, email addresses, as well as passwords from authors' blogs. The leak occurred in 2014, and until recently, the database was sold only on hacker forums on the darknet. Only after 6 years it was posted for free use.
A database of a more dysfunctional hacker forum and trading platform for selling stolen information WeLeakData.com was also put up for sale on the darknet. Like any other forum database, it contains user logins, email addresses, password hashes, IP addresses from which the forum posts were made, and private messages.
For 70 thousand rubles. personal data can be acquired on the Internet, allegedly owned by 9 million SDEK express transportation customers. The database contains information on the delivery and location of goods, as well as information about customers, including tax identification numbers (TINs). SDEC denies any involvement in the leak, indicating that another resource could have been the source of the data.