Today: Avon suffers a massive data breach, North Korean hacking group Lazarus is changing techniques with custom ransomware and bank of Ireland gets thrown a 1.6 million euro fine and Garmin is back online.
Avon Server has massive Leak of User Info and Administrative Data
- An unprotected server has exposed more than 7GB of data from the beauty brand including 19 million records, open and available with no authorization required.
- The information on the server included both critical details about individuals and administrative data, such as OAuth tokens and administrative user names.
- Between the two types of data, attackers could conduct extensive identity theft operations and gain access to significant administrative capabilities on the server.
Lazarus Group Shifts Gears with Custom Ransomware
- The North Korea-linked APT group Lazarus, has developed its own ransomware strain to better conduct financial theft Kaspersky report.
- Its creation and distribution of VHD ransomware indicates a shift in strategy.
- VHD ransomware was leveraged in attacks against two organizations in March and April 2020, Kaspersky researchers report.
- The victims, one located in France and another in Asia, are both large companies in different industry verticals
- The malware itself "doesn't stand out of the ordinary," says Ivan Kwiatkowski, senior security researcher with Kaspersky. "During our first encounter with it, we felt like it was definitely recent and lacking in maturity."
- The VHD is written in C++ and crawls connected disks to encrypt files and delete folders called System Volume Information, which are linked to Windows' restore point feature.
- Only found a few samples have been found with little public references. This indicates it's not traded in market forums, which is usually how it's monetized.
- Lazarus Group has always focused on financial gain but has traditionally been involved with banking and fraud targeting the SWIFT financial network.
Source: securelist.com .
Bank of Ireland fined €1.66 million after being tricked by fraudster
- One of Ireland’s largest banks was fined almost €1.7 million after it was discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.
- The attack happened in In September 2014.
- A fraudster impersonated a client of Bank of Ireland’s former subsidiary and tricked the bank into transferring a total of €106,430 (approximately US $125,000) from the client’s personal current account into a UK bank account.
- The fraudster had hacked into the victim’s email account to request the money transfers from the bank.
- The bank released confidential details related to the account to the fraudster without requiring them to answer any security questions.
- Over a year later before Central Bank discovered a reference to the incident in Bank of Ireland’s logs, demanded more details.
- A subsequent investigation by Central Bank found “serious deficiencies” in how Bank of Ireland handled third-party payments:
- According to the Central Bank of Ireland report, the problems related to third-party payments were only fixed 17 months after the incident, and even then only after the Central Bank intervened.
Source: Central Bank
Garmin staggers back online after ransomware attack
- Garmin’s online services are beginning to come back to life after it was hit badly by ransomware last week.
- In a press release which – The company goes out of their way to avoid using ransomware but did say systems were encrypted.
- Rumors circulated the attackers were requesting a ransom of $10 million.
- The company has stated that there is no indication personal user data has been misused.
More on the Twitter hack
- Over 1000 Twitter Staff and Contractors Had Access to Internal Tools that Helped Hackers Hijack Accounts
- The European Bank for Reconstruction and Development (EBRD) is not having the best of mornings, as itself admitted