Tag: Hack

1
Riding in cars with hackers
2
Sorry Sir, Our Data Breach Response Plan is Out of Stock
3
Bypassing the Castle Walls: Tactical Exploitation of America’s Vulnerable Grid
4
Biggest data leak in German history
5
Former MasterChef contestant falls victim to online fraud attack
6
Research reports say risks to smartphone security aren’t phoney
7
Not so happy families: Online genealogy website suffers data breach
8
Study reveals massive cost of cybercrime for Asia Pacific businesses
9
Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack
10
Open for business, ransomware authors and perpetrators cashing in on emerging dark web marketplace economy

Riding in cars with hackers

By Cameron Abbott, Michelle Aggromito and Alyssia Totham

Ransom-based hacking techniques have primarily been limited to the intangible. We live in a world where unauthorised access to email accounts, bank accounts, and computer systems that may otherwise be private is no longer uncommon.

In some situations, hackers demand a lump sum in return for reinstating control of the accounts and systems to its owners and managers, and otherwise refusing to pay this ransom can likely leave our information and data at the mercy of hackers.

Read More

Sorry Sir, Our Data Breach Response Plan is Out of Stock

By Cameron Abbott, Michelle Aggromito and Max Evans

We are living in an era of online shopping, where consumers are more willing to hand over personal information for goods and services, and are less suspicious of whom they are divulging their personal information to. As a result, online businesses are in possession of a vast amount of their customers’ personal information. The recent hack of Sneaker Platform Stock-X reminds us yet again of the importance of businesses maintaining comprehensive and up to date security processes, and in particular, the necessity of having an adequate data breach response plan in place.

Stock-X, a platform for the re-sale of sneakers and apparel, was recently hacked, exposing over six million users’ personal data, including their real name, username, password, shoe size and trading currency. According to a Report by TechCrunch, Stock-X’s initial response was to reset customer passwords, stating that it was due to system updates. A spokesperson for Stock-X later disclosed to TechCruch that Stock-X was alerted to “suspicious activity”. TechCrunch reports; however, an unnamed data breach seller had contacted it claiming more than 6.8 million records were stolen from Stock-X in May, and that the records had been put up for sale and sold on the dark web for $300.

Read More

Bypassing the Castle Walls: Tactical Exploitation of America’s Vulnerable Grid

By Cameron Abbott, Max Evans and Wendy Mansell

A recent Wall Street Journal Report has detailed how America’s utility grid was hacked. The Department of Homeland Security has named Russia as responsible for the overwhelmingly complex and threatening campaign.

The scheme targeted energy companies affiliated with the government and was carried out in a sophisticated manner by initially focusing on small firms within the utility supply chain.

Early techniques involved planting malware on the websites of online publications likely to be read by employees of companies within the energy sector. The hackers would lace the online publications with malicious content allowing them to steal usernames, passwords and infiltrate company systems.

A number of small firms fell victim to these tactics giving the hackers broad access to company networks. Fake emails were subsequently sent out on behalf of the affected firms containing forged and malicious Dropbox links which captured usernames, passwords and other credentials. Further they used fake personas to send emails and pretended to be job seekers, by sending resumes containing tainted attachments to energy companies.

The hackers continued this technique of sending malware emails on behalf of firms until they reached the top of the supply chain. It was reported that on at least 8 occasions the hackers infiltrated companies who had access to the industrial control systems that run the grid.

An alarming aspect was the number of affected companies that remained oblivious of the penetration. The report is a useful description of the variety of methods used to tempt employees to expose their credentials. All too easy to do. These same techniques are regularly used by more pedestrian hackers. Two factor authentication and regular password resets remain measures to limit these threats but so many organisations do not use them.

We repeatedly counsel that employees are the last line of defence for your organisation. Circulating the Report may make an interesting read to remind them of the variety of ways they can be seduced to click an incorrect link.

Biggest data leak in German history

By Rob Pulham, Warwick Anderson and Wendy Mansell

A 20 year old German man orchestrated a serious and sophisticated data breach which affected more than 1000 people.

The attack was focused on German and European politicians at all levels including German Chancellor Angela Merkel, President Frank Walter Steinmeier and hundreds of public figures and celebrities.

The 20 year old hacker took to Twitter to drip feed the information depicted as an advent calendar by releasing new data each day in December. Information exposed included contact details, credit card and financial information, chat records, photographs and other personal information.

Reuters’ reported that the hacker is a student who lives at home with his parents, has no formal computer education and was motivated by irritation over statements made by politicians and public figures.

The widespread nature of this attack has resulted in a number of government officials calling for tighter laws.

It is clear that no-one is safe from a data breach – even those elected representatives who enact the laws designed to protect against them.

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Not so happy families: Online genealogy website suffers data breach

By Cameron Abbott, Rob Pulham and Sarah Goegan

Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.

MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.

Read More

Study reveals massive cost of cybercrime for Asia Pacific businesses

By Cameron Abbott and Sarah Goegan

We all know that cybersecurity incidents can cost your organisation a lot of money, but exactly how much? A report by Frost and Sullivan has found that losses from cyberattacks in the Asia Pacific region (APAC) could reach a staggering US$1.75 trillion, nearly 7 per cent of the region’s gross domestic product in 2017. As covered in our blog last week, the cost of cyber scams alone in Australia totalled $340 million AUD last year.

Read More

Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack

By Cameron Abbott and Harry Crawford

The NSW Government’s vulnerability to hacking has been exposed in a report by state’s auditor-general, in which it was revealed that one government agency took 49 days to shut down a hack.

This hack started with an email account of the unnamed agency being compromised and used to send out “phishing” emails to get the credentials of finance staff members. By day 20, 300 staff had clicked on the bogus link in the phishing email. 200 email accounts ended up being under the control of the hackers.

Read More

Open for business, ransomware authors and perpetrators cashing in on emerging dark web marketplace economy

By Cameron Abbott and Giles Whittaker

The emergence of a booming dark web marketplace has facilitated the skyrocketing ransomware sales from US$249,287.05 in 2016 to US$6,237,248.90 as of September 2017, representing a growth rate of 2,502%. This rapid growth is in part due to not only the effectiveness of ransomware as a criminal enterprise but the increased availability to partake in such activities. According to a recent report by Carbon Black, The Ransomware Economy: How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rates of More than 2,500% Per Year, there are 45,000 ransomware product lines at an average price of US$10.50 and includes various do-it yourself (DIY) kits.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.