New Database Botnet Leveraged for Bitcoin Mining*:
- An organized group of cybercriminals is currently targeting database services in a new botnet build-up that's being leveraged for cryptocurrency mining.
- The so-called Hex-Men attacks have been slowly evolving since March and remain ongoing.
- It appears the attackers are based out of China, with a heavy emphasis on Chinese victims but also plenty of other targets located in Thailand, the US, Japan, and other targets globally.
- All three variants are difficult to detect as every machine attacking database servers only targets a few IPs at a time.
- The truly unique part of this attack is the sensitivity of the machines being targeted – these are production Web servers, MS SQL Servers, Elastic Search management nodes, MySQL services, and so on.
- Every one of the compromised servers is holding real data, and tomorrow the attackers could decide to turn it into a ransomware attack or steal and publish the data; for now, they’re using the servers for cryptocurrency mining.
- The attack can be particularly problematic to block in a complex enterprise environment due to the low-level nature of the attack pattern and the difficulty large organizations have in controlling which databases are Internet-facing.
*Source: Dark Reading, December 19, 2017
Cyber Criminals Steal Voter Database of the State of California*:
- Voter registration data for over 19.2 million California residents that was residing on an unsecured MongoDB database has been deleted and held for ransom by attackers.
- In January 2017 roughly a quarter of MongoDB databases left open to the internet were hit by ransomware, and again in September 2017 three groups of hackers wiped out an estimated 26,000 MongoDB databases.
- It is unclear who exactly compiled the database in question or the ownership, but researchers believe that this could have been a political action committee or a specific campaign based on the unofficial title of the repository, but this is only a suspicion.
- State voter registration databases store detailed information on each registered voter in the state, as required by federal law.
- The criminals used ransomware to wipe out the voter data and likely backed it up on a server making it even more risky.
- Once in the hands of cyber criminals this voter data could end up for sale on the “Dark Web”.
- The database appears to have been created in May 2017.
- The discovery of this leak highlights how a simple human error of failing to enact the basic security measures can result in a serious risk to stored data.
*Source: MacKeeper Security, December 15, 2017
Data is Only Half the GDPR Story, Watch Your Software Like a Hawk*:
- Apprehension around the General Data Protection Regulation (GDPR) has been focused on the best practice for handling data, but companies cannot afford to overlook how personal data is processed by software applications.
- As the most comprehensive data privacy standard to date, its introduction in May 2018 will present significant challenges for every organisation processing EU citizens’ personal data.
- The perils of non-compliance are severe, with fines, loss of customer trust, and a sizeable dent in corporate reputation all posing very tangible business risks.
- Given the regulation’s legal obligations, this will require those businesses in possession of personal data to be more honest, open and transparent about their protocols than ever before.
- Unless organisations can identify how they’re using and transporting it via applications, they will continue to face an uphill struggle to unearth concrete risks.
- To mitigate any threats, companies must place increased emphasis on scrutinising the applications that process data, and resolve the pain points.
- The fundamental purpose of many applications is to use, read, create and process information.
- To date, organizations haven’t had to map out the full and constant flow of all data throughout the business, which is why some businesses are finding it so problematic to become GDPR compliant in a short period of time.
- A lack of knowledge about the transfer of data, and a lack of oversight of the risks have collectively meant businesses remain exposed and vulnerable to evolving digital threats.
- To begin, companies must get a full picture of their entire IT infrastructure, and inventory all applications in their estates.
- As the May 2018 deadline looms large, companies must ensure that careful management of software underpins any wider approach to risk, especially when dealing with vast quantities of data.
*Source: CITY A.M., December 21, 2017
Massive Leak Exposes Data on 123 Million US Households*:
- The cloud-based data repository from marketing analytics company Alteryx exposed a wide range of personal details about virtually every American household.
- The leak put consumers at risk for a range of nefarious activities, from spamming to identity theft.
- Though no names were exposed, the data set included 248 different data fields covering a wide variety of specific personal information, including address, age, gender, education, occupation and marital status.
- Other fields included mortgage and financial information, phone numbers and the number of children in the household.
- A cascade of recent database breaches has left consumers on edge about the security of their personal information.
- The Alteryx database was discovered in a misconfigured Amazon Web Services S3 cloud storage “bucket” allowing access to anyone with an easily obtainable account.
- The repository contained massive data sets belonging to Alteryx partner Experian, a consumer credit reporting agency that competes with Equifax, and already publicly available data from the US Census Bureau.
- The company stated that the information in the file does not pose a risk of identity theft to any consumers because it held marketing data and de-identified information.
- The data exposed in this bucket would be invaluable for unscrupulous marketers, spammers and identity thieves, for whom this data would be largely reliable and, more importantly, varied.
*Source: CNET, December 19, 2017
Almost All Apps Used by Emergency Professionals Have Vulnerabilities*:
- The Department of Homeland Security found that almost all apps used by emergency professionals have vulnerabilities.
- Of the 33 popular first responder apps tested, all but one was found to raise potential security and privacy concerns, and more than half had “critical flaws.”
- The program sought to determine the degree to which the selected public-safety apps are vulnerable to cyber-attacks malware, ransomware and spyware or had coding vulnerabilities that could compromise security or expose personal data.
- The pilot-testing project discovered potential security and privacy concerns such as access to the device camera, contacts or Short Message Service messages in 32 of 33 apps tested.
- Eighteen apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.
- 14 of the apps have been fixed.
- Remediation steps included removing old or unused code, enabling built-in security provided by the operating system, and ensuring the functionality requested is necessary for operations.
*Source: 9 to 5 Google, December 19, 2017
Royal Mail Research Reveals UK Firms Lack Data Quality for GDPR*:
- Almost one-third of UK organisations lack the data quality enforcement processes required for the EU’s GDPR according to research from Royal Mail Data Services.
- The company’s fourth annual survey of UK businesses’ data practices has revealed that nearly three out of 10 organisations are concerned about not being compliant with the GDPR – a 242% increase from the 2016 survey.
- More than half said they were unsure whether their third-party data sources would comply with the permissioning guidelines of the new regulation.
- As a consequence, organisations will probably turn less to third parties and instead focus on making better use of data that they already have in house.
- One in five respondents to the survey said poor-quality data (22.9%) is holding them back, or that their organisational cultures do not value the importance of maintaining good-quality data (20.6%).
- It still comes as a surprise that a large proportion of organizations today have no formal processes or solutions in place to either cleanse or enhance customer data on a continuous basis.
*Source: Computer Weekly, December 21, 2017