Please fill in the form below to subscribe to our blog

The Week in Breach 08/06/ 18 – 08/10/ 18

August 17, 2018

This week we saw mobile apps making headlines. Tinder was used by a potential spy to unsuccessfully bait military secrets out of an airman and Snapchat’s source code was published on Github. The marketing campaign for the PGA championship has hit a speed bump in the form of a ransomware attack and an Australian hospital specializing in maternal health exposed treatments on the web.

Highlights from The Week in Breach:

  • Samsung Meets Meltdown
  • Snapchat Source Code
  • Think of the Children
  • The PGA is in the Sand Trap

In Other News:

Catfished
A hacker recently tried a new take on an old trick, utilizing the dating app Tinder in a honeypot scheme. The bad actor set out to steal military secrets from the British Royal Air Force, using a compromised RAF airwomen’s dating profile to try and trick a serviceman into revealing the details of the F-35 stealth fighter. The brand-new fighter is the result of a £9 billion project . China and Russia are eager to get their hands on any details they can about the plane. The airwomen realized almost immediately that her account was hacked and informed RAF, who was able to confirm that no information was disclosed, and the airman targeted was not connected to the F-35 program.
https://www.telegraph.co.uk/news/2018/08/05/honeytrap-hacker-attempted-steal-raf-fighter-jet-secrets-using/

Galaxy Meltdown
Samsung phones are not invulnerable to the microchip security flaw known as Meltdown as previously thought. Researchers at an Austrian University uncovered a way to exploit the vulnerability on the popular smartphone. The researchers plan on testing other phones in the future and believe that they will have similar results with other devices. With as much damage as Spectre exploits have done since its discovery, the same kind of exposure in smartphones could wreak havoc.
https://www.irishexaminer.com/breakingnews/business/samsung-galaxy-s7-phones-vulnerable-to-being-hacked-860965.html

Oh Snap!
A hacker got ahold of some of the source code for the popular photo-messaging service Snapchat, publishing the valuable code on Github. The hacker is believed to be from Pakistan and the code has since been taken down by the company. It is likely that the repo contained part of or all of their iOS app but because the code was removed from Github. There is no way to verify the amount of source code published. The validity of the source data is also questionable, but given Snapchats all-caps DMCA request, (seen below) it seems like there’s a good chance the code was the real deal.

“SNAPCHAT SOURCE CODE. IT WAS LEAKED AND A USER HAS PUT IT IN THIS GITHUB REPO. THERE IS NO URL TO POINT TO BECAUSE SNAP INC. DOESN’T PUBLISH IT PUBLICLY.”
https://thenextweb.com/security/2018/08/07/hacker-swipes-snapchats-source-code-publishes-it-on-github/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
IT Provider Network – The Podcast for Growing IT Service
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – The Professional Golfers’ Association (PGA)

Exploit: Ransomware.
Risk to Small Business: High: Ransomware is highly disruptive to any organization.
Individual Risk: High: Loss of data and possibly exfiltration of personal information can result from a ransomware attack.
The Professional Golfers Association: A golfing association that hosts the PGA Championship.
Date Occurred/Discovered: August 7, 2018
Date Disclosed: August 9, 2018
Data Compromised:

  • Creative material for the PGA Championship
    • Promotional banners
    • Logos
    • Digital signage
  • Creative material for the Ryder’s Cup in France
    • Abstracts of logos

Customers Impacted: With the PGA championship around the corner, this breach could affect golf fans all over the country.

https://cyware.com/news/pga-of-america-hit-by-ransomware-attack-days-before-championship-e16f53a7

Mexico – Hova Health
Exploit: Exposed the MongoDB database.
Risk to Small Business: High: Carelessness with customers’ sensitive data can cause irreparable damage to an organizations image.
Individual Risk: High: The information exposed on the internet could be used in identity theft.
Hova Health: Technology company that services the Mexican health care sector.
Date Occurred/Discovered: August 2018
Date Disclosed: August 7, 2018
Data Compromised:

  • Name
  • Gender
  • Date of birth
  • Insurance information
  • Disability status
  • Home address

Customers Impacted: 2 million individuals.
https://www.bleepingcomputer.com/news/security/health-care-data-of-2-million-people-in-mexico-exposed-online/

Australia – The Women’s and Children’s Hospital
Exploit: Negligence.
Risk to Small Business: High: The sensitive nature of the data exposed as well as the scope of the breach will cost the organization the trust of its customers and could possibly result in hefty fines.
Individual Risk: High: The data exposed by the organization could be extremely useful for bad actors to impersonate them, in addition to the high value of personal medical information on the Dark Web.
The Women’s and Children’s Hospital: An Adelaide based health care facility that provides treatment for women, babies and children.
Date Occurred/Discovered: Occurred over the last 13 years
Date Disclosed: August 6, 2018
Data Compromised:  

  • Names
  • Date of birth
  • Test results

Customers Impacted: 7,200 individuals.
https://cyware.com/news/7200-womens-and-childrens-hospital-patient-records-test-results-exposed-online-for-13-years-1d384ef4

United States – Comcast
Exploit: Web vulnerability.
Risk to Small Business: High: The loss of customer trust and the expense of providing identity monitoring for the affected individuals could damage any organization.
Individual Risk: High: Key data needed for identity theft was exposed.
Comcast: One of the United States largest cable providers.
Date Occurred/Discovered: August 2018
Date Disclosed: August 8, 2018
Data Compromised:

  • Social Security Numbers
  • Partial home addresses

Customers Impacted: 26.5 million individuals.
https://www.buzzfeednews.com/article/nicolenguyen/a-comcast-security-flaw-exposed-millions-of-customers


 A note for your customers:
Go Phish.
Phishing emails have evolved far past the misspelled words and suspicious email addresses that most people use to help judge the validity of an email. The phishing email of today can look like an exact copy of the communications coming from the imitated company. With the constant PII saturation of dark web, personal details can be added to the phishing email to make it look even more convincing. The malicious emails will continue to get better and more refined, so how do you counter them? The best way to keep your organization safe is by training employees about social engineering attacks, encouraging employees to be skeptical of suspicious emails and to report them, and utilizing technologies such as an antivirus and simulated phishing awareness training and using constant credential monitoring with Dark Web ID™. A properly executed phishing email could result in a business’s operations suspended due to ransomware, the theft of IP or the exposure of customer data… so why wouldn’t any organization proactively get prepared?


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!