Please fill in the form below to subscribe to our blog

The Week in Breach: 09/02/18 – 09/08/18

September 12, 2018

It’s been one bad week for “Spyware” app developers as their customers’ data is leaked for all to see!  It’s not just misconfigured AWS buckets you have to worry about, it’s your misconfigured Tor site that’s not so secure.

Highlights from The Week in Breach:

Tor Vulnerability?
Freedom of Information Act Fail.
iSpy, uSpy… mSpy.

In Other News:

The Mask Comes Off 
You may be familiar with misconfigured databases, a common reason for a breach. When setting up a database, the Admin may forget to put a password in place or just create a simple one like 1234. But what you may not have heard of before is a Tor (The Onion Router) site that is misconfigured. That’s right, just like any other website, Tor sites that are misconfigured can expose the hosted public IP address. Because a Tor browser is used for accessing the Dark Web, a part of the web that thrives on anonymity, the exposure of one’s IP address greatly reduces this coveted privacy.
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/

Three is a Crowd
A pair of Russian hackers is causing some serious damage to former Soviet Republic countries’ financial institutions. The group, known as Silence, has stolen $800,000 in just the thefts reported. It is highly likely the group is responsible for other attacks, but because of how new the duo is, and the irregular frequency of their activity, it’s difficult to discern other hacks they may have perpetrated. The organization has access to unique, advanced malware, and demonstrates great knowledge about ATMs and the inner workings of banks. This leads researchers to believe that at least one of the two is an insider or only recently left the security industry.
https://www.darkreading.com/attacks-breaches/silence-group-quietly-emerges-as-new-threat-to-banks/d/d-id/1332742

Podcasts:

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – United States Government (Freedom of Information Act Web Portal)

Exploit: Exposed database.
Risk to Small Business: HighAn exposure such as this can taint an organization’s reputation for an extended period.
Individual Risk: Extreme: The nature of the data exposed leaves those affected vulnerable to identity theft.
Freedom of Information Act Web Portal: foiaonline.gov is the website the United States government uses to process inquiries related to the Freedom of Information Act, an act that allows Americans to request information that the state has associated with them.
Date Occurred/Discovered: August 2018
Date Disclosed: September 4, 2018
Data Compromised:

  • Social Security Numbers
  • Date of birth
  • Immigrant identification number
  • Addresses
  • Contact details
  • Description of crime perpetrated against victim
  • Victims of identity theft had their SSN exposed

Customers Impacted: Unclear, dozens to hundreds.
https://edition.cnn.com/2018/09/03/politics/foia-revealed-social-security-numbers/index.html

United States – Family Orbit
Exploit: Weak password on database.
Risk to Small Business: HighA company that sells spyware to parents, exposed pictures of their kids on the internet, which will likely have catastrophic effects on their business.
Individual Risk: Moderate: The data by itself is not harmful but is pretty creepy. However, in use with other data accessible through the Dark Web, advanced spear phishing campaigns could be launched using the exposed data.
Family Orbit: A spyware application for parents to monitor their children.
Date Occurred/Discovered: August 2018
Date Disclosed: September 4, 2018
Data Compromised:

  • Pictures
  • Videos
  • Screenshots of developer desktops
    • Passwords
    • ‘other secrets’

Customers Impacted: Hundreds, 281 gigabytes of pictures and videos were exposed.
https://motherboard.vice.com/en_us/article/ywk8gy/spyware-family-orbit-children-photos-data-breach

https://securityaffairs.co/wordpress/75888/data-breach/family-orbit-hacked.html

United Kingdom – mSpy
Exploit: Exposed database.
Risk to Small Business: High: While a breach of this size with such sensitive information would normally cripple a company, this is actually mSpy’s sophomore breach, with the first happening in 2015 when similar information was leaked onto the Dark Web.
Individual Risk: High: The data that was exposed was both financial and very personal, and  could be used for highly- targeted phishing attacks.
mSpy: A company that sells a software as a service product which spies on mobile devices of the customer’s kids or partner.
Date Occurred/Discovered: August 30, 2018
Date Disclosed: September 4, 2018
Data Compromised:

  • Passwords
  • Call logs
  • Text messages
  • Contacts
  • Notes
  • Location data
  • Names
  • Email addresses
  • Mailing addresses
  • Amount paid
  • Apple iCloud username
  • Whatsapp messages
  • Facebook messages

Customers Impacted: Millions.
https://krebsonsecurity.com/2018/09/for-2nd-time-in-3-years-mobile-spyware-maker-mspy-leaks-millions-of-sensitive-records/

A note for your customers:
Malwhat?
The Fortinet Q2 Threat Landscape Report is out, and with it, a load of new statistics that really show how at-risk most businesses are, even if they don’t realize it. Here are some of the most alarming malware statistics: 

  • There have been 23,945 unique variants of malware recorded this quarter.
  • On average there are 13 unique daily detections per firm.
  • There were 6 variants of malware that spread to more than 10% of firms.

Malware development is not slowing down, but it is changing. ‘Malware as a service’ is a popular model for the developers of the malicious programs. New types of malware such as ‘cryptojackers’ that mine cryptocurrency on the victim’s computer, or ransomware that extorts businesses, have become commonplace. The threat landscape is always changing, which is why it is important for every organization of every shape and size to have robust cyber security.
https://www.fortinet.com/blog/threat-research/threat-landscape-report–virtually-no-firm-is-immune-from-severe.html


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!