At a glance.
- Conti ransomware affects a Louisiana court.
- Market research or espionage: a convergence?
- Magecart outbreak hits Magento.
- Data exposure at Staples.
Ransomware’s day in court.
Infosecurity Magazine says the Fourth Judicial District Court of Louisiana has apparently been hit by Conti ransomware, a possible descendant of Ryuk ransomware, and attackers have posted an alleged sampling of pilfered documents online. The court adjudicates juvenile, civil, and criminal cases. Conti and Ryuk ransomware notes are businesslike, reading, “Gentlemen!...You should thank the Lord for being hacked by serious people not some stupid schoolboys or dangerous punks…Please don’t forget to write the name of your company in the subject of your e-mail,” per Security Boulevard.
"Cambridge Analytica on steroids?”
Since 2017, Chinese company Shenzhen Zhenhua Data Technology has been gathering both open-source and confidential intelligence on influential foreign citizens in a cache called “Overseas Key Information Database” marketed to military, governmental, and commercial clients, The Washington Post and Australia’s ABC News report. Chief executive and former IBM employee Wang Xuefeng has expressed interest in “psychological warfare,” and the company has filed for patents related to social media manipulation. Over 50 thousand Americans are featured in the database, with information about family members, political affiliations, military service, psychological profiles, criminal records, and financial records scraped from Twitter, Facebook, Instagram, TikTok, LinkedIn, Factiva, LexisNexis, news sites, and possible additional dark web sources. (Facebook has sent a cease-and-desist letter.) The company claims to have twenty “collection nodes” around the globe, including one in Kansas. While there is no evidence Beijing has used the database, with one US cybersecurity contractor describing it as a rough product and calling the company’s aims “totally aspirational,” the activity spotlights concerns about the risks posed by big data. Beijing announced big data as a component of its industrial growth strategy in 2015; a House Intelligence Committee member told the Post that the US also leverages open-source data for espionage.
Moscow Magecart mauls Magento merchants.
E-commerce security company Sansec discovered that nearly two-thousand online retailers running end-of-life e-commerce platform Magento 1 software fell victim to a Magecart attack this past weekend “in the largest documented campaign to date.” Tens of thousands of customers may have had their payment information skimmed and exported to a Moscow-based site. Meanwhile, 95 thousand stores still use Magento 1.
We received some comments from industry experts about the Magento incident. Paul Bischoff, privacy advocate with Comparitech, wrote, “Hackers can easily scan for outdated versions of Magento and use automated bots to access them, upload shell scripts, and install the card skimming malware. Card skimming attacks are undetectable by end users, so the responsibility falls on website operators to update their systems to the latest version of Magento. At this point, any website using Magento 1.x should be assumed compromised.”
And Pixel Privacy consumer privacy expert Chris Hauk commented, “These site skimming attacks will continue to grow in frequency as long as the bad actors of the world can continue to profit from them. This underscores the need for online merchants to ensure their online stores are running under the latest version of available software, which is likely hardened more against this type of attacks than outdated, obsolete software.”
Data breach clips Staples.
BleepingComputer reports that Staples has notified affected customers of an unspecified data breach potentially impacting their “name, address, email, phone number, last four digits of [their] payment card, and information about the cost, delivery, and product ordered.” Staples CEO Sandy Douglas is remorseful and regretful; customers are warned to watch for identity theft and fraud.
We heard from experts at two security companies about the Staples breach. Javvad Malik, Security Awareness Advocate at KnowBe4, sees the episode as a reminder that sensitive information can be found in just about every enterprise:
"All organisations, regardless of the channels they operate under, and the industry they're in, have sensitive information that needs to be protected," he wrote. "Whether that be customer data, partner data, employee data, or intellectual property. All of it needs to be secured with a layered strategy that can help protect against attacks, as well as be able to quickly identify and respond to an attack when it does occur. These security controls need to span across the technical, procedural, and human level to be effective."
Cerberus Sentinel's Vice President of Solutions Architecture, Chris Clements, thinks, on the strength of the apparently small number of people whose data were affected, that the issue may have been a data exposure as opposed, perhaps, to a data breach:
"The communication from Staples does not provide details on how the data was compromised, but the apparent limited size of affected users makes it easy to speculate that the issue may have been a misconfiguration by Staples such as improperly storing database info in a public cloud storage bucket, or through an unsecured database system itself," Clements speculated. "There has been an ongoing trend to assign developers rather than system administrators responsibility for backend infrastructure, and while there are powerful “infrastructure as code” automation tools available, they are not a replacement for understanding the underlying systems and associated security best practices. For organizations to ensure they and their customers are as secure as possible, they must adopt a culture of security that includes understanding and adhering to security best practices, as well as ongoing security testing and monitoring to identify any gaps or items that may fall through the cracks of the normal operating process."