Cyber Security News Update 07 SEPTEMBER 2018
A new cybercrime organization has been found, named Silence, by the Moscow based cybersecurity organization Group-IB. Disturbingly, Silence appears to have at least one member who was previously part of a cybersecurity organization. Group-IB has spent the last three years watching and tracking Silence launch a series of attacks against financial institutions in Eastern Europe and Russia. Silence had managed to evade conventional detection by utilizing pre-existing tools and apps, especially ones already found on potential victims devices, which allowed them to minimize their visibility.
Silence did create a few tools of their own, namely “Cleaner” a device that removed logs and traces of Silence’s attacks from the affected devices. According to Group-IB, Silence got its start by targeting a Russian bank, and after an unsuccessful hacking attempt (which only failed because of an improperly filled out form) they got malware into the bank’s devices that allowed Silence to see what the bank’s computers were seeing. Group-IB was brought into handle the attack, and while it was stopped, Silence got away cleanly and successfully stole money from a different bank in 2017. Silence has changed its targets from wire transfers to ATM’s and seems to be honing their craft.
British Airways reported that it had a hack in August that revealed the data of nearly 400,000 customers; BA notified the policy, the regulatory authorities, and patched their website. In the wake of GDPR going into effect, it’s important for companies to be on the ball with their reporting and the measures they’re taking to stop the problem from happening again. BA has stated that the financial data of the customers was stolen, along with the details of the flights purchased with that financial data, but that information like passport data was not taken. British Airways is warning their customers to check-in with their financial institutions and to practice good cyber hygiene; this involves regularly changing passwords and ensuring that there is no unusual activity on your accounts.
Source: Hackers steal data on 380,000 British Airways customers
Improperly configured Tor servers have been revealing the identity of their users, which is the opposite of their intended function. Tor servers are normally used to view the internet, particularly the Dark Web, with total anonymity. The researcher who found this misconfiguration informed the public, which may make it harder for law enforcement to track down Tor servers. Tor users have also seen this revelation as an attack on Tor, which is interesting since it’s an informative explanation of how your supposedly secret forum may not be so secret.
Source: Misconfigured Tor servers revealing owners