The Month of August in 5 Articles
Each Month Terbium Labs’ Research Team curates news and information from the corners of the internet to summarize the month of August in 5 articles, just for you! Research, happenings, and more related to infosecurity, cybercrime, payment card fraud, automation, and other popular topics are distilled to provide insight each month here on our blog.
MoviePass customers have had their payment card information exposed – along with postal addresses and other information that could be used to make fraudulent purchases.
WHY DO I CARE?
An exposed database containing 161 million records was found on a MoviePass subdomain after months of exposure by two separate researchers. At least 58,000 of those records contained payment card information for users – both MoviePass and personal debit and credit cards. The researchers notified MoviePass but nothing was done and the database remained accessible from May through late-August. MoviePass did eventually release a statement – after articles detailing the incident and exposed information were published.
MoviePass ignored security best practices and did not encrypt their data, had no idea it was publicly accessible, and refused to remediate for months after they were notified of the breach. It will be interesting to watch MoviePass in the coming months to see what fines, lawsuits, and further customer attrition they may experience.
MoviePass is now a case study in bad security practices and inadequate communication post-incident. One of the largest data exposures in history, their remediation effort is playing out like a bad movie.
Paige A. Thompson, the hacker behind the Capital One data breach was suspected of exfiltrating data from other entities, now it’s confirmed but the Government has not notified or identified all impacted organizations.
WHY DO I CARE?
At least 30 companies in the US and abroad have had information exfiltrated from their systems. Manufacturers, universities, state agencies, and banks are among the victims and reports soon after the Capital One breach named Unicredit, Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation. Though Thompson has stated to authorities that she did not sell the data, screenshots from Slack show her decoding file names and the Capital One data was found on GitHub. Either way, customer information could have been uploaded, shared, and exploited from these companies and they may have no way of knowing. Forty lawsuits have already been filed in the U.S. against Capital One and many others are sure to follow from a myriad of organizations.
Investigators also found evidence that Thompson was cryptojacking, using the cloud computing power from her victims to mine cryptocurrency.
We have no idea which companies or how many records were impacted and stolen by Thompson or if she sold anything she stole. This article updates previous reports on the Capital One data breach which impacted 106 million people in the U.S. and Canada.
The European Central Bank has been hacked and personal details of nearly 500 newsletter subscribers may have been stolen.
WHY DO I CARE?
Hackers installed malware onto a server hosting the Banks’ Integrated Reporting Dictionary (BIRD) to facilitate phishing activities. The ECB shut down the BIRD Website after discovering the breach, is conducting on-site inspections of IT-risk related topics, and contacting those whose data may have been exfiltrated. Neither ECB internal systems nor market-sensitive data were compromised but the malware could potentially impact other banks throughout Europe as the BIRD website provides assistance and instruction on statistical and supervisory reports.
To add insult to injury, the ECB has made repeated calls for more investment in information security and to address the growing number of cyber threats targeting financial services prior to the breach.
This article takes a look at the recent ECB security breach and their appropriate reaction.
AT&T employees have been taking bribes and installing malware since 2012.
WHY DO I CARE?
Insider threats! Insider threats! The DOJ has charged two men with paying more than $1 million in bribes to several AT&T employees over a seven-year period. The employees unlocked two million smartphones and installed malware at the company’s Bothel call center in 2013. The malware collected data on AT&T infrastructure and a second malware strain leveraged employee credentials to perform automated actions for the perpetrators.
The DOJ stepped in after AT&T sued three employees for installing malware and had one of the men, Muhammad Fahd extradited from Hong Kong on August 2nd and faces charges that could see him jailed for up to 20 years.
AT&T has lost an estimated $5 million per year from the actions of employees hired by a cybercriminal.
A Global First, French cybergendarmes (read: cyber soldiers) neutralize a network of more than 850,000 virus-infected machines.
WHY DO I CARE?
France ranks 6th in the world for web hosting countries. As a result, a pirate server infected with and progenating malware was able to take control of infected “Zombie Machines” and use them to create the Mono cryptocurrency, install ransomware, and steal hospital data – on 850,000 machines globally. The cybergendarmes were able to confirm the location of the server, neutralize it, and disinfect hundreds of machines around the planet in 6 months.
“People may not realize it, but 850,000 infected computers are huge firepower!” “It makes it possible to drop all (civilian) sites on the planet if the authors want it. So it was very dangerous in terms of the potential for attacks: you really had to stop the offense. The Retadup virus is known to have attacked hospitals in Israel, stole data from Israeli patients, and even made a lot of cryptocurrency through to 850,000 computers.” – Jean-Dominique Nollet, head of the Center for combating digital crime (C3N) in Cergy Pontoise (Val d’Oise).
This article is an in-depth reporting of the history-making activity of France’s cyber soldiers, le cybergendarmes.