Archive for September 30, 2017

Hackers compromised over 50,000 accounts of ‘Kinopoisk’ website to change rating of movie ‘Crimea’

Hackers compromised over 50,000 user accounts of the Kinopoisk(Movie Search) website - One of the leading online database for movies in Russia.  The main goal of hackers was increasing the rating of a film "Crimea", which was expected on the screens.

The incident first came to the spotlight when some of the users noticed the marks in their profile that they are expecting the premiere of the film "Crimea".  The administration of "Kinopoisk" received complaints from number of users.

After internal investigation, Representatives of the website has removed over 50,000 incorrectly marked marks.  After removing those marks, the number of marks is reduced from 70,000 to 17,000 - The rating of the move is reduced from 60% to 20%.

The technical Support staff of the portal also send notification to all the users of the hacked accounts to change the password.  They also recommended to set a strong password and not to use the same password in any other services.

- Christina

CCleaner malware targets major tech companies

(pc-Google images)
The recent CCleaner malware outbreak where hackers used a popular PC clean-up tool to spread malware was perhaps a more targeted and sophisticated attack than it initially seemed.

Researchers discovered that the malware was specifically trying to gain access to internal networks in at least 20 tech companies, including Google, Samsung, Microsoft, Sony, HTC, Linksys, D-Link, and Cisco itself.

Researchers at Cisco and Avast discovered that the malware was specifically going after a list of internal domains at the time its "command-and-control" server was seized.

Avast wrote, “At the time the server was taken down, the attack was targeting select large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were.”

Cisco reported that the hackers have been successful in installing the malware on more than 700,000 machines and more than 20 machines have received the second-stage payload.

From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung.

While Avast is advising individual users to upgrade to its latest version and to use an anti-virus product, Cisco recommends restoring PCs using backup made before CCleaner was installed.

Iranian hackers target US, Saudi aviation sector

(pc-Google images)
A cyber espionage group suspected of working in Iran for its government is targeting the aviation and energy industries in Saudi Arabia, the US and South Korea.

According to US security firm FireEye, the hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and military sectors since at least 2013 as part of a massive cyber-espionage operation to gather intelligence and steal trade secrets.

The report added, "We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia's military aviation capabilities to enhance Iran's domestic aviation capabilities."

The report by FireEye also said the suspected Iranian hackers left behind a new type of malware that could have been used to destroy the computers it infected, an echo of two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 and 2016 that destroyed systems.

 APT33 targets organisations by sending spear phishing emails with malicious HTML links to infect targets' computers with malware. The malware used by the espionage group includes DROPSHOT (dropper), SHAPESHIFT (wiper) and TURNEDUP (custom backdoor, which is the final payload).

Kazakhstan Banks hit by massive DDoS attack

According to local media, several banks in the country have faced a massive DDoS(Distributed Denial of Service) attacks over the past few days.

The attack traffic came from several countries at the same time.  As a result, bank websites were unavailable for a certain time. One of the affected bank is HomeBank.

"The bank's specialists recorded yesterday a large-scale DDoS attack in the form of false requests simultaneously from a huge number of IP addresses that block the operation of the portal."  The Homebank posted in the Qazkom's Facebook Page.

"To ensure the protection of the site and your accounts, the bank's specialists take the necessary technical measures to neutralize the actions of hackers, therefore we apologize if there will be delays in conducting operations or the site will be temporarily unavailable." The Bank apologized for the inconvenience.

Kaspi bank said that their servers and services are not affected by the attack. The bank said they are actively monitoring and working to prevent such attacks.  Other Banks including HalykBank, People's Bank also claimed that their servers are not affected by this attack.

Just a few days ago, the Committee of National Security of the Republic of Kazakhstan stated that Banks hide the information about hacker attacks to maintain the Bank's reputation. In 2017, six Banks have suffered a phishing attack, and only one of them asked KNB to help.

- Christina

Sonic’s Credit Card Hack Could Affect Millions

Drive-in burger chain in U.S. has confirmed an unusual activity regarding credit cards used as some of its outlets, and it has caused the company's share to tank.

The company said in a statement that their credit card processor had informed them last week about the incident and now they are investigating to  "understand the nature and scope of this issue.”  However, till now they haven't disclosed the details of the hack and its impact.

“We are working to understand the nature and scope of this issue, as we know how important this is to our guests,” the company said in a statement. “We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.

Just after disclosing a breach, the company suffered a worst stock decline in nearly two months.

According to the company's website, Sonic has more than 3,500 restaurants throughout 44 American states.