24 – 28 July 2017
Read Cognosec’s round up of relevant news and happenings within the industry this week.
In the news this week…
400,000 UniCredit bank accounts breached in Italy
According to a Bloomberg news report, Italy’s UniCredit SpA bank has been subject to a data breach affecting 400,000 client accounts. In a statement, the bank revealed that the attack took place in September and October of 2016 and June and July of this year. However, the bank only discovered the breaches this week. Commenting on the attack, Francesco Confuorti, chief executive officer of Advantage Financial SA, a Milan-based investment firm, said: “This is the first attack targeting an Italian bank and confirms that IT systems, particularly in Italy, need massive investment to avoid a loss of confidence. I expect that this case will lead to Italian banks reviewing their IT systems,” he added. It is believed intruders gained unauthorised access to customer data through an outside company employed by the bank.
Brexit negotiations could be disrupted by DDoS attacks
According to reports, security professionals are preparing for an unprecedented number of DDoS attacks in the year ahead and are preparing for attacks which could disrupt Brexit negotiations. Results of a recent study reveal 57 percent of IT security professionals questioned believe Brexit negotiations will be affected by DDoS attacks, with hackers using DDoS to disrupt negotiations, or alternatively, using the attacks as camouflage to steal confidential data. Furthermore, those surveyed believe criminal extortionists are most likely to inflict an attack. In total, 38 percent expect the DDoS attacks to be financially motivated.
IoT devices at risk from devil’s Ivy vulnerability
Millions of Internet of Things devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them, according to news reports this week. The flaw, which affects millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices, may have been victim to a vulnerability named Devil’s Ivy. Researchers have discovered 249 models of the 251 Axis camera are susceptible to the bug discovered in an open source software library. The vulnerability allows hackers to remotely access the video feed of the camera. It is then possible to install a backdoor in the device or block the owner from accessing the camera. Manufacturer Axis has issued a patch to resolve the vulnerability and has alerted its customers.
Swedish government leaks sensitive and personal data of millions
According to reports, Sweden’s government has inadvertently exposed sensitive data of millions of people, together with military secrets and possibly the EU secure intranet. The data, which was leaked in 2015, included names, photos and addresses of citizens including air force pilots, people under witness relocation and members of military secret units. Reports suggest the leak took place after the Swedish Transport Agency (STA) outsourced its database management and other IT services. The STA then uploaded its entire database, including details of every vehicle in the country, to cloud servers. The data was then in error emailed to marketers in text message. Once the issue was known the STA asked the marketing subscribers to delete the list themselves. The Swedish government continues to investigate the scope of the leak.
Newcastle University issues phishing alert
Newcastle University has been targeted by a phishing site fraudulently trading on its name. The university issued a statement revealing that the fake site, ‘Newcastle International University’, is using its brand and accepting credit card payments to secure bogus courses. Furthermore, prospective students are at risk of handing over additional sensitive data such as passport information. According to reports, phishing is a growing problem among universities in the UK, with the brand of establishments being used to dupe staff and students.
New spear-phishing attack targets energy sector
According to Infosecurity magazine, a new type of spear-phishing attack directed at energy companies has the potential to cause massive disruption. This type of cyber-attack is concealed in a document which masquerades as a curriculum vitae accompanying a harmless email. Because the Word document and email are completely clean and contain no malicious code, the attack is undetectable by incoming email monitoring defences. According to the article, this type of spear-phishing attack uses a Word document containing a template reference that when loaded connects to an attacker’s server via Server Message Block (SMB) and downloads a Word template which can include embedded malicious payloads. To date, attacks have been aimed at infrastructure control systems (ICS) of US energy companies. However, the article goes on to warn that the attacks have the potential to spread to vital infrastructure in Britain.