Breach Trends and Insights-Report September 2020

This report summarises the top breaches between mid-August till 15th September 2020. The report will help you to keep track of the latest hacks and add insights to safeguard your organization by looking at the trends. 

The Most Common Breach Trends Identified Were :

• Hacking – Twitter
• Operational Errors – Social Media Breach (Misconfigured DBs)
• Social Engineering Attacks/ Phishing Attacks – Paytm Mall Breach, Sans Institute
• Malware (Ransomware) – ETERBASE 

Twitter Says Security Flaw may have Exposed Android User’s direct messages 

As per Twitter, a certain vulnerability may have exposed the direct messages of Android users.

“This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this,” the company said in a blog post. 

They also stated that there is no evidence that Android vulnerability has been exploited by hackers. 

Source – Twitter Blog 

Social Media Breach – TikTok, Instagram, and Youtube 

Public-facing profiles of over 235 million users are compromised because of misconfigured online databases. Comparitech teamed up with Bob Diachenko to uncover three identical copies of the data on August 1, left online with no password or other authentication required to access it.

In total, 192 million profiles were scraped from Instagram, 42 million from TikTok, and 4 million from YouTube.

Source – Infosecurity Magazine

Paytm Mall suffers a massive data breach

The eCommerce arm of Paytm has suffered a massive data breach according to US-based research firm Cyble. The hackers have demanded a ransom of 10 ETH amounting to $4000. 

Hacker group John Wick is behind the breach, according to Cyble. According to experts, the group hacks databases of companies under the guise of offering help to fix bugs in their systems. “This (breach) was tipped off to us from an “alleged” ex-cartel member of a credible hacking group “John Wick“, the company said in a blog post.

Source – Economic Times 

Hackers attack European crypto exchange ETERBASE, steals $5.4 Million 

Crypto bases are an absolute favorite for Hackers, because of the amount of money one can steal. This time ETERBASE, a Bratislava, Slovakian based cryptocurrency exchange was attacked and more than $5 Million were stolen. 

Eterbase confirmed the news on its Telegram and Twitter channels on Tuesday, stating that six hot wallets of the exchange containing ether (ETH), ERC-20 tokens, bitcoin (BTC), XRP, Algorand (ALGO), and Tezos (XTZ) were compromised.

 Source – Hackeread.com

Sans Institute Phishing Attack – 28000 Records Lost 

Hundreds of Emails from an internal account were forwarded to an unknown third party. Over 28000 records are compromised. 

The global cybersecurity training and certifications organization said in a statement that the incident came to light on August 6 after a regular review of email configuration identified a “suspicious forwarding rule.”

“This rule was found to have forwarded a number of emails from a specific individual’s e-mail account to an unknown external email address,” it continued.

Source – Infosecurity magazine

Hacker’s Launch Customized Ransomware Attacks

A new ransomware operation has been found, dubbed Darkside. It launches customized attacks and asks for millions of dollars as a payout. A similarity in source code implies these threat actors could be following in the footsteps of GandCrab and REvil ransomware.

Ransomware attacks have been on a boom for several months. New Ransomware like 

VHD, Ensiko, and several others have surfaced in the market, while on the other hand, almost all major law enforcement agencies like Interpol and FBI have been busy alerting users about the sharp increase in ransomware related activities.

Source – Cyware.com

FireCompass Insights On this Month’s Breaches 

We have seen increased cases of phishing attacks in the last month, few steps can be taken to curb the same : 

• Awareness – Bring awareness about the Spoofing emails/ Phishing emails
• Provide Training – which educates employees on why phishing is harmful and on how to detect and report phishing attempts
• Phishing Simulation – which tests whether employees apply the training under real-world conditions and reinforces the lessons when they don’t
• Reporting – Reporting of spoofing emails with a process helps employees to detect and alert Security Team

There has been a 300% increase in Ransomware Attacks in 2020.  27% of Malware incidents happening were Ransomware Attacks (According to Verizon Data Breach report 2020). Ransomware attacks are increased due to COVID lockdown and can be traced to the following reasons : 

• Employees inability to detect phishing attacks
• Increase in Remote working
• Security Teams unaware of open risky ports and unpatched servers