Weekly Information Security Incident Review: October 16–22, 2017

In recent times, the most high-profile security incidents can be divided into two main categories: data breaches involving hotel and restaurant customers’ bank cards, and attacks attributed to “Russian hackers.” However, last week’s biggest news was the discovery of serious vulnerabilities in the WPA2 protocol, putting nearly all existing Wi-Fi networks at risk. Here’s a brief overview of the main cybersecurity events from October 16 to 22, 2017.

1. WPA2 Protocol Vulnerabilities Announced
   The beginning of last week was marked by reports of vulnerabilities in the WPA2 protocol, which allow for Key Reinstallation Attacks (KRACK). Using this method, attackers can intercept traffic and gain access to information previously considered securely encrypted, such as credit card numbers, passwords, messages, photos, and more.
2. Adobe Flash Player Attacks
   Two separate reports emerged last week about attacks exploiting Adobe Flash Player. Adobe released a patch for a zero-day vulnerability that had been exploited by several hacker groups. According to Kaspersky Lab, the vulnerability was used by the Middle Eastern group Black Oasis to deliver FinSpy spyware to victims’ computers. The group distributed MS Office documents with embedded ActiveX objects containing the exploit.
   Experts from Proofpoint also reported that the same vulnerability was exploited by Fancy Bear, a group often linked to the Russian government. Their targets included U.S. and European government agencies and private companies in the aerospace sector. Using the Flash Player vulnerability, the hackers spread the DealersChoice malware.
3. Another Fancy Bear Campaign
   According to Cisco Talos, Fancy Bear launched a new phishing campaign related to the upcoming CyCon U.S. cyber warfare conference in Washington, which will feature representatives from NATO and the U.S. defense forces. Unlike previous campaigns, this time the hackers did not use a zero-day vulnerability but instead sent a malicious Microsoft Word document. The attachment contained macros that downloaded and installed the Seduploader malware on targeted systems.
4. Leviathan Group Targets Maritime and Naval Organizations
   Proofpoint experts also reported a malicious campaign by the hacker group Leviathan, which targets companies and organizations involved in shipbuilding and naval operations. Like Fancy Bear, Leviathan uses phishing emails with malicious Microsoft Excel and Word documents.
5. US DHS and FBI Report on Critical Infrastructure Attacks
   The U.S. Department of Homeland Security, together with the FBI, published a report on cyberattacks targeting several nuclear, energy, aviation, and industrial enterprises, as well as water supply systems. The attacks have been ongoing since at least May of this year and are believed to be the work of the Dragonfly hacker group.
6. Microsoft Database Breach Revealed
   Last week, former Microsoft employees disclosed a breach of the company’s corporate database containing information about vulnerabilities in Microsoft products. The incident occurred in 2013, but at the time, company management decided not to reveal the full extent of the attack.