Weekly Information Security Incident Review: November 20–26, 2017

Here is a brief overview of the main events in the world of information security for the period from November 20 to November 26, 2017.

1. Uber Data Breach
   The most high-profile event of the past week was the news of a data breach at Uber that affected both customers and drivers. Hackers obtained the names and email addresses of 50 million passengers and the personal data of 7 million drivers, including 600,000 U.S. driver’s license numbers. According to Uber, the hackers did not access Social Security numbers, birth dates, trip histories, or credit card information. Although the incident occurred back in October 2016, the company concealed it from the public and chose to pay the hackers $100,000 to prevent the stolen information from being published.
2. Intel Management Engine Vulnerabilities
   Another major event was the announcement of a series of vulnerabilities in the Management Engine (ME) subsystem and related components Intel Trusted Execution Engine (SPS) and Server Platform Service (TXE). These vulnerabilities allow attackers to upload and execute arbitrary code, cause denial of service, and extract information processed by the processor. The issues affect more than 900 models of personal computers and laptops from various manufacturers. As of now, patches are only available for certain Lenovo and HPE device models.
3. Trend Micro Reveals Cobalt Group Activities
   Last week, Trend Micro specialists disclosed some details about the activities of the hacker group Cobalt, known for its attacks on banks. While the group previously targeted bank customers, their focus has now shifted to financial institutions themselves. Unlike other Russian or Russian-speaking hacker groups, which typically avoid the post-Soviet region, Cobalt appears to use this area as a testing ground for new techniques and malware.
4. BBC Investigation into Fancy Bear
   BBC journalists published the results of an investigation into the activities of the hacker group Fancy Bear. It was revealed that, over three years, the hackers rented servers from the British company Crookservers, which were used for cyberattacks on the German parliament’s computer network, intercepting traffic from the Nigerian government’s website, and hacking Apple devices.
5. Australian Department of Social Services Data Leak
   At the end of last week, it was reported that data belonging to 8,500 former and current employees of the Australian Department of Social Services had been leaked. Compromised information included credit card data, employee names, logins, work phone numbers, work email addresses, system passwords, and more. According to the department, the leak was solely the fault of a contractor and was not related to any failures in the ministry’s systems.
6. Scarab Ransomware Attacks in Ukraine
   On November 24, Ukraine’s Cyber Police warned of attacks using the new Scarab ransomware, which was distributed via one of the largest botnets, Necurs. The emails were disguised as archives containing scanned images. After encrypting files on the victim’s system, Scarab displays a notification without specifying the ransom amount for data recovery. However, the attackers warn that the ransom will increase until the victim contacts them via the provided email address or through BitMessage.