Cybersecurity Incidents Weekly Review

The past week was marked by several significant events in the field of cybersecurity. The most notable incidents included renewed accusations against the infamous “Russian hackers,” the discovery of a cryptocurrency mining campaign using Tesla’s computing resources, and the theft of approximately $2 million from India’s City Union Bank.

1. Hacking Attack on the 2018 Winter Olympics

The situation surrounding the hacking attack on computers at the 2018 Winter Olympics in Pyeongchang, South Korea, continues to escalate. According to The Washington Post, U.S. intelligence believes that “Russian military hackers” breached several hundred computers at the Winter Games and attempted to make it appear as though North Korea was responsible. Intelligence officials cited revenge for the International Olympic Committee’s decision to ban the Russian national team from participating in the Games as the motive. Experts from U.S. intelligence agencies believe that, in early February, Russian military personnel from the GRU (Main Intelligence Directorate) had access to 300 computers at the Olympics in South Korea.

2. Cryptocurrency Miners Target Major Companies

Cryptocurrency miners are constantly seeking new ways to profit, increasingly targeting large companies. Unknown hackers infiltrated Tesla’s cloud environment through an unsecured Kubernetes console and, using the company’s Amazon Web Services credentials, launched scripts for covert cryptocurrency mining. According to researchers from RedLock, who discovered the cryptomining operation, not only Tesla but also major British insurance company Aviva and the world’s largest SIM card manufacturer, Gemalto, fell victim to the miners.

3. New Cryptocurrency Mining Method via Microsoft Word Files

Experts from Israeli company Votiro discovered another method for mining cryptocurrency—using Microsoft Word files. This involves a feature that allows users to add online videos to Word documents without embedding the actual video. Attackers can exploit this mechanism to load JavaScript scripts for mining Monero cryptocurrency.

4. Banks Remain a Prime Target for Hackers

Despite the ongoing cryptocurrency craze, banks remain a primary focus for hackers. Due to unknown cybercriminals, India’s City Union Bank lost $1.8 million. The attackers managed to transfer funds using the SWIFT banking system. The fraudulent transactions were discovered on February 7 during reconciliation. One transfer of $500,000 was detected and blocked in time, but the criminals successfully completed two other payments, sending funds to banks in Turkey and China.

5. Mageia Linux Distribution Users Targeted

Last week, it was revealed that users of the Mageia Linux distribution became victims of hackers. Attackers compromised the Mageia server, stole a database containing user logins, password hashes, and email addresses, and published it online. It is currently unknown how the criminals managed to read the contents of the LDAP directory despite access restrictions.