Overview of Information Security Incidents

Here is a brief summary of the main events in the world of information security for the period from October 9 to October 15, 2017. The past week was marked by a series of major data leaks. Two consulting firms and a luxury hotel chain became victims of breaches, North Korea allegedly stole military secrets from South Korea and the US, the APT ALF group stole military aircraft documentation from an Australian government contractor, and data from millions of Bitly and Kickstarter users was exposed. Below is a concise overview of the most significant incidents during this period.

1. Forrester Data Breach

Early last week, it was reported that consulting firm Forrester suffered a data breach. Attackers gained access to credentials for the company’s website and stole marketing research ordered by clients. This information could reveal the technologies Forrester’s clients use and upcoming products. Hackers may sell this data on the black market or to competitors, or use it to select future attack targets.

2. Accenture Data Exposure

The second consulting firm affected was Accenture. However, this incident was not caused by cybercriminals, but by the negligence of the company’s system administrators. Accenture’s client data was left publicly accessible on unsecured Amazon Web Services S3 (AWS) cloud servers.

3. Deloitte Cyberattack Update

Previously, Deloitte, one of the world’s largest consulting firms, was hit by a cyberattack. Last week, new information revealed that the scope of the incident was much broader than initially thought. In particular, data from the US State Department and three other government agencies may have been compromised.

4. Hyatt Hotel Chain Payment Card Leak

For the second time in two years, luxury hotel chain Hyatt experienced a payment card data breach. Attackers may have obtained cardholder names, card numbers, expiration dates, and internal verification codes.

5. Bitly and Kickstarter User Data Exposed

Security researcher Troy Hunt discovered that user data from Bitly and Kickstarter, compromised in 2014 cyberattacks, was publicly accessible. In total, information on more than 14.2 million users was found.

6. FIN7 (Carbanak) Phishing Campaign

The Eastern European hacker group FIN7 (also known as Carbanak) hacked US government servers to distribute malicious phishing emails, allegedly sent by the US Securities and Exchange Commission. According to security researcher Craig Williams, this campaign targeted select US businesses across various sectors, including finance, insurance, and information technology.

7. VTB 24 Phishing in Russia

Clients of VTB 24 in Russia also fell victim to phishing. Criminals sent mass notifications via Viber, supposedly from VTB 24, about unauthorized transactions. Victims were instructed to call a number for more information. When they called, the scammers posed as bank employees and, under the pretense of identification, tricked them into revealing their bank card details.

8. $40 Million Stolen from Eastern European Banks

Trustwave SpiderLabs researchers reported a fraud scheme that resulted in the theft of over $40 million from several Eastern European banks. The attackers used a complex method combining cyberattacks on bank networks, manipulation of debit card overdraft limits, and mass cash withdrawals from ATMs.

9. DDoS Attacks on Swedish Transport Authorities

On October 11–12, Swedish transport authorities were hit by DDoS attacks, causing train delays. Experts believe these attacks were tests, with the attackers aiming to observe Sweden’s response to such incidents.