Weekly Overview of Information Security Incidents

This is a brief summary of major events in the world of information security for the period from December 11 to December 17, 2017. Last week, several incidents drew public attention, including a cyberattack on the largest cryptocurrency exchange Bitfinex, a warning about a possible attack on Ukraine, news of a new cryptographic attack called ROBOT affecting more than two dozen popular websites (including Facebook and PayPal), a data leak involving 200,000 Estonians, and more. Below is a concise overview of the main information security events from December 11 to December 17, 2017.

1. Increased Attacks on Cryptocurrency Companies

With the rapid rise in Bitcoin’s value, cybercriminals’ interest in cryptocurrency companies remains high. On December 12, Hong Kong’s largest cryptocurrency exchange, Bitfinex, reported a series of powerful DDoS attacks that caused service disruptions. Attackers are also launching phishing campaigns targeting traders. For example, Fortinet experts identified a new phishing operation in which criminals spread the Orcus remote access trojan (RAT) via malicious ads, disguised as the legitimate Gunbot trading bot.

2. Warning of Possible Cyberattack on Ukraine’s Power Grid

Last week, expert Robert Lee warned of a potential cyberattack on Ukraine’s power systems, similar to incidents in 2015 and 2016. In recent weeks, Lee observed increased activity among developers of the malware used in the 2016 attack. He believes hackers may launch a new attack in December 2017.

3. Man-in-the-Middle Attack on Fox-IT Clients

Dutch company Fox-IT reported a hacker attack affecting some of its clients. According to the notification, an unknown attacker carried out a “man-in-the-middle” attack and monitored a limited number of users. The hacker intercepted traffic intended for the Fox-IT domain, used an SSL certificate to read HTTPS data, and then redirected users to the real Fox-IT server.

4. New ROBOT Cryptographic Attack Discovered

A group of experts described a new variant of Daniel Bleichenbacher’s cryptographic attack, which can allow attackers to obtain private cryptographic keys for decrypting HTTPS traffic under certain conditions. The new attack, called ROBOT, affects some products from vendors such as Cisco, Citrix, F5, and Radware, as well as 27 sites from the Alexa Top 10, including Facebook and PayPal.

5. Data Leak Affecting 200,000 Estonians

The past week also saw reports of data breaches. Estonia’s Computer Emergency Response Team (CERT) announced a data leak affecting about 200,000 Estonian users. The leak exposed email addresses and passwords used for authentication on various online resources. Most of the compromised accounts were from the social network LinkedIn.