Cyber attacks and data breaches in review: August 2019

A glance at the numbers this month suggests that cyber criminals, like the rest of us, enjoy their summer holidays. The 114,686,290 breached records is infinitesimal compared to last month’s total and about 10% of the monthly average.

However, the figure comes from 95 incidents, which is the biggest total we’ve tracked this year.

Plenty of those breaches occurred in Europe, so let’s delve into a few of them in more detail.

 

1. European Central Bank says one of its websites was hacked

In a statement issued on 15 August, the ECB (European Central Bank) confirmed that one of its websites was hacked and that personal information was at risk.

The ECB discovered the incident during routine maintenance and closed its website while it resolved the issue.

 

European Central Bank says one of its websites was hacked

 

Investigators found that criminal hackers installed malware on an external server that hosts the BIRD (Banks’ Integrated Reporting Dictionary), which provides banks with details on how to produce statistical and supervisory reports.

The email addresses, names and job titles of 481 subscribers to the BIRD newsletter might have been affected, the investigation found, but neither passwords nor the ECB’s internal systems were compromised.

 

2. Ransomware strain targets German organisations

At the start of the month, a malware strain that targeted German organisations wreaked havoc.

GermanWiper was initially mistaken for ransomware, but as the name suggests, it was a wiper. Whereas ransomware encrypts files and blackmails the owner for the key to regain access, a wiper rewrites content, meaning the original files are gone for good unless the victim had a backup.

The epidemic was reported in a Bleeping Computer forum post on 30 July, but further incidents soon arose.

According to security researcher Marius Genheimer and CERT-Bund, Germany’s Computer Emergency Response Team, GermanWiper was being distributed via phishing scams.

The messages claimed to be job applications from a woman called ‘Lena Kretschmer’, with an attached CV in a .ZIP file.

Why would you open a CV from a woman you’ve never met? Curiosity. For the victims, it was simply too tempting to see who this woman was and what information she’d revealed about herself.

That’s not to suggest the recipients had any malicious intentions. Rather, they believed that opening the attachment was a kind of harmless eavesdropping.

The scam was effective in that regard, as it appeared completely harmless. It avoided the typical signs of a phishing scam – the urgent requests, the creation of a sense of panic – but its seemingly mundane nature is exactly what made it so tempting.

Unfortunately, those who opened the attachment let the wiper loose on their systems, where it rewrote local files and left a ransom demand. However, the files were gone and paying up wouldn’t get them back.

That’s just another reason that security experts urge people not to negotiate with criminal hackers after being hit with ransomware.

 

3. Lost garda documents fell from the back of a bike

Records released this month revealed that the Irish police lost sensitive information after it fell off the back of a motorbike.

The Times reported that the incident was one of more than 40 data protection breaches that occurred last year involving sensitive information held by the Department of Justice and Equality.

The most egregious was the incident involving garda documents. The records were being transferred from the Department of Justice’s mutual legal assistance division to the garda, but the courier reported that the package became dislodged after the bike hit a speed bump.

The driver didn’t notice that the cargo was lost until it was too late, and the information hasn’t been recovered. If the police, and those whose information is in those records, are lucky, then the documents will have been mistaken for general litter and thrown away without being read.

However, there’s a possibility that the records were recovered by a miscreant, who has used the information for malicious purposes.

The garda didn’t say what information was in the files, but at the very least they likely contained contact details, which is enough to launch a phishing scam.

Moreover, the context of the information – Department of Justice records – gives crooks a perfect pretext for a scam.

 

Subscribe to our weekly newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.