Cyber attacks and data breaches in review: July 2020

After a series of massive data breaches in May and June, which accounted for 15 billion breached records, we saw a reversion to the mean in July. By our count, 77,775,496 records were leaked in 86 incidents.

As always, we delve into the more notable incidents affecting European organisations in this blog.

Hackers hijack Twitter account of Russian Ministry of Foreign Affairs

Criminals looking for a quick, high-profile scam target public figures’ Twitter accounts because they are often poorly protected, and the bogus tweet will be widely read.

That’s a lesson that the individuals operating the Twitter account of Russia’s Foreign Ministry’s Crisis Management Centre learned in July, after criminal hackers compromised the account and claimed to be selling stolen information.

The tweet advertises a database containing details of tourist payments made during June 2020 to the Public Services portal of the Russian Federation. Anyone interested in the information could seemingly purchase it for 66 bitcoins (about €631,000).

The message may have been part of a wider attack on the Russian government, because the hackers clearly wouldn’t be able to access this information simply by compromising a Twitter account.

However, there is still no proof that any database breach occurred, and criminals generally sell stolen information on the dark web, where it’s much harder to track people.

It’s therefore possible that this tweet was a politically motivated attack intended to discredit the Russian government’s cyber security practices.

Whatever the truth, its Twitter account genuinely was hacked, suggesting that the account’s operators need to bolster their cyber security practices.

The attack was most likely a result of credential stuffing (i.e. correctly guessing a password), either because it had been used on other sites or had been shared.

A phishing attack might also be to blame, or even a disgruntled former or existing employee with access to the login details.

However it took place, the account’s operators – like all Twitter users – should consider 2FA (two-factor authentication).

This ensures that a password alone isn’t enough to compromise an account, and makes a successful cyber attack complex enough to dissuade all but the most persistent hackers.

Orange targeted by ransomware

The telecommunications company Orange confirmed last month that it had suffered a ransomware attack, exposing the personal data of 20 of its enterprise customers.

Its Orange Business Services division enables enterprise customers to host virtual workstations in the Cloud and receive remote IT support.

The database on which this information was stored was compromised by the Nefilim ransomware gang on 4 July. The group added Orange to its data leak site 11 days later, forcing the company to publicly disclose the breach.

The criminal hackers leaked a 339MB archive file, containing customer information.

This is something they do to prove to organisations that they have breached their systems. From the criminals’ perspective, they want to leak as little data as possible, because it reduces the incentive for an organisation to pay the ransom.

In other words, if a significant amount of data has already been leaked, the organisation might reason that there is little point in paying to have it returned.

However, the problem with this is that the entire dataset is compromised the moment criminal hackers access it. Leaking the information publicly doesn’t affect the confidentiality of the data, because it has already been breached.

Unfortunately, many organisations believe that by paying the criminals to delete the data, the incident isn’t classed as a data breach.

Orange did report the incident, although it’s not clear whether it has paid the ransom. Experts warn against doing so, because payment encourages and potentially funds further attacks.

You also can’t be certain that the attacker will provide the decryption key and not hold onto a copy of the data they stole if you pay up.

Railway giant Adif suffers large data breach

The Spanish railway infrastructure firm Adif lost 800GB of data in a cyber attack that was disclosed on 24 July.

The criminals claimed to have stolen personal information, letters, contracts and account information. They posted a sample of the exfiltrated data online and said they would continue to publish data until Adif paid a ransom.

The organisation confirmed that ransomware had been used to conduct the attack, but didn’t disclose specific details.

Typically, ransomware is planted on systems using phishing scams. The criminals send a bogus email that contains an attachment in which the malware is hidden.

When the victim opens the file, the ransomware is unleashed and begins encrypting files.

A spokesperson for Adif said that the incident had been reported to the appropriate authorities, adding that: “The infrastructure has not been affected at any time, and the correct functioning of all its services has been guaranteed.

“Adif, aware of being the manager of a critical infrastructure such as the exploitation of the railway network, considers cybersecurity as one of the pillars of comprehensive security.”

Stay up to date with cyber security news

Are you looking for regular updates on the latest cyber attacks and data breaches?

Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on the steps you should take to protect your organisation.

Subscribe to the Weekly Round-up to receive the latest industry news, free resources and promotions.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.