A brief overview of the main events in the IB world in the period from 23 to 29 October 2017.
The last two weeks have been rather turbulent both for the public and for IB experts. If a week earlier the wide resonance caused serious vulnerabilities in the WPA2 protocol, endangering almost all currently existing Wi-Fi networks, then the loudest event of last week was a new wave of attacks using the extortion software Bad Rabbit, which affected the media, government departments and companies in several countries of the world, mainly in Russia and Ukraine. We bring to your attention a brief overview of the main events in the IB world in the period from 23 to 29 October 2017.
October 24 this year, Russian and Ukrainian organizationswereattacked by the cryptographer Bad Rabbit. Malicious attacked three Russian media (including Interfax and Fontanka) and Russian banks from the top 20, as well as a number of Ukrainian companies and government agencies. According to Group-IB researchers, Bad Rabbit wasdistributedusing the drive-by download method (some experts reported that the watering hole method was used), several popular information sites in Russia and Ukraine were used to deliver malicious software. As experts believe, the attacks of NotPetya and Bad Rabbit may be the same hacker group, it is possible that this is a group of Black Energy. As it wasfound outsecurity researchers from Cisco Talos and F-Secure, a modified version of the exploit EternalRomance, stolen by The Shadow Brokers from the Equation Group, allegedly linked to the US National Security Agency, was used to distribute Bad Rabbit. Two days after the attacks began, several IB expertsreportedthe termination of Operation Bad Rabbit.
Activists Anonymous continue to attack Spanish government resources in protest against the actions of the Spanish authorities aimed at resolving the Catalan crisis. This time ,the official website of the Spanish government, Boletín Oficial del Estado (BOE), wasattacked.
The past week has not been without reports of data leaks. In particular, Bermuda consulting and legal company Applebywarnedits customers about a possible large-scale leak of confidential information. According to reports, the leak affected a number of the richest people in the UK.
Last week, the Asia-Pacific Network Information Center (Asia-Pacific Network Information Center, APNIC) has broughtan apology network owners for the leak of its database, among other things, contains insecure password hashes. Anyone could download the database, make changes to it or hack IP blocks.
Last week, it also became known about a hackerattackon the prestigious plastic surgery clinic London Bridge Plastic Surgery (LBPS), which resulted in cybercriminals being able to steal personal medical data from celebrities, including pictures of intimate plastics. The responsibility for the attack was assumed by the group The Dark Overlord, previously claimed that it was involved in breaking into a number of medical centers and schools in the US, as well as compromising the Netflix computer network. According to hackers, at their disposal there are “terabytes” of data, including information about the royal family.
Last Sunday, the media reported that the security service of London’s Heathrow Airportisinvestigating a possible leakage of data after an unemployed man found a flash drive in London Street containing unprotected information about the security system of the air harbor. “Flash” contained 76 folders with maps, videos and documents related to the security of the largest London airport and anti-terrorist activities. Some of the data was marked as confidential, but access to them was not protected in any way.