[Security Weekly] Australian PM Morrison Warns of Nationwide Cyberattacks by State-Backed Actor

4th Week of June 2020


1. Australian PM Scott Morrison discloses nationwide cyberattacks by state-backed actor

During a press conference held on June 19, Australian Prime Minister Scott Morrison made an unprecedented announcement stating that the country is currently suffering intensive and frequent cyberattacks at all levels of government and the private sector.

PM Morrison said that the information was obtained from the Australian Cyber Security Centre (ACSC), who detected an increase in the intensity and frequency of cyberattacks. He added that the government is certain that the attacks were carried out by a highly capable state-backed actor, since very few threat actors can initiate attacks at such a massive scale. When asked whether China is behind the attack, however, PM Morrison refused to comment.

The nationwide attacks occur across governments, political parties, health providers, and other infrastructure providers. PM Morrison did not release information on who specifically was targeted, as the main goal is to “raise awareness”, not to “raise concern”.

The threat actor leveraged system vulnerabilities to launch remote code execution. When attacks on the systems fail, phishing attacks are used instead.

ACSC is currently working with the targeted organizations to ensure that they are safely protected. ACSC strongly recommends all organizations to use multi-factor authentication to access cloud and internet-facing databases.

Penta Security’s ISign+ is one of the market’s only appliance-type Identity and Access Management solutions that combines multi-factor authentication with public key infrastructure, helping organizations protect their sensitive data from external threats. Learn more at: ISign+.

Source: ABC News Australia


2. Sensitive data from over 200 US police departments published online as “BlueLeaks”

On June 19, over 296 GB of stolen data from US law enforcement agencies were published on Distributed Denial of Secrets (DDoSecrets), a website similar to WikiLeaks, which claims to promote the free transmission of data.

According to DDoSecrets, the data were given to them by the infamous hacker and activist group Anonymous. The published dataset, named BlueLeaks, contained more than one million files from over 200 police stations and fusion centers dating back more than a decade. The files included images, documents, tables, web pages, emails, and video and audio files. Most of these were FBI reports and law enforcement guidelines, many of which contained personal information such as names, phone numbers, and even bank account numbers.

The National Fusion Center Association (NFCA) confirmed the leak. Investigations suggest that the leak was the result of an attack on Netsential.com Inc., a web hosting provider located in Houston who offers hosting services for police departments and fusion centers.

Fusion centers are intermediaries that handle communications between local police forces and the FBI. 

Sources: ZDNetBleeping Computer


3. Chinese bank forces foreign companies to install tax software with hidden back door

A UK-based multinational software vendor, who recently expanded its business into China, was told by its local Chinese bank to install a mandatory tax payment software named “Intelligent Tax”. Soon after, the firm’s cybersecurity solutions provider Trustwave discovered that the program was embedded with malware.

Intelligent Tax is a software developed by Aisino Corporation’s Golden Tax Division, designed for businesses to pay local taxes online. The malware, dubbed “GoldenSpy” by Trustwave, grants the attacker remote access to the victim’s IT system, and allows the attacker to run Windows commands and download and install software programs.

Trustwave detected the same malware installed on another large-scale foreign financial institution operating in China, but refused to disclose the names of both companies. It is highly likely that other foreign businesses in China are victims of either GoldenSpy or other similar malware programs.

It is unclear whether GoldenSpy was initiated by the Chinese government or some malicious actors in the local bank. The goal of the intrusion is also unknown. Some experts believe that these are designed by the Chinese authorities to spy on selected foreign businesses.

Sources: NBC NewsZDNet


4. IT specialist arrested for stealing data from University of Pittsburgh Medical Center

Justin Sean Johnson, an IT employee at the United States’ Federal Emergency Management Agency (FEMA), was arrested on June 16 for hacking and stealing sensitive data from University of Pittsburgh Medical Center (UPMC).

The incident took place back in January 2014, when Johnson, going by his nicknames “TDS” and “DS”, attacked UPMC’s Oracle PeopleSoft database. It took the police more than six years to catch the suspect.

Johnson stole the personal and financial data of over 65,000 employees at UPMC, including their names, dates of birth, addresses, social security numbers, and salary figures. He then sold this information on the dark web.

But the consequences did not end there. Whoever purchased the data used these to file fraudulent tax returns, which successfully claimed over $1.7 million tax refunds. The money was then laundered by purchasing Amazon gift cards, which was used to purchase nearly $1 million of goods shipped to Venezuela for resale.

This incident shows the importance of keeping personal data safe. Some of the most basic information can be used for identity theft, fraud, and phishing attacks.

Organizations must keep their sensitive databases encrypted to meet compliance and prevent such incidents by using a data security solution like Penta Security’s D’Amo. Learn more at: D’Amo.

Source: Infosecurity


5. Popular online game Stalker Online suffers data breach, 1.3 million user records stolen

Stalker Online is a Russian multiplayer online game popular across Eastern Europe. Recently, security researchers at CyberNews discovered over 1.3 million user records of Stalker Online posted for sale on the e-commerce platform Shoppy.gg.

The data were leaked from two databases. One contains 1.2 million user accounts of the game itself, while another contains 136,000 records of the online forum. These datasets included personal information such as usernames, passwords, email addresses, phone numbers, and IP addresses. After being informed of the situation, Shoppy.gg removed these data from its platform. However, it is likely that the hackers posted them on other dark web forums as well. 

Even though the passwords were encrypted, the encryption algorithm used was MD5, one of the least secure encryption technologies with severe vulnerabilities, making it easy for experienced hackers to crack them.

The hackers claimed responsibility by posting a link on Stalker Online’s official website, showing that they have compromised the web server.

Unlike the user accounts of most services, user accounts of online games contain valuable virtual items and in-game rankings that cannot be recovered by simply creating a new account. This is why keeping the user accounts safe is extremely crucial for a game company.

Source: CyberNews


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Web Application Firewall for Cloud: WAPPLES SA

Database Encryption: D’Amo

Authentication: ISign+ 

Smart Car Security: AutoCrypt