[Security Weekly] Belarusian Hackers Spread Personal Data of 1,003 High-Ranking Police Officers

4th Week of September 2020


1. Belarusian hackers spread personal data of 1,003 police officers

On the morning of September 19, a Google Spreadsheet containing the personal information of 1,003 high-ranking Belarusian police officers were leaked by hackers in retaliation against the government’s crackdown on protests against President Alexander Lukashenko.

A dataset containing names, dates of birth, police departments, and job titles were provided by the hackers to Belarusian news channel Nexta, after which were quickly published and spread online. Nexta warned the government that more data would be published if the arrests and detentions of protesters continue.

The Ministry of Internal Affairs of Belarus responded by declaring that it would find and prosecute the hackers and spreaders. The hackers fought back by launching a DDoS attack against its website.

The Eastern European country has been under chaos since August 9, when incumbent President Lukashenko was re-elected for a sixth term by claiming 80% of the votes. The Leader of the Opposition fled the country for personal safety after suggesting massive electoral fraud.

Sources: The Guardian, NBC News, ZDNet


2. World’s largest eyewear company Luxottica Group suffers ransomware attack

Italian-based Luxottica Group S.p.A., the world’s largest eyewear conglomerate and the owner of Ray-Ban, Oakley, Persol, Essilor, LensCrafters, Sunglass Hut, Pearle Vision, and more, suffered a ransomware attack that halted its operations in Italy and China.

On the evening of September 18, users began to report on social media that the websites for Ray-Ban, LensCrafters, Sunglass Hut, and Pearle Vision were out of service. The online portals of Luxottica were also shut down.

On the following Monday of September 21, a cyberattack became apparent as Luxottica employees in Italy received text messages telling them to not come to work due to an IT system failure. Luxottica’s Information Security Manager Nicola Vanin later confirmed via a LinkedIn post stating that the company’s IT systems were forced to shut down following a ransomware attack. Still, he claimed that there was no evidence suggesting any leak of customer data.

The attackers likely gained access to the network by exploiting a known vulnerability in a Citrix ADX controller used by Luxottica. The vulnerability allowed attackers to remotely execute code on a targeted machine in the network.

Sources: TechRadar, Bleeping Computer


3. Ecommerce giant Shopify discloses data breach caused by two malicious employees

Shopify, the third-largest ecommerce platform in the world hosting over one million online shops, disclosed a data breach incident that compromised the customer transaction details of nearly 200 online shops run on its platform.

According to Shopify, the data leakage was not due to any vulnerabilities in its IT system, but caused by two malicious employees working in its support team. The team offers technical support to both shop owners and end-customers. 

The two employees abused their authority by trying to obtain transaction details from the shop owners. Prior to the discovery, nearly 200 online shops were affected. Some of the data they obtained include the end-customers’ full names, home addresses, email addresses, as well as the details of the purchased products and services. Fortunately, financial information and payment card details were not accessible.

This incident shows the importance of having a set of internal data security policies, such as monitoring suspicious employee activities to keep sensitive data safe from malicious insiders. Shopify is treating this incident very seriously by working with the FBI and a number of international law enforcement agencies to bring the criminals to justice.

Sources: TechCrunch, SC Media


4. Government software vendor Tyler Technologies hit by RansomExx ransomware

Tyler Technologies, one of the largest providers of software solutions to the US government, reportedly suffered a ransomware attack that shut down its website and disrupted its operations.

The company sells software products to over 15,000 local government offices across the US, Canada, and Australia. These include integrated tax software, financial software, and document management software.

According to an email sent to its clients on September 23, an unauthorized third party gained access to its IT and telecommunications systems, forcing the company to shut down its entire network to prevent any secondary attacks. As a result, the company’s website and online services remained unavailable.

Tyler Technologies did not reveal the details of the attacker, but sources at Bleeping Computer suggested that the intruders were operators of the RansomExx ransomware. Even though the ransomware group does not operate any official data leaking site, it does not rule out the possibility that a copy of the files might have been exfiltrated before being encrypted.

To minimize the financial and reputational loss in case of a ransomware-led data breach, adopt a data encryption solution like D’Amo. Different from in-house data encryption, D’Amo provides a centralized management tool that integrates key management, access control, and auditing. To learn more about D’Amo, click here.

Sources: Bleeping Computer, Reuters


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security