[Security Weekly] Cathay Pacific Fined £500,000 for Data Protection Failure
2nd Week of March 2020
1. UK government fines Cathay Pacific £500,000 for past data breaches
The Information Commissioner’s Office (ICO) of the United Kingdom issued a fine of £500,000 last week to Cathay Pacific Airways for failing to protect customer information.
Due to multiple cyberattacks between October 2014 and May 2018, the Hong Kong flag carrier had exposed the private data of 111,578 UK residents as well as 9.4 million from other countries. The leaked information included names, dates of birth, passport numbers, phone numbers, addresses, and travel history.
Cathay Pacific only became aware of the situation in March 2018, when they suffered a brute-force attack. The airline reported the incident to the ICO, which led to a full-scale investigation that revealed serious loopholes in data security. Problems included files that were not password protected, open servers without the latest patches, operating systems no longer supported by the provider and inadequate security measures.
The £500,000 fine was enforced by the Data Protection Act 1998 of the UK. Since the data breaches took place before 2018, the General Data Protection Regulation (GDPR) was not applicable. Experts estimated that if the incidents were to happen today, the airline would have been hit with a fine of £470,000,000 under the GDPR.
[In compliance with multiple international standards including GDPR and CCPA, Penta Security’s MyDiamo provides a powerful and user-friendly database security solution for open-source databases. Learn more at MyDiamo.]
2. New phishing campaign spreads fake HIV test results to consumers of healthcare and insurance providers
Earlier this week, cybersecurity researchers noticed a new phishing campaign where the attackers send out fake HIV results by impersonating healthcare and insurance providers. Like most phishing scams, the victims are then lured to click a malicious link.
In one of the email scams, attackers pretended to be Vanderbilt University Medical Center and asked victims to check their HIV results in an attached Microsoft Excel document named “TestResults.xlsb”. Victims who opened the document would trigger the installation of Koadic RAT1. Once Koadic gets installed, the attacker would be able to run programs and access data on the device. The attacker could easily steal the victims’ personal and financial information, as well as infecting other computers in the network. With such high capabilities, Koadic is popular among state-sponsored hacker groups in China, Russia, and Iran.
It is important to note that medical test results will never be sent through any links or attachments. All patients should either call their doctor directly or log in to their account with the healthcare provider to check for results.
As coronavirus spreads over to more than 120 countries, phishing scams exploiting health-related fears is gaining popularity. To read more about how to protect yourself from such scams, click here.
1 A remote access trojan (RAT) is a malware program that includes a back door, allowing for remote administrative control to the targeted device.
3. Durham, North Carolina attacked by Ryuk ransomware
Last Sunday, the City of Durham, as well as the Durham County in North Carolina, issued a public statement revealing that the city is in the recovery process of an attack by the Ryuk ransomware.
The attack forced the city to shut down its phone system to prevent further damage. Significant disruptions occurred for many of its services, including City Hall, Durham One Call, and Durham Parks and Recreation Centers. Fortunately, 911 and critical public safety systems remained in service during the attack.
The city claimed that the attack was initiated through a phishing email to an employee, which activated the ransomware when an attachment was downloaded. This shows the importance of cybersecurity education in organizations. No matter how advanced cybersecurity technologies are, internal human error is always a threat.
Security experts have argued that the public sector is lagging far behind the private sector in terms of preparedness for cyberattacks. This explains why we are seeing an increasing trend of ransomware attacks on the public sector. According to Recorded Future, ransomware attacks on state and local governments in the United States alone exceeded 100 in 2019.
The obstacle here is that taxpayers are not willing to spend more on cybersecurity, but are also against the idea of paying any ransom. This paradox shows again the lack of awareness and knowledge on cybersecurity by the general public.
4. Data breach of Trident Crypto Fund exposes passwords for 266,000 users
Trident Crypto Fund is a Malta-based crypto investment index fund. Based on its own algorithms, the Trident Index combines a mixture of the top ten best-performing coins, allowing users to easily diversify their crypto assets.
On March 5, a report published by Russian media outlet Izvestia revealed that a database of Trident Crypto Fund was hacked. The database contained email addresses, phone numbers, IP addresses, and encrypted passwords for more than 266,000 users.
These data were initially posted on various file-sharing websites since February 20, after which more than 120,000 passwords ended up being decrypted and posted on March 3. Decrypted passwords meant that hackers can now easily gain access to the users’ funds.
As of now, Trident has not made any official comments on the incident. However, security researchers have contacted the victims and confirmed that their information matched those disclosed online. Trident has no social media presence. It is also unclear whether the company is legally registered in Malta.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Web Application Firewall for Cloud: WAPPLES SA
Database Encryption: D’Amo
Smart Car Security: AutoCrypt