[Security Weekly] FBI Messaging System Hacked to Email 100,000 Fake Alerts

cover image

November 2021, Issue II


1. FBI messaging system hacked to email at least 100,000 fake cyberattack alerts

The FBI disclosed on November 15 that a hacker exploited a configuration flaw in its messaging system to send out fake cyberattack alerts to at least 100,000 recipients.

First detected by Spamhaus Project, a nonprofit spam-monitoring organization, the email was sent from a real FBI email address “eims@ic.fbi.gov” through the Law Enforcement Enterprise Portal (LEEP). The email warned recipients that their data had been exfiltrated in a sophisticated cyberattack, before signing off as the US Department of Homeland Security’s Cyber Threat Detection and Analysis Group, a former body that no longer exists.

Investigations showed that the recipients’ email addresses were scraped from the North American Registry for Internet Numbers (ARIN) database. A conservative estimate suggested that the email reached at least 100,000 recipients. For days, the FBI’s helpline was bombarded with calls from worried IT administrators.

The FBI reassured the public that all data and personally identifiable information (PII) remained safe, and that the vulnerability had been patched immediately.

Sources: Threatpost, NBC News


2. Investing platform Robinhood suffers data breach affecting 7 million people

Robinhood, a commission-free investing and trading app, disclosed a data breach incident on November 8, revealing that an unauthorized third party obtained the personal information of 7 million users.

First discovered on November 3, the hacker used sophisticated social engineering techniques to steal the identity of a customer support employee, then obtained access to various customer support systems by phone. Among the 7 million people affected, 5 million users had their email addresses stolen, whereas another 2 million people had their full names exposed. Additional personal information such as dates of birth and zip code was exposed for 310 people, of which 10 of them had highly sensitive personal details compromised. 

Robinhood reassured its customers that social security numbers (SSN), bank account numbers, and debit card numbers remained safe. An email has been sent to all victims.

To prevent social engineering attacks, robust access and identity management (IAM) with multi-factor authentication (MFA) is crucial. Penta Security’s single sign-on (SSO) authentication appliance iSIGN+ protects business accounts from social engineering and account compromise.

Sources: ZDNet, Infosecurity, CNET


3. Costco customers suffer fraudulent charges following card skimming attack

Costco, one of the largest retailers in the world, disclosed a card skimming attack at its stores that led to fraudulent charges to its customers’ credit cards.

After a number of Costco customers complained about fraudulent charges on social media, Costco investigated their stores and found five card skimmers at four different locations in the Chicago area. The skimmers copied information in the magnetic stripe of the credit cards, which contained name, card number, expiration date, and CVV2.

On November 5, Costco sent out notification letters to less than 500 customers with confirmed fraudulent charges, and offered all victims 12 months of credit monitoring and identity protection service with a $1-million fraud insurance. All customers were advised to check their credit card statements for any fraudulent transactions.

To prevent card skimming attacks, banks and retailers should educate their employees to perform close inspections of card readers regularly.

Sources: Threatpost, Bleeping Computer


4. Electronics retail giant Media Markt hit by Hive ransomware, $50 million demanded

Europe’s largest consumer electronics retailer Media Markt suffered a severe ransomware attack that began on the evening of November 7. Based in Germany, Media Markt has over 1,000 stores in 13 countries across Europe.

The company’s IT systems were forced to shut down to prevent the ransomware from spreading further. Over 3,100 servers and computers were said to have been encrypted. Many stores across the continent suffered operation disruptions, especially those in Germany and the Netherlands. The affected stores were unable to process payment card transactions. Product returns were also temporarily suspended as purchase history was inaccessible. 

The Hive ransomware gang claimed responsibility for the attack. While initially demanding an astronomical $240 million ransom in exchange for the decryption key, the price tag was quickly reduced to $50 million as negotiation began. Nevertheless, a payment of $50 million would still make it the most expensive ransom to date.

Media Markt did not disclose whether any sensitive information was stolen by the attackers prior to deploying ransomware. The Hive ransomware gang is known for its double extortion attacks. 

Sources: Bleeping Computer, Retail Detail


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security