[Security Weekly] Sensitive Data From US Government Networks Breached by Russian Hackers

SW Cover Image

4th Week of October 2020


1. Sensitive data from US government networks breached by Russian hackers

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint security advisory disclosing that Russian state-sponsored hacker group Energetic Bear had been targeting US government networks since early 2020. Targeted networks include a number of federal, state, and local government networks, as well as the networks of government contractors in the aviation industry.

The advisory did not disclose the specific agencies impacted, but suggested that Energetic Bear had successfully gained access to at least two government servers and exfiltrated sensitive data. The initial intrusion was made by exploiting known vulnerabilities in Citrix, Microsoft, and Fortinet devices, after which a vulnerability in Windows Servers was exploited to move through the network.

The exfiltrated data included network configuration details and passwords, IT instructions, standard operating procedures, and contractor information and purchase histories. Fortunately, both agencies stated that there was no evidence suggesting that the attack was directed at the presidential election, and that the upcoming election is very unlikely to be affected by it.

To prevent attackers from targeting known software vulnerabilities, it is crucial to update all software programs with the latest patches. Furthermore, invest in a web application firewall like WAPPLES to prevent attackers from exploiting web application vulnerabilities. To learn more about WAPPLES, click here.

Sources: Reuters, Politico


2. Pfizer exposes personal and health information of prescription drug users

Pfizer, one of the largest pharmaceutical manufacturers in the world, carelessly exposed the personally identifiable information (PII) and the medical status of hundreds of customers taking its prescription drugs.

The leak was due to the company’s misconfiguration of a Google Cloud Storage bucket, which was left open to the public without any password protection. The bucket contained its customers’ personal information such as full names, home addresses, phone numbers, email addresses, and medical histories. It also contained detailed call transcripts involving customers asking about side effects and reordering.

The victims included hundreds of prescription users of Lyrica, Viagra, Premarin, Chantix, and various cancer treatment drugs. Some of the data involved records all the way back to 2018.

The incident was initially discovered in July by security researchers at vpnMentor. After repeatedly contacting Pfizer about the issue, the open storage bucket was finally reconfigured to private on September 23.

Sources: Threatpost, Infosecurity


3. Popular MMORPG Albion Online suffers cyberattack, user data compromised

Albion Online, a popular multiplayer role-playing game with 2.5 million players and nearly 300,000 registered forum members, suffered a cyberattack that compromised all its forum users’ profiles, including usernames, email addresses, and hashed passwords.

Sandbox Interactive, the company behind the game, disclosed the incident on October 17. It stressed that the stolen passwords were safely salted and hashed, and that no payment card information was compromised. Nevertheless, there remains a risk for those with easy-to-guess passwords and those who reuse their usernames and passwords. As a result, the company advised all forum members to change their passwords immediately as a preventative measure.

Read the following article for some tips on how to create easy and strong passwords: Smart and Creative Ways for Setting Easy and Robust Passwords

Sources: ZDNet, Threatpost 


4. Montreal’s public transit attacked by RansomExx ransomware

Société de transport de Montréal (STM), the public transit agency of Montreal, Canada, suffered an attack from the RansomExx ransomware family, impacting its entire IT system and online services.

Even though buses and trains remained operational, services that require call reservations and online registrations were shut down. This includes the paratransit services provided for people with disabilities.

STM confirmed on October 20 that they had suffered a ransomware attack, and that they were working with local law enforcement and cybersecurity experts to investigate the case and repair the systems.

Sources: Bleeping Computer, Security Boulevard


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security