Our Security Summary for the month of August2 min read

We are starting a new monthly series where we summarise what we believe to be the top security news of the month. Be that big data breaches or new attacks/ exploits.

Our Top 3

Return of Locky ransomware

23 million messages sent containing the malware. Making it the biggest ransomware campaign in the second half of 2017

What to look out for, Unexpected emails containing the following subject:

• please print
• documents
• photo
• images
• scans
• pictures

The emails often contain a subject line that will get the reader to open the attachment out of curiosity. Generally the advice is not to open emails when either you don’t recognise the email address or you weren’t expecting the email. If you weren’t expecting it but it was from a email you recognise it is very possible that the contact you know may have had their email account compromised. This is how even the most security conscious get caught out. Therefore, it is worth checking with the person by other means other than email to see if that is the case.

HBO hacked

It wasn’t a great month for HBO. At the start of August, they suffered a data breach where 1.5 terabytes of data were stolen. The stolen data included episodes from the very popular Game of Thrones (GOT) series. The hackers then held HBO to $7.5 million ransom. HBO refused to pay so the hackers released what they had with Episodes leaked online likely related to the hackers.

HBO then suffered another attack where their Twitter and Facebook, highly likely it was the same hackers with them using credentials found in files they stole in the hack a few days earlier.

To top it all off HBO in Spain accidentally aired an episode of GOT early, skipping an episode, essentially leaking their own show.

2 Million records were stolen from CEX

The stolen data includes some personal information such as first name, surname, addresses, email address and phone number if this was supplied. In a small number of instances, it may include encrypted data from expired credit and debit cards up to 2009. No further financial information has been shared. It only happened recently so not much else is known yet. They have hired cyber security specialist which more information likely to surface in the coming days.

Sources

https://uk.webuy.com/guidance/?utm_content=bufferedaf6&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer#queAns3

https://www.scmagazine.com/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/article/680568/?utm_content=bufferbb2df&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

http://www.techrepublic.com/article/massive-locky-ransomware-campaign-sends-23m-messages-in-24-hours/