Hello! We conclude the year with a traditional digest of “classic” and non-trivial information security incidents, which were reported by foreign and Russian media in December. We were personally impressed with how the creators of Black Mirror predicted their own problems. And you?
What happened: One of the largest production studios in the world, EndemolShine, which creates and distributes the TV shows “Big Brother” and “The Voice” (in the Netherlands), as well as the series “Black Mirror”, faced with extortionists.
Who is guilty: Behind the attack is the DoppelPaymer group, known for cases of blackmailing large corporations and government agencies. The cybercriminals stole the personal data of the current and former Endemol employees, as well as some of the information constituting a trade secret. DoppelPaymer has already leaked some of the documents to the Internet and is now demanding a ransom from the company’s management, otherwise it threatens to disclose the rest of the data. The size of the ransom is not named, but by analogy with other “cases” of DoppelPaymer, we can talk about a seven-figure amount.
According to media reports, there is evidence among the compromised files that Endemol’s activities do not fully comply with the requirements of the General Data Protection Regulation (GDRP). And this threatens the firm with serious fines.
It is curious that in the third season of the acclaimed “Black Mirror”, the writers of which expose the ulcers of the digital world, there is episode on the topic of extortion in exchange for non-publication of compromising evidence. In the film (as often happens in life), everything ended sadly – the hacker’s victims fulfilled all the conditions of the “contract”, but their personal information was made public anyway. The moral is simple: never make deals with ransomware, you better check how well your data is protected.
What happened: To the server of the Israeli insurance company “Shirbit” hit a Trojan that within a few hours “forwarded” a database with complete customer data to the attackers’ address, including their addresses, phone numbers, credit card numbers, copies of passports, places of work and lists of close relatives.
Who is guilty: Apparently, things are bad with antiviruses in particular and information security in general in Shirbit, since the company only learned about the leak when the stolen information surfaced in the public domain. A scandal erupted, since among the victims there are military and security officials. For this reason, the State Cyber Security Administration and the General Security Service (SHABAK) joined the investigation of the leak.
Several compensation claims have already been filed against Shirbit, and, apparently, the company faces, if not complete ruin, then a massive outflow of large clients.
Draining “according to the Brazilian system”
What happened: Estadao newspaper journalists discovered login and password to the Ministry of Health database in the source code of the department’s website. Anyone could view it simply by pressing F12 in their browser. This data allowed access to SUS (Sistema Único de Saúde), the official database of the Brazilian Ministry of Health, which stores information on 243 million citizens (including those who died) – full name, home address, phone number, medical information.
Who is guilty: There is a puncture of the developers. After the leak was reported, the data was removed from the source code, but it remains unclear whether the attackers managed to exploit this vulnerability.
Ironically, this is the second information security incident with medical information in the country in recent years. Last month for a similar reason in Brazil flowed away data from 16 million patients with COVID-19. It seems that “public sector + personal data” is a dangerous mixture not only for Russia.
What happened: In the Pavlovsky district of the Nizhny Novgorod region, the next participants in the tandem “policeman + ritualist” were convicted.
Who is guilty: Throughout the year, local police officers illegally conveyed funeral entrepreneurs, names and home addresses of the deceased. For this, servicemen received from 3 to 30 thousand rubles. As a result, several criminal cases were initiated, the suspects were suspended from work.
What happened: IS specialist of a telecom company in Reutov, Moscow region spotted suspicious appeals to the corporate database with customer data. Someone turned to her three times with a break of several days.
Who is guilty: The perpetrator turned out to be a customer service manager. According to the employee, he entered the system “out of boredom” against the background of the absence of buyers. At the same time, he photographed the data of 14 subscribers, which was later confirmed by recordings from CCTV cameras in the cabin. He needed the data for resale.
The man was accused of unlawful access to legally protected computer information and its copying. Taking into account the once good reputation, as well as remorse for what he had done, the court sentenced the ex-manager to one year suspended sentence with a correctional term of one year.
One for all and all for one
What happened: Marketer of the developer of the SkinSwipe mobile application for exchanging in-game items from CS: GO, Dota 2 and Team Fortress 2 shared a story of fraud. On a weekend, someone started a massive sale of promotional codes and game currency from the application, although the team had not planned such activity.
Who is guilty: It turned out that a former SkinSwipe technical support employee was involved in the case. He entered the application admin area outside of business hours and created several hundred sales positions. But it is wrong to blame only him for the incident, because to enter the admin panel, the man used the login and password, which after his dismissal no one changed. Moreover, the entire team used this login information. Because “we are a small close-knit team and trust each other.”
What happened: To the Network flowed away credentials of several medical institutions to connect to a closed IT system. The leak occurred through the Yandex search bar.
Who is guilty: Logins and passwords were “passed” to the search engine by users. It turned out that the employees of the institutions, to quickly find the login page, inserted a query like “full link to the resource + login + password” into the address bar. That is, they copied the lines from the table in which the accounts were stored. Yandex accepted them as requests and issued them as prompts to any users. It is not known whether an unauthorized user took the opportunity with bad intentions. But the search service for its part eliminated the problem.
Two-factor authentication, you say? Regularly updating passphrases? And it turns out that you need to start from scratch – what is possible and what cannot be entered into the search bar of Yandex and Google.
This was IB-December. See you in January. May the holidays be fantastic and the New Year happy!