Updates

Cybercrime

2018

British Airways reported hackers stole personal and financial data of its customers from its website and mobile app. The customers affected are those who made bookings on British Airways website or app from 21 August 21 until 5 September. Names, billing address, email address and all bank card details were at risk, with around 380,000 payment cards compromised. The stolen personal data did not include travel or passport detail.

More than 7,500 MikroTik devices have been compromised by an attacker, NetLab researchers claim. The attacker is able to actively eavesdrop on these users, with their TZSP traffic being forwarded to some collecting IP addresses. The vulnerability the attacker exploited is the known Winbox Any Directory File Read CVE-2018-14847 vulnerability, which was exploited to maliciously enable Socks4 proxy on routers. It was patched by MikroTik in early August, but some users missed the update. Researchers claim that 370,000 MikroTik users are still CVE-2018-14847 vulnerable. It is recommended MikroTik users update their devices and check if the HTTP proxy, Socks4 proxy, and network traffic capture function are being maliciously exploited.

T-mobile confirmed that it suffered a data breach on its US servers on 20 August. According to a letter from the company, the breach may have resulted in the exposure of personal information of up to 2 million customers. The data leaked included customers’ name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid). However, financial data, social security numbers and passwords weren’t compromised. The company has reported the breach to the authorities and has reached out to the customers affected.

Kaspersky Lab uncovered a malware campaign designed to steal financial information and login credentials to popular websites. Dubbed Dark Tequila, it has been active since at least 2013 and most of its victims are located in Mexico, infected by spear-phishing or USB device. Researchers identified six modules embedded in the malicious implant, which handle communication with the command and control server, remove any traces of the malware if the they detect a research environment, steal credentials from online services amd passwords from email, FTP clients, and browsers; copy the malware on any connected USB drives and ensure that the malware is running.  The threat actor behind Dark Tequila monitors and controls all operations strictly – in case of a infection which is not in Mexico or is not of interest, the malware is uninstalled remotely from the victim’s computer.

United Arab Emirates amended its Cybercrimes Law with new provisions, according to Emirates News Agency. The new article 26 stipulates an imprisonment period and a financial fine for offenders who set up, manage or run a website or publish information on the computer network or information technology means for the interest of a terrorist group or other unauthorized entities or with the aim to incite hate. Article no. 28 stipulates a temporary imprisonment and a fine for offenders who set up, manage or run a website or publish information on the computer network or information technology with the aim to endanger the national security, higher interests of the State, its public order, or attacks on any member of the judicial courts system. Article no. 42 stipulates the court may decide deportation of a foreigner convicted in a crime specified in Federal Decree-Law No. 05.

Hundreds of Instagram users have been locked out of their accounts in a wave of hacks in August, Mashable reported. The users affected have been logged out of their account and the user name, profile image, password, email address, and Facebook account linked to the Instagram account were changed. The hackers also linked all the account information to e-mail addresses with a .ru Russian domain. It is unclear whether the hackers are connected to Russia or how they took over the accounts. Instagram acknowledged it is aware of users’ difficulty to access their accounts and stated the issue is being investigated by the company.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top