The Good, the Bad and the Ugly in Cybersecurity – Week 22

The Good

Identifying hackers is difficult, arresting them and bringing them to justice is even harder. Therefore, when law enforcement agencies are able to press charges against them we can only applaud them for their good work and hope that the courts will hand down sufficient punishment to deter others.

Authorities in Germany pressed charges against a 22-year-old who hacked into private accounts of politicians, journalists and public figures. The person confessed to stealing and leaking online private data belonging to hundreds of politicians, including the German Chancellor Angela Merkel. Additional charges include a blackmail attempt against six German MPs (demanding Bitcoin payment in exchange for not publishing their information) and three false reports to the police regarding bomb attacks or mass shootings.

According to the investigator, the perpetrator used email providers’ password reset facilities to gain access to accounts and obtain personal data, telephone numbers, contact addresses, credit card data, photos and correspondence. This individual’s motives seemed to be sensationalist, political and to some degree, financial.

In another arrest this week in Seattle, a Ukrainian national was allegedly involved in hacking operations run by FIN7, a syndicate known for stealing approximately $1 billion from its victims in the United States. Denys Larmak has been charged with “conspiracy to commit computer hacking, accessing a protected computer to commit fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft”.

According to the authorities, Larmak ran spearphishing campaigns to obtain credentials, credit and debit cards details and other personally identifiable information. Lamark was diligent: he used Jira to document his actions and create a dedicated ticket for each victim, and used the system to effectively share information obtained with other members of the FIN7 hacking collective.

The Bad

German authorities published an advisory this week to companies in the energy, water and power sectors, stating that a Kremlin-linked hacking group is targeting their sectors. The group, called variously Berserk Bear, DragonFly 2.0 and Dymalloy, is apparently operating on behalf of Russia’s FSB intelligence agency and using the supply chain to access the German companies’ IT systems.

The APT group, known to be active since at least late 2015 or early 2016 and specialising in Energy sector hacks against European and American targets, utilizes publicly available and proprietary written malware to penetrate IT networks, gain persistence and steal information. Most worryingly, they aim to penetrate highly-critical Operational Technology (OT) networks.

The same group previously targeted US companies using infected websites for harvesting login credentials and utilizing these to compromise critical infrastructure companies in Europe and North America. In the past, the group was accused of attacking German energy providers.

The Ugly

The UK’s privacy watchdog has announced that the number of reported data breaches has declined in the last 2 years since GDPR came into effect. However, it seems the British are bucking the trend, as data breaches across the globe are only increasing.

Just this week, Japanese Telco Giant NTT announced a data breach affecting hundreds of customers, and Bank of America announced a data breach affecting customers applying for the Paycheck Protection Program (PPP).

These breaches are overshadowed by another massive data breach affecting 29 million Indian job seekers. A cybersecurity firm discovered a threat actor selling personal details of millions of job hunters from different states across India. The leak likely happened via a resumé aggregator service which collects data from various known job portals. The information offered for sale includes personal information about users including their email address, phone number, home address, and qualifications.

If 29 million records sounds like a big number, then try to fathom this one: 8 billion. That’s the number of internet records leaked from a subsidiary of Thailand’s largest cell network, Advanced Info Service (AIS). The database containing real-time internet records of millions of customers was released in May during a test scheduled by the company, who claim that no important data was made available. The database has now been made inaccessible.