Get best of the week

Review: the most high-profile security incidents in 2019



Image: Unsplash

Every year, the issue of cybersecurity is becoming increasingly important. Data leaks are not getting smaller, cybercriminals continue to invent more sophisticated hacking methods and earning schemes, and corporate security is increasingly being tested for strength.

Like the previous few years, the year 2019 turned out to be very eventful - from large-scale data leaks, to cyber espionage campaigns, financial crimes and ransomware attacks. Below we will talk about the most high-profile incidents of 2019 according to SecurityLab.ru portal.

Base Collection # 1 - # 5


In January 2019, an archive was discovered in the MEGA cloud service , containing about 773 million unique email addresses and 22 million unique passwords collected from various sources. In total, the array, called Collection # 1, included over 12 thousand individual files and more than 87 GB of data. Some passwords in the database were stored in clear text. In the same month, an archive of 2.2 billion unique user names and passwords appeared on hacker forums . The 845 GB data array, baptized as Collections # 2–5, included 25 billion records — three times as many as Collection # 1.

Dream market


A month later, a database containing 617 million accounts stolen from users of 16 hacked sites was put up for sale on the underground Dream Market . The seller of the database was someone under the pseudonym Gnosticplayers, and its cost was $ 20 thousand in bitcoins. For this amount, anyone could buy 162 million compromised Dubsmash accounts, 151 million MyFitnessPal, 92 million MyHeritage, 41 million ShareThis, 28 million HauteLook, 25 million Animoto, 22 million EyeEm, 20 million 8fit, 18 million Whitepages, 16 million Fotolog, 15 500 million px, 11 million Armor Games, 8 million BookMate, 6 million CoffeeMeetsBagel, 1 million Artsy and 0.7 million DataCamp. Later, Gnosticplayers put up for sale a second archive , which included 127 million stolen user accounts of 8 sites, requesting 4 bitcoins for it.

Hacker attack on Norsk Hydro


In 2019, the number of attacks using ransomware significantly increased, which affected many large companies. For example, in March, the world's largest aluminum producer Norsk Hydro was forced to suspend production facilities due to an attack by the LockerGoga ransomware. According to the company, the damage from the incident amounted to about $ 35-41 million. The Swiss manufacturer of special equipment Aebi Schmidt, the German concern Rheinmetall, etc., were also among the victims of various ransomware programs .

Backdoor in ASUS Live Update Utility


At the beginning of this year, it became known about a malicious campaign aimed at users of ASUS computers. The cybercrime group ShadowHammer hacked the ASUS Live Update utility to deliver BIOS, UEFI, and software updates to ASUS laptops and desktop computers, implemented a backdoor in it, and distributed it through official channels. According to experts, the total number of infections could reach a million.

Leaked Verifications IO LLC


In March, security researchers Bob Diachenko and Vinny Troia  discovered an open-source database of 150 GB containing four separate data sets with a total of 808 539 939 records. The database belonged to the marketing company Verifications IO LLC, which, after reporting the leak, immediately turned off both the database and the site.

Public data of Facebook users


Records of more than 540 million Facebook users were stored in the public domain on Amazon S3 cloud servers. The source of the leak was not the tech giant himself, but third-party Facebook application developers - Mexican media company Cultura Colectiva and the At the pool app. The 146 GB database, owned by Cultura Colectiva, contained more than 540 million records with Facebook user data, including comments, preferences, logins, user IDs, etc. The database “At the pool” stored names, passwords in text form, email addresses 22 thousand users, as well as information about friends, likes, groups, etc.

WhatsApp Pegasus Spyware Vulnerability


In May, one of the resonant events was the announcement of the vulnerability CVE-2019-3568 in the WhatsApp messenger, which was used to install Pegasus spyware manufactured by the Israeli company NSO Group. In October, WhatsApp sued the hacking tool maker, accusing the NSO Group of helping government intelligence agencies crack the phones of some 1,400 users around the world, including diplomats, opposition members, journalists, and high-ranking officials.

Data leakage of nearly half a million residents of Delhi


An unprotected MongoDB server was discovered on the Network, which contained a 4.1 GB database called “GNCTD”. The archive contained confidential information about 458,388 residents of Delhi (India). The database contained several sections with detailed information allowing you to compose a portrait of a person, including Aadhaar numbers, voter card numbers, data on health status, education, location, presence or absence of a house, floor number, Internet availability, etc.

Hacking cryptocurrency exchanges


With the unquenchable popularity of cryptocurrencies, the corresponding exchanges continue to remain a tidbit for attackers. In 2019, several major exchanges suffered at the hands of criminals at once. In particular, in April, the South Korean cryptocurrency exchange Bithumb, which lost about $ 20 million in cryptocurrency, became a victim of hacking (the third time in three years) , and a month later one of the five largest cryptocurrency exchanges in the world Binance found itself in a similar situation - attackers in a hot wallet service and withdrawn more than 7 thousand bitcoins (about $ 41 million). In addition, they also had at their disposal a large array of personal information of traders, secret keys, two-factor authentication passwords and other data.

Google secretly collected honey. U.S. residents


Google has been at the center of a scandal involving secret data collection. As it turned out, the tech giant and Ascension conducted a joint secret project to collect and analyze the medical data of millions of Americans. The information collected included laboratory results, doctors' diagnoses and records of hospitalization, a complete medical history — patient names and birth dates. This data was used to develop new AI-based software that provides recommendations to specific people on changing treatment tactics.

A massive attack on iPhone owners


Experts have uncovered one of the largest cyber attacks in history on owners of Apple iPhone smartphones. Attackers hacked a number of sites with a weekly audience of several thousand users and with their help infected iOS devices with malware through zero-day vulnerabilities in the operating system. The malware stole the confidential information of the victims and also had access to passwords in Keychain and a database of unencrypted messages in communication services like Google Hangouts and even encrypted messages WhatsApp, iMessage and Telegram.

Data leakage of more than 1 billion users of social networks


The database containing over 4 TB of information turned out to be in the public domain - a total of 1.2 billion records, including data from the profiles of hundreds of millions of users of social networks Facebook, Twitter, LinkedIn and Github, including 50 million phone numbers, 622 million unique email addresses and employment history records. The Google Cloud Services archive didn’t contain passwords, payment card numbers, or social security numbers.

Compromise of telecom companies for espionage


At the end of June, details of a large-scale cyber espionage campaign were announced, in which criminals infiltrated the networks of the world's largest telecommunications companies in order to intercept information about specific individuals. The campaign was allegedly organized by the APT10 grouping connected with the PRC. Attackers managed to steal about 100 GB of information and use Call Detail Records (CDR) to track the movements and actions of those who were interested in them.

Leak Capital One 


The American banking holding company Capital One  reported a massive data leakage of more than 100 million US residents and 6 million Canadian residents. The leak was caused by a former Amazon employee who had access to the Amazon Web Services (AWS) public cloud, which hosted the affected company's database. In addition to personal data, the leak affected social security numbers of 140,000 cardholders, as well as about 80,000 numbers associated with bank account cards. The company estimated the damage from hacking at $ 100-150 million.

Big asian leak


December of last year was marked by several large data leaks. In particular, at the beginning of the month, unknown persons published in the public domain a database containing 2.7 billion email addresses and more than 1 billion unencrypted passwords to them. As the database analysis showed, most of the data was a leak put up for sale by a cybercriminal under the pseudonym DoubleFlag in early 2017. A leak called the “Big Asian Diversion” included user data from a number of Chinese Internet companies, including NetEase, Tencent, Sohu, and Sina.

And again Facebook


Another major December leak affected users of the social network Facebook. Unknowns published on the Web a database containing more than 267 million unique Facebook user account identifiers. In total, data from 267,140,436 users of the social network turned out to be in the public domain, most of them are residents of the United States. The database contained unique identifiers for Facebook accounts, phone numbers, user names and surnames, as well as time stamps.

Author : Alexander Antipov, SecurityLab.ru

, . 2019 Positive Technologies , , , .

, 19 14:00, Positive Technologies , 2019 . , , 2020 .

, .

More articles:


All Articles