October 2015 was the month were the Safe Harbor agreement between the EU and the US was ruled as invalid. Through the data transfer pact personal information of EU citizens could be transferred to the US – thus infringing on current EU data protection laws – but after a landmark ruling within the European Court of Justice, the pact was ruled as invalid.
Mark Shrems headed the legal challenge against Facebook because of his concern of the amount of personal data owned by Facebook which could be easily passed onto the NSA.
Positive news aside, the month of October has been very heavy on the attack, breaches and vulnerabilities side. The TalkTalk breach and the T-Mobile hack alone are enough to send shivers down the infosec community.
Countdown with us the top hacks, attacks and vulnerabilities for October 2015.
On Thursday October 22, TalkTalk, a phone and broadband provider, announced that it had been on the receiving end of a cyberattack and that personal details together with bank account records may have been compromised. The company at first thought that four million customers were affected by the hack but it later said the hack only lifted 21,000 unique bank accounts and sort codes, 28,000 obscured credit and debit card details and 15,000 customer dates of birth. TalkTalk continued by saying that up to 12 million customer email addressed together with names and phone numbers were also gained through the hack. So far, new stories point to a group on teenagers within the UK and Ireland, the youngest being 15 years of age.
2. 15 million T-Mobile consumers breached
Across the pond, 15 million US consumers had their details exposed when hackers breached a database maintained by credit-reporting service Experian. T-Mobile’s CEO, John Legere, issued a statement saying “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected.” From initial reports, it looks like the data breach affected people who applied for a mobile service between September 2013 to September 2015. The hack happened at the start of the month but a few days later The Telegraph revealed that data stolen from the Experian servers had already showed up for sale on the dark web.
3. Dow Jones and Co. allegedly hacked?
On October 16 a Bloomberg report revealed information about how Russian Hackers broke into Dow Jones servers in order to steal information which would help them in trading. After the publication of the Bloomberg report, Dow Jones issued a statement saying: “Since Bloomberg published its article, we have worked hard to establish whether the allegations it contains are correct. To date, we have been unable to find evidence of any such investigation.” However, it seems the FBI has since confirmed the investigation into the Dow Jones breach.
4. DDos attacks of Japanese airports
Two of Japan’s main airports were hit by a DDoS attack performed by the hacktivist group Anonymous. The attack was part of a campaign against dolphin hunting, a practice which is still considered legal in Japanese waters. This is not the first time Japanese websites were on the receiving end of a DDoS attack as the Japan National Tourism Organisation and Japan’s Fishermen’s Union websites have already been attacked.
— Anonymous (@_RektFaggot_) October 9, 2015
5. Daily Mail hit by malvertising
The Daily Mail website was compromised with an Angler exploit kit which may have put its 156 million monthly readers at risk of malicious advertising. The advert is said to have redirected users to an advertising server which serves malware which in turn used know IE and Adobe Flash Player exploits. If the systems were unpatched users would have ended up on the receiving end of Cryptowall. Once Cryptowall is within the user’s network it will encrypt all files and these would only be unencrypted if the user pays a ransom.
6. £20m grabbed from UK Bank Accounts
Dridex malware is behind the recent draining of over £20 million from UK bank accounts. The malware harvests banking details which are then used to steal the cash and can be contracted by opening documents from seemingly legitimate emails. The National Crime Agency in the UK said there might be thousands of infected computers out there and most of these are Windows.
7. 13 million passwords leaked from free web host
OooWebHost is a Lithuanian company that offers free web hosting and thanks to its favourable position on Google it is also one of the number one sites for free web hosting. A report on Forbes released data about how they learnt of this leak. Thomas Fox-Brewster, the reporter covering the story, tried getting ahold of the Lithuanian company but this was fruitless. Fox-Brewster noticed that the website had pushed out a password reset to all users but unfortunately didn’t provide an explanation as to why this was happening. A day after, oooWebHost finally admitted to the breach publically on their Facebook page.
8. Security cameras turned into botnet zombies
Around 900 Linux-based security cameras were turned into botnets. Multiple brands of security cameras were compromised. The CCTV botnets were used to conduct a denial of service attack on an unnamed large cloud service serving millions of people.
9. Flaw in Netgear routers
On October 13, it was revealed that hackers had been exploiting a vulnerability in Netgear routers which would in turn send users to a malicious server. Nearly 5,000 routers were affected by this vulnerability and the company has since issued a patched firmware version.
10. GitHub hit by DDoS attack
GitHub too seems to have been on the receiving end of an attack on October 22 – and this isn’t the first time this year. The code sharing site announced on Twitter it was investigating a DDoS cyberattack from an unknown source. The website seems to have been unaffected by the attack.
We're investigating what appears to be a DDoS attack.
— GitHub Status (@githubstatus) October 22, 2015