Security News Survey – May 3, 2019

This week, we look at an unprotected database exposing 80 million households, a major extortion scheme, and a $1.8 million business email compromise attack.

We’ve closed out another month with a busy week on the cybercrime front. We’re continuing to see large-scale data breaches and data leaks, as well as targeted efforts by increasingly creative fraudsters. Let’s take a look.  

Unprotected server exposes information of 80 million American households

Another day, another unprotected server. This week, security researchers revealed the discovery of an unprotected database, hosted by a Microsoft cloud server, that appeared to house around 24GB of data on more than 80 million U.S. households, including names, income brackets, marital status, and more. It’s not currently clear who the database belongs to. However, Microsoft has come out with a short statement to confirm that the owner of the database was contacted and the database was no longer publicly accessible.

Thankfully, no Social Security numbers or payment-type information were found in the database, but the data that was exposed isn’t exactly harmless. Income brackets in particular are sensitive information, because those in higher brackets may become more likely targets of cybercrime.

Blackmail scheme exposes data from some of the world’s largest companies

Another large data breach came to light this week after Citycomp, a German IT firm, disclosed that it has fallen victim to a troubling extortion scheme. Hackers reportedly infiltrated the company to steal data pertaining to its customers and attempted to blackmail Citycomp, asking the company to pay a fee in exchange for not making the stolen data public. Citycomp refused to pay the attackers, and the stolen data was subsequently released. Unfortunately, Citycomp’s customer base is sizeable and includes very well-known global companies, including Airbus, Volkswagen, Oracle, Porsche, and other big-name brands. The hackers appear to have stolen in the vicinity of 516GB of data—customer contact information, asset lists, some payroll records, and more—and have made the information available on an .onion domain. Citycomp is working with authorities to investigate the cyberattack, which they call “ongoing.”

Business email compromise attack costs U.S. church $1.75 million

An Ohio-based church, Saint Ambrose Catholic Parish, recently fell victim to a business email compromise (BEC) attack and lost a substantial amount of money as a result of fraud. When the church’s construction vendor, Marous Brothers, contacted them to inquire about late payments totaling around $1.75 million, the church asked the FBI to investigate the matter. It turns out that scammers compromised two email accounts and were able to convince church staff that Marous Brothers had changed their bank and wire information. Unfortunately, the money was removed from the fraudulent bank accounts before folks noticed that something was amiss.

This incident is a reminder of the danger of compromised accounts, and a timely case study of the rise of BEC attacks. The FBI’s newest Internet Crime Report, which analyzes the key trends in cybercrime from 2018, revealed that the agency investigated $2.7 billion of losses in relation to BEC attacks last year. These types of attacks constituted the largest type of cybercrime by quite a wide margin.

At Interset, we know that account compromise in general is a common factor in data breaches. You can read more about how an account might be compromised and the potential fallout in our blog, Most Wanted Insider Threats: The Tale of a Compromised Account.