Friday Five: 8/18 Edition
It's Friday! Catch up on the latest infosec news with this week's roundup.
In the latest cyberattack on HBO, OurMine, the group that breached Mark Zuckerberg’s social media accounts last year, hacked HBO’s main corporate Facebook and Twitter accounts. This is following leaks of scripts, company documents, and full episodes of various HBO shows. In addition, four suspects related to the Game of Thrones episode leak have been arrested in India. Three of these suspects are current employees of Prime Focus, which stores and processes the Game of Thrones series for an Indian streaming site.
The world’s largest container ship and supply vessel operator, Maersk, was one of the first high-profile organizations that had fallen victim to the most recent Petya ransomware attack. The attack impacted Maersk Line, APM Terminals and Damco, and they had to temporarily shut down services to prevent the ransomware’s spread. Though they claim no data breach or data loss occurred, they expect a total loss in revenue of $200-300 million according to their press release because of operational interruptions during the shutdown.
3. Hacker claims to have decrypted Apple's Secure Enclave, destroying key piece of iOS mobile security by Brandon Vigliarolo
This week, a hacker going by xerub, released a full decryption key for Apple’s Secure Enclave Processor (SEP). The SEP operates separately from the rest of the device and generates the device’s Unique ID. It also handles Apple’s Touch ID transactions. With the decryption key, the SEP firmware’s code will be exposed as well as its vulnerabilities. This could be a hit to Apple’s mobile security, though xerub claims his intention for releasing the key was to add to the security of SEP. It’s too early to tell what the effects will be but there is still a ton of work that would need to go into exploiting this decryption and being able to compromise customer data.
This week, the Scottish Parliament experienced brute-force attacks on its systems similar to previous attacks on Westminster earlier in June, which were blamed on Russia. The attacks appear to be targeting IT accounts, resulting in account lockouts or failed logins. MSPs and staff have been informed to update their passwords with stronger strings of letters, numbers and special characters.
5. North Korean Cyberspies Target US Defense Contractors Following Nuclear Threats by Catalin Cimpanu
The Lazarus Group, a North Korean cyber-espionage group believed to be a division of the government’s state intelligence, recently switched its target from South Korean organizations to U.S. defense contractors. The Group has been sending spear-phishing emails containing Word documents disguised with job descriptions and internal policies. There were several similarities in this series of attacks to past Lazarus Group campaigns, and with Trump’s recent nuclear threats against North Korea, it’s not a far leap.