Friday Five: 4/17 Edition
San Francisco International Airport was hacked, Pentagon networks are at risk, and a TikTok hack circulates COVID-19 conspiracy theories. Catch up on the news of the week with the Friday Five!
1. San Francisco Intl Airport Discloses Data Breach After Hack by Sergiu Gatlan
The Bay Area’s largest airport, the San Francisco International Airport (SFO), released a notice that it experienced a data breach to all commissioned employees via an internal memo. The data breach came after two its two websites, SFOConnect.com and SFOConstruction.com, were hacked in March of this year, after the attackers likely gained access to the login credentials of registered users on the sites. After investigating the incident, SFO discovered that the attackers inserted malicious code on both websites in order to steal the login credentials. Users who accessed either website from outside the airport network through Internet Explorer on a Windows-based personal device could be impacted by the attack. SFO has forced a reset of all SFO related email and network passwords and are urging all users who visited the two sites to change their Windows devices’ account passwords. The airport was able to get SFOConnect up and running, but it appears the SFOConstruction site is still under maintenance.
2. SEC Settles with Two Suspects in EDGAR Hacking Case by Catalin Cimpanu
Back in February 2016, a test EDGAR server operated by the US Securities Exchange Commission was hacked. Four year later, the SEC has settled charges with two of the nine people it suspects were involved in the attack. The server was an SEC system that allowed companies to submit official company filings, future announcements, and past financial records. Two traders, David Kwon and Igor Sabodakha, who benefited from insider trading after receiving data hacked from the EDGAR server have agreed to pay fines and restitution. The SEC filed a criminal complaint last year that claimed that Oleksandr Ieremenko, a Ukrainian hacker, breached the server, took files, and then shared the data with eight co-conspirators who then made market transactions with them. The US securities regulator believes the trading partners made over $4.1 million in illegal profits. Ieremenko was previously involved in similar hacking schemes between 2010 and 2014 that involved stealing unreleased press releases and sharing them with co-conspirators who engaged in insider trading. Ieremenko, along with an individual, Artem Radchenko, believed to the be the mastermind behind the scheme, are still at large and most likely located in Russia.
3. Pentagon Networks at Risk Amid Remote Work Setup, Watchdog Says by Alyza Sebenius
On the same day the Pentagon announced a significant increase in its capacity for remote work during the Coronavirus pandemic, a government watchdog warned that the U.S. Defense Department’s computer and information systems are not adequately protected from “common and pervasive” cybersecurity threats. The Government Accountability Office (GAO) released a report to Congress on Monday titled “DOD Needs to Take Decisive Actions to Improve Cyber Hygiene” that claimed the Defense Department's cybersecurity initiative at is “incomplete – or their status is unknown because no one is in charge or reporting on progress.” The Pentagon has recently provided new equipment and network capacity to let thousands of troops and civilian personal work from home, and the GAO is concerned about the new vulnerabilities and weaker cybersecurity that remote work can pose. Although the Pentagon has a list of practices in place to deter hacking tactics used frequently by U.S. adversaries, the GAO says it “doesn’t know the extent to which it’s using these practices” and that some foreign nations possess sophisticated levels of expertise and resources to pursue their targets. The GAO made seven recommendations for security improvements, and according to the report, the department concurred with one, partially concurred with four and rejected two of the recommendations.
4. Collectibles App’s User Credentials Collected, Posted on Dark Web Forum by Bradley Barth
Quidd, an app designed for trading collectibles featuring popular brands, entertainment properties and fictional characters, was recently hacked. Four million user credentials were taken from the app and posted on a dark web hacking forum. Security researchers discovered the pilfered data and found that the forum is not selling the data but rather making it available “in a non-restricted manner.” Data that was exposed includes email addresses, usernames, and bcrypt-hashed passwords. Many of the leaked credentials include business emails from major companies. These organizations are now at an increased risk for future spear phishing and business email compromised campaigns. All Quidd users should change their account passwords, as well as change the passwords on other accounts that use the same password to prevent credential stuffing attacks.
5. TikTok Hack Replaces People’s Videos with Coronavirus Conspiracy Theories by Anthony Cuthertson
TikTok, the video-sharing social networking app that has recently surged with popularity, is in the midst of dealing with a security vulnerability that could allow hackers to post fake videos to people’s accounts. Popular TikTok accounts were able to be manipulated to appear as though they were endorsing dangerous conspiracy theories surrounding the coronavirus pandemic. Security researchers confirmed the hacking technique after being able to replicate it after playing around with the app for a few minutes. Some fake posts claim that “washing hands too often causes skin cancer” and “smoking and vaping kill the coronavirus.” With the majority of TikTok users being young and impressionable teens and children, the circulation of misleading and fake videos poses a huge risk. Although all users should be diligent about evaluating the sources of information received from social media, it becomes more difficult to do that when an attacker can simply masquerade as an authoritative source. TikTok is being urged by security experts to switch from the HTTP protocol to the more secure HTTPS in order to prevent future attacks.