hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates
Global crash of Facebook, Instagram, and WhatsApp
On October 4, at about 11:44 EDT, Facebook, Instagram and WhatsApp went offline around the world. Apps didn't work and browsers showed DNS errors when trying to connect to sites.
At first it seemed that the problem was related to DNS, but later it turned out that it's worse than that. Facebook's routing prefixes suddenly disappeared from the BGP routing tables, effectively making it impossible to connect to any services hosted on those IPs. Later, Facebook issued an official press release, stating that the crash was caused by an error that occured while changing the configuration of the backbone routers.
The configuration issues reportedly affected the company's internal systems and tools, making it even more difficult to diagnose and recover. Anonymous sources in the media and social networks reported that Facebook employees couldn’t quickly get into their own data centers and access problem equipment.
The media also reported on data leakage due to the alleged hacking of the company. A huge (allegedly 600 TB) dump that actually appeared recently on the RAID forum, allegedly contains names, email addresses, phone numbers, IDs, gender and user locations. But the fact is that this dump went on sale at the end of September, and the data, apparently, was collected using scraping.
Leaked Twitch source code and business data
The data on the earnings of famous streamers for 3 years turned out to be publicly available. Unknown hackers have leaked the platform's source code and business data to the open source. On 4chan posted a link to a torrent file containing almost 130 GB of Twitch data.
The most sensitive data reporters found in the dump were folders containing information about Twitch user identification and authentication mechanisms, administrative controls, and Twitch internal security data. The personal data of Twitch users isn't found, but the leak contains data on payments for the platform's top streamers.
The same attackers hacked Acer for the second time in a week
The Desorden hacker group was able to hack the Acer network twice in one week. Moreover, the second hack has become more global. In addition to gaining access to the company's servers in Taiwan, attackers were able to penetrate the internal network of Acer branches in Malaysia and Indonesia.
On October 15, Taiwanese company Acer confirmed a recent breach of its servers in India. Desorden hackers were behind the Acer hack. They said they were able to steal 60 GB of data from the company's network at the end of September, including financial and audit records, customer information, and the credentials of Acer retailers and distributors. The attackers reported that they had access to the internal segment of the Acer India network from mid-September to mid-October.
Following this hack, an Acer spokesman assured that the company had investigated and found unauthorized access to its after-sales service information system in India. According to Acer, its specialists closed the vulnerability, and the attack did not have a significant impact on the company's operations and business continuity around the world. Acer also notified all customers affected by the leak, but did not disclose their number.
It turned out that this attack was not a single one. Desorden was able to use the same scheme to penetrate the company's network in Taiwan, Malaysia and Indonesia. Hackers stole customer data and financial information there. Acer did not explain why this attack vector was not closed there immediately after the hack in India.
According to Desorden, they attacked Acer a second time to prove that the company was still vulnerable:
"We did not asked for separate payment on the taiwan breach. it was meant to prove our point that Acer has neglected their cybersecurity." - Desorden.
The Telegraph data leak
One of the largest newspapers and online media in the UK, The Telegraph, did not properly protect one of its databases, as a result of which 10 TB of user data was disclosed. Information includes internal logs, subscriber full names, email addresses, device information, URL requests, IP addresses, authentication tokens, and unique reader IDs.
The Compound crypto platform donated $ 90 million users
The Compound cryptocurrency platform "donated" $ 90 million to its users because of a technical failure. Discovered the error, the platform's founder asked the users to return the money, threatening otherwise to complain about them to the US Internal Revenue Service (IRS) and, possibly, to leak their data. The incident didn’t affect user funds, provided assets, borrowed assets and positions.
Hackers Use Deep Voice Tech In $35 Million Theft
The criminals robbed a bank in the UAE worth $ 35 million by forging a voice using artificial intelligence technologies. Using a deepfake voice, the attackers tricked a bank employee into sending them money.
The incident occurred in January 2020, when the head of one bank branch in the UAE (the name of the bank was not disclosed) answered a regular phone call.
The scammer convinced the employee that the company was about to close a major deal worth $ 35 million, and he followed their instructions, starting to transfer funds to the "new" accounts of the fictitious company.
The scammers used the diplomatic voyage to forge the voice of the company director. In total, 17 people were involved in the fraudulent scheme, and the stolen money was transferred to many bank accounts around the world.