Last Week In Blockchain and CyberSecurity News - May 28, 2019

Hackers Reportedly Use a Tool Developed by the NSA to Attack Baltimore’s Computer Systems 

Baltimore’s city government has been a victim of a ransomware attack that has shut down numerous services over the past three weeks. Systems ranging from internal email to those that allow residents to pay water bills, purchase homes, and other services are currently offline. According to a report in The New York Times, cybercriminals are utilizing EternalBlue, a tool developed by the National Security Agency, for the attack.  

EternalBlue exploits a vulnerability in specific versions of Microsoft Windows XP and Vista systems allowing a user to execute remote commands on their target. EternalBlue has been responsible for other significant cyber attacks, including the WannaCry and NotPetya attacks.  

Baltimore’s computers are still experiencing effects of the ransomware attack, and employees are currently implementing workarounds as they attempt to bring their systems back online. 

Read more here

First American Financial Exposed 16 Years' Worth of Personal and Financial Documents 

Over 885 million records owned by U.S. real-estate insurance company First American Financial Corp. have been leaked online. The documents date back to 2003 and include bank account numbers, statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images.  

The documents “were exposed online through the company website, anyone who knew the URL for one of the documents could view it, and by just by modifying a single digit in the link could view other files.” As of today, the company closed the hole in its website security, and no information shows that a bad actor has taken advantage of this vulnerability. First American Financial is still investigating the incident and has hired a forensics firm to find out if anyone might have accessed the leaked records. 

Read more here

Intense Scanning Activity Detected for BlueKeep RDP Flaw 

Cybercriminals have begun to scan the internet for Windows systems that contain the BlueKeep (CVE-2019-0708) vulnerability.  

The vulnerability impacts the “Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008.” It can create wormable (self-replicating) exploits and has been classified as a serious risk. Some have compared BlueKeep to the Eternal Blue exploit during WannaCry in 2017 and, more recently, the Baltimore attacks.  

Microsoft urges companies to patch their systems. As of right now, no researcher or security firm has published any demo code.  

Get more information here

New Bitcoin Scam Leads to Ransomware and Info-Stealing Trojans 

Fraudulent websites are advertising a scheme that promises $5-30 worth of free bitcoin per day by running their Bitcoin Collector program on your computer. As you can imagine, though, the program installs ransomware or password-stealing trojans onto your computer instead.  

The websites provide a “VirusTotal link to show that it is completely safe, but even though this program has no detections, it is still a Trojan that normally would execute a malicious payload if the payload was present.” The scam campaign has recently pushed ransomware onto victims’ computers but now includes a password-stealing Trojan as well. 

Downloading and extracting the zip file will generate an executable file called BotCollector.exe. When you execute BotCollector.exe, “it will launch a program called ‘Freebitco.in – Bot’ that does not appear to do much. [However, it is] a Trojan that pretends to be a bitcoin generator [and] launches a malware payload.” This payload allows attackers to discover login credentials, snap screenshots, take files from your computer, and even steal cryptocurrency wallet keys.  

Read more here


Maker of U.S. Border's License-Plate Scanning Tech Ransacked by Hacker, Blueprints and Files Dumped Online 

Tennessee-based Perceptics supplies the U.S. government with vehicle license plate readers that identify and track citizens. Recently, attackers hacked the technology and are giving away the internal data on the dark web.  

The data includes over 65,000 files including “.xlsx files named for locations and zip codes, .jpg files with names that refer to ‘driver’ and ‘scene,’ .docx files associated with presumed government clients like ICE, and date-and-time stamped .jpgs and .mp4 files.”  

Other data amounts to hundreds of gigabytes of information that include “Microsoft Exchange and Access databases, ERP databases, HR records, Microsoft SQL Server data stores, and so on.” This information includes business plans, financial figures, and other personal information. 

Perceptics is aware of the network breach; however, the company has not provided other information regarding the incident. As Perceptics handles border security data acquisition, there is likely a significant amount of sensitive information included in the leak. 
 

Read more here