This post was originally published here by Jacob Serpa.
Here are the top cybersecurity stories of recent weeks:
- Aebi Schmidt infected by ransomware
- Amnesty International faces state-sponsored cyberattacks
- Hackers use GitHub for phishing
- Atlanta Hawks customers have information stolen by malware
- Health and fitness website suffers breach
Aebi Schmidt, a massive multinational manufacturing company, had most of its operations grind to a halt after its systems were infected with ransomware. This type of threat, which renders devices unusable until a ransom is paid, can spell disaster for any organization that is heavily dependent upon logistics and maintaining intricately orchestrated operations. Unfortunately, Aebi Schmidt’s malware outbreak caused many of its systems around the world to become unusable, leading to massive downtime for the organization.
It was recently discovered that the Hong Kong office of Amnesty International had been the victim of a state-sponsored cyberattack. Specifically, the non-governmental organization had unknowingly been targeted for multiple years by hackers tied to the Chinese government. While it is reported that no financial information was exposed, Amnesty International has not detailed what data was compromised or how many individuals were affected.
Apparently, hackers have been using GitHub, a cloud-based storage place for developer code, to run their phishing schemes. Leveraging legitimate platforms like GitHub to host phishing efforts enhances the perceived validity and, consequently, the effectiveness of hackers’ phishing attacks. Clearly, user training and real-time security are as important as ever.
The Atlanta Hawks, one of the teams in the NBA, recently reported a malware outbreak on its online store. Apparently, a threat embedded itself into the team’s website that allowed malicious parties to skim payment details, capturing personal information such as names, mailing addresses, and credit card numbers. Magecart, a credit-card-thieving crime syndicate, has been linked to the attack. Investigations are ongoing.
In late April of 2019, Bodybuilding.com announced that it had suffered a breach in February – a breach which was enabled by a phishing attack from July of the previous year. Obviously, this kind of lag time for detecting, remediating, and announcing breaches is less than ideal for the individuals who trust websites to protect their data. While it has not been confirmed that customer data was accessed, it is possible that hackers gained access to information such as names, addresses, phone numbers, and more. The website has since reset all of its users’ passwords.
Photo:Bluechip Computer Systems LLC