The month of October saw a lot of activity in the world of digital security. From common man to superpowers, from mobile phones to smart bulbs, nothing was spared by hackers from around the world, especially those from Korea, Iran and Russia.
In this blog post, we will take you through all the hacking incidents of the thirty-one days of October 2019, giving you a fair eagle-eye view of what happens in a month in the cybersecurity world.
WhatsApp Hack stole the limelight
In India, the WhatsApp vs NSO group stole the highlight. Pegasus attack had targeted many high profile individuals all over the world, including Indian politicians, journalists and activists. The big WhatsApp phone hack that allowed hackers to spy on usersق€™ messages just by sending a WhatsApp video call had garnered a lot of attention from Indian media.
Malware attacks:آ Malware takes the majority
The month saw plenty of malware attacks ranging from low to critical. From Androids to ATMs, almost every system was ended up in the vicious reach of hackers who successfully deployed their malicious software.
- Android users were hit by Xhelper malware
- An Indian nuclear plant was hit by DTrack malware
- Microsoft SQL server was hit by Backdoor malware
- WordPress was hit by a fake Updraft plugin having backdoor
- Mobile phones were hit by MESSAGETAP Malware
- Windows was hit by Nodersok malware
- iCloud and iTunes users were hit by ransomware
- ATMs were hit by Cutlet Maker Malware
- Windows was hit by RAT & Spyware hit
Note: MESSAGETAP and RAT were used to spy on targets.
Mobile phones attacked: Your best friend is always at target
More than 5 billion people use mobile phones in the world. Everything about our personal daily lives, from photos to conversations to bank details are stored in a 5 by 5-inch metal piece. No wonder, it is a favourite target among hackers.
- The famous SimJacker vulnerability made its way into mobile phones without any user interaction just by sending a malicious SMS.
- Two malware affected mobile phone users, especially Android users.
- iOS users also took a privacy hit owing to a flaw in the latest iOS 13 keyboard apps permissions settings.
- The texting generation saw a loophole in their beloved WhatsApp GIFs that could apparently get them hacked.
- And a shocked woman discovered that the fingerprint lock in her Samsung Galaxy S10 was put to shame by a cheap silicon cover from eBay.
Smart device attacks: Smart devices have smart vulnerabilities
With new technology, comes new vulnerabilities. Hackers are constantly coming up with ideas to break into the latest and most complicated technologies relating to IoT and AI. These smart devices that rely on machine learning are a hit among people who use them to complete their chores.
In October, millions of Alexas and Kindles were found vulnerable to KRACK attack. But the most shocking and baffling of the hacks was that the smart bulbs (like Philips) could be hacked using their infrared spectrum to spy on users!
Privacy attacks: Privacy is a myth
If any more proofs were needed to burst the privacy bubble, these attacks were sufficient.
- Twitter was found misusing usersق€™ phone numbers to make some money off of advertising.
- Even Apple was sending usersق€™ browsing data to a Chinese company called Tencent.
- And guess what? Encrypted PDFs are not that encrypted after all. Turns out their data can be stolen or they can be modified by a hacker using a PDFex attack.
Sexual attacks: Sexual predators on the rise
One of the most disgusting misuses of cyber technology is that of sexual crimes. The cyber-world is not a stranger to sexual predators but in the past 30 days, around 3 major sexual crimes were spotted.
- A former employee from a reputed company- Yahoo, admitted that he had hacked into a whopping six thousand accounts just for sexual content.
- US Feds busted a child porn site from dark web that was promoting infant, toddler and teenage sexual abuse. The website WELCOME TO VIDEO was taken down.
- A hacker was blackmailing millions of people by sending them fake sextortion emails using a Phorpiex botnet to collect cryptocurrency as ransom.
Massive data leak attacks: Exposed data threatens millions
Data leak seems like a harmless issue sometimes, but people hardly give thought to the fact that the right kind of data can be leveraged to launch a severe attack in the future. For example, the hacker we mentioned above who was blackmailing people for ransom was able to do so successfully because he had one of their leaked passwords that led people to believe that their privacy had indeed been compromised and that the sextortion threat was genuine. The following data leaks took place in October:
- UniCredit Bank had an incident that exposed around 3 million Italian customer data.
- Creative Cloud users, 7 million of them, were also put at phishing risk when data about their accounts was found exposed in public .
- Zynga website, one of the favourites among gamers, was a victim of leaked user account data of millions of people.
- 1.3 Million Indians had their credit and debit card data lying on a dark web market for sale.
App attacks: The shortcut path to someoneق€™s mobile
Mobile apps are one of the most effective ways of getting into usersق€™ mobile phones. October saw a lot of malicious applications lurking around the corners of the Google Play Store and App Store. Not to mention that other sources were also being used in full swing to drop malicious apps in millions of innocent users.
- Around seventeen fraud apps were found in Apple App Store carrying a Clicker Trojan Malware
- Some apps from Google Play store were stealing SMS verification Code from notifications of Android users
- Forty-two adware apps were targeting 8 million Android users
- UC Browser (including Mini) put more than 600 million users at risk of cyber attack by allowing third-party apps to download.
- JustDial app had a critical loophole that exposed millions of business owners at security risk.
Countries attacked
Many countries become a favourite target of a certain nationق€™s hackers. Some countries, on the other hand, are more used to being the attackers rather than the attacked. In this month, we saw:
- Iranian hackers targeted the US government for details about the email accounts of government officials. They were surprisingly relentless in their pursuit.
- In a double deceiving attack , Russian hackers hid behind Iranian hackers to target US government.
- Russian hackers also targeted the upcoming Tokyo Olympics by trying to tamper with anti-doping agencies.
- Not stopping there, Russian hackers even compromised more than 1 lakh users through a malware using fallout & RIG exploit kits.
Other cyber attacks
- Cisco REST API Container had an authentication bypass vulnerability that put many users at risk
- PHP websites on NGINX server had a flaw that let hackers remote control the websites
- There was a 7-year-old severe RCE flaw in macOS Terminal App
- Avast was hacked through its own VPN using stolen credentials to get network access
- A 4-year-old vulnerability in Realtek Wifi driver put Linux users at serious risk
- FBI found that hackers had found a way to circumvent multi-factor authentication
The hack that made people happy
A guy who was a victim of Mushtik ransomware took his sweet revenge by hacking the ransomware gang and releasing the decryption keys in public.
In a nutshell, a lot happened in October in the world of cybersecurity. If any lesson needs be learnt looking at these highlights, it is that literally no one is safe online. Even the smallest piece of information can be used against you by hackers who have just the right amount of motivation for launching a cyber attack.
So, go ahead and perform a self-check to see whether you are doing enough to keep cyber attacks at a distance or not.
Read more. Know more. Grow more.
