Cybersecurity news headlines for January, 2020

Cybersecurity news headlines for January, 2020

In the first edition of cybersecurity news headlines of 2020, we report on three stories. Currency exchange company Travelex suffered a cyberattack at the beginning of the year and is still dealing with the aftermath. Adult website SextPanther leaked personal information of thousands of models and sex workers. And Saudi Arabia and its Crown Prince are linked to Amazon CEO Jeff Bezos’s phone hack.

In no particular order, here are cybersecurity news headlines for January, 2020.

Travelex suffers a cyber attack on New Years Eve

London-based currency exchange company Travelex suffered a cyber attack on New Years Eve and is still dealing with the aftermath. Immediately after the attack, Travelex took all their systems offline. Suspension of online services has caused a lot of issues not only for the company itself but also for others using Travelex’s currency exchange services.

A group identified by the name REvil were revealed to be behind the cyber attack, and they managed to infect Travelex systems with Sodinokibi ransomware. Before the attack, businesses were warned to patch their Pulse Secure VPN servers, as Sodinokibi ransomware was using the vulnerabilities to infect systems.

While the company says there is no evidence that customer data was compromised, the group behind the cyber attack requested $6 million in exchange for not deleting the systems and selling customer data. The malicious actors behind the attach have told news outlets that they first gained access to Travelex’s network six months ago and have downloaded 5GB of customer data, including dates of birth, credit card information and national insurance numbers. Travelex has denied this claim, and it is not known whether the currency exchange company paid the ransom.

While Travelex was dealing with the attack, people and companies were left unable to use their services. In particular, third-party exchange services that depend on Travelex for currency (Tesco Bank, HSBC, Sainsbury’s Bank) were unable process foreign currency orders and operate normally.

A month after the cyber attack, Travelex’s systems in Britain are mostly back online, while a global restoration is underway.

Adult website SextPanther leaks personal information of sex workers

Adult website SextPanther has exposed personal information of more than 11,000 models and sex workers. The website, which allows people to communicate with sex workers for a fee, reportedly stored thousands of identity documents on an exposed Amazon Web Services (AWS), TechCrunch reports. The data stored included driver’s licenses, passports and Social Security Numbers, which means highly personal information like names, home addresses, dates of birth, biometrics and photos were exposed. According to the company’s website, these documents are used to verify the ages of models.

The website allows paying customers to exchange texts, photos, videos (including explicit content), etc. More than 100,000 photos and videos sent/received by the models were also stored in the same storage bucket.

Cybersecurity company Fidus Information Security discovered that the storage bucket belonged to SextPanther and contacted the company to inform them. It was pulled offline an hour after the site’s operator was notified.

The company believes that no one, besides the security firm that identified the leak, has accessed the data. However, the data leak is still being investigated.

Saudi Arabia linked to Jeff Bezos’s phone hack

In late January news broke out that Saudi Arabia’s crown prince was somehow involved in the hacking of Jeff Bezos’s iPhone. Jeff Bezos, Amazon’s CEO and current wealthiest man in the world, had his phone hacked back in 2018, and according to reports, the hack happened after Bezos received a WhatsApp message from an account controlled by the Saudi Arabia crown prince Mohammad bin Salman. Soon after the video was sent to Bezos, data was exported from his phone.

The hack came to light after Bezos hired a forensics team to investigate how tabloid National Enquirer managed to acquire his private data, including information about his extramarital relationship. The forensics team’s investigation showed that Bezos’s iPhone was indeed compromised, and that Saudi Arabia was involved. According to news outlets, forensics determined that the hack originated from a WhatsApp account controlled by Crown Prince Mohammad bin Salman.

Bezos received a video on WhatsApp from an account allegedly controlled by bin Salman on May 1, 2018. Within hours, massive amounts of data were sent from Bezos’s phone. The hack remained undetected for months, during which more than 6GB of information was stolen from Bezos’s iPhone.

“The forensic analysis assessed that the intrusion likely was undertaken through the use of a prominent spyware product identified in other Saudi surveillance cases,” UN experts, who reviewed the forensic analysis, said in a statement.

Bezos is also the owner of The Washington Post, the newspaper for which journalist Jamal Khashoggi was a contributor. Khashoggi was a critic of both the Saudi Arabia government and the crown prince Mohammad bin Salman. He was murdered in the Saudi consulate in Istanbul in 2018. The CIA has determined, with a medium-to-high degree of certainty, that the Saudi Crown Prince personally ordered the attack. Is believed that Bezos was targeted because of his ownership of the Washington Post, a newspaper that does not shy away from publishing stories critical of the Saudi government.

The UN experts have said Bezos’s phone hack “point to pattern of targeted surveillance of perceived opponents and those of broader strategic importance to the Saudi authorities, including nationals and non-nationals”.

While Saudi Arabia has denied being involved in the hack, United Nations experts are calling for an investigation.