Cybersecurity news headlines for October 1-31, 2020

Cybersecurity news headlines for October 1-31, 2020

October’s edition of cybersecurity news headlines reports on three stories, Trump’s campaign website hacked to display a cryptocurrency scam, a cyber attack on Barnes & Noble, and state-sponsored Russian hackers charged by the US for some of the biggest cyber attacks in history.

Without further ado, here’s what made the biggest headlines in October 2020.

Cryptocurrency scammers hack Trump’s campaign website

For a short period of time on October 28, US President Donald Trump’s campaign website was taken over by malicious actors to promote a cryptocurrency scam. First noticed by journalist Gabriel Lorenzo Greschler, instead of the usual content, the site displayed a fake “this site was seized” message and logos of the FBI and the Department of Justice.

The hackers also displayed a message saying that “the world has had enough of the fake-news spreaded daily by president donald j trump”. The message further claimed that multiple compromised devices gave hackers access to secret conversations between Trump and “relatives”. Supposedly, the conversations expose information about Trump and his government being involved in the origin of the coronavirus, as well as discredit Trump as the President and revealed his involvement in manipulating the 2020 Presidential elections.

The hackers explained that they will allow “the world” to decide whether the stolen information becomes public or not. Two Monero addresses were provided, one for those who wish for the data to be shared, another for those who do not. After an unspecified deadline, the hackers would supposedly compare the funds in each account and “execute the will of the world”. Monero is a particularly hard to trace cryptocurrency, which is why it is favored among cyber criminals and scammers.

Donald Trump’s Director of Communications Tim Murtaugh later stated on Twitter that no sensitive data was exposed because it’s not actually stored on the site. The site was restored within 30 minutes of hack. Law enforcement authorities have been informed and are investigating the source of the attack.

The whole thing appears to be nothing more than a cryptocurrency scam, rather than something more serious, such as a state-sponsored attack. While the language used in the messages indicates that attackers are not native English speakers, there is no further evidence to confirm that this could have been a foreign state-sponsored attack.

Cryptocurrency scams are very common nowadays, and cyber scammers are coming up with various ways to promote them. Earlier this year, now identified hackers were able to get into Twitter’s systems and post tweets from high-profile accounts belonging to Elon Musk, Apple and many others. The tweets invited people to send Bitcoin to the displayed wallet in order to receive double the amount.

Barnes & Nobles suffers a cyber attack

One of US’s largest booksellers Barnes & Noble disclosed a cyber attack that potentially exposed customer data. The attack primarily affected Nook services, and users were unable to access their digital libraries on their Nook devices for some time after the attack. Users also had other issues, including not being able to log in online, and purchases not being visible.

The company acknowledged the issue but initially said it was due to “system failure”. However, it later disclosed that a cyber attack was responsible for the disruption in services. In an email sent to all Barnes & Noble customers, the company said that on October 10, 2020 they noticed that they had suffered a cyber attack. According to the email, malicious actors were able to gain access to certain Barnes & Noble corporate systems and in turn, customer data.

Among the potentially accessed information was email addresses, billing/shipping addresses, as well as phone numbers. The company was quick to assure that no payment card or other financial data was compromised, as it is encrypted and tokenized. Barnes & Noble also said that while they cannot rule out the possibility, they had no evidence that the data was actually exposed.

When news of the cyber attack broke out, there were speculations that ransomware was at fault, though the bookseller did not confirm this. However, the Egregor ransomware gang later leaked data that, according to them, belongs to Barnes & Noble customers, confirming that the company was indeed affected by ransomware. Part of the data, a “small proof pack”, was posted on Egregor’s dark web domain, along with a message that if Barnes & Noble did not contact them and give into the demands, they would post another pack of stolen data. Threatening to release customer data is now becoming a common tactic among ransomware gangs, as it pressures companies to pay the requested sum.

US Department of Justice charges Russian hackers for NotPetya, attack on Ukraine’s power grid and more

Six officers of the GRU, Russia’s foreign military intelligence agency, have been charged by the US Department of Justice for performing cyber attacks sponsored by the Russian government, including NotPetya ransomware attacks on businesses and critical infrastructure. The six officers are all part of the GRU’s Unit 74455, also known as Sandworm, an elite group of hackers.

The US Department of Justice has charged the six officers for their involvement in the cyber attacks targeting, on behalf of the Russian government, Ukraine and Georgia, the 2017 French elections, the 2018 winter Olympics, and the investigation into Sergei Skripal’s poisoning.

“These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort,” the indictment reads.

The attack on Ukraine’s power grids in 2015 was one of the most serious cyber attacks to date. The attackers were able to compromise the internal networks of Ukraine’s three major energy distributors, an attack that left more than 200,000 people with no power in December.

These incidents are one of the biggest cyber attacks in history, and while they are public knowledge, this is the first time Russia’s GRU is publicly accused on performing the attacks.

Cyber attacks performed by Sandworm have been noted to not only aim to cause financial damages to the targeted companies, but also disregard human life, as evident from the attacks on critical infrastructure, such as hospitals.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” Assistant Attorney General for National Security John C. Demers said when announcing the charges.

As was the case in the past, it is unlikely that anything will come of the charges, as Russia is not expected to extradite the defendants in question. The whole document can be read here.

References

• Nicole Perlroth. Trump Campaign Website Is Defaced by Hackers. The New York Times.
• Charlie Osborne. Barnes & Noble confirms cyberattack, ransomware group leaks allegedly stolen data. ZDNet.
• Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace. The US Department of Justice.