Cybersecurity news headlines November 1-15, 2018

Cybersecurity news headlines November 1-15, 2018

Continuing from our October edition, here is the news that made the biggest headlines in the first half of November. It’s been a relatively quiet two weeks so this edition will be shorter than our previous ones. We report on 4 stories: data breaches in Radisson Hotel Group and HSBC bank, a Bitcoin scam using Elon Musk’s name, and card skimming malware on Infowars online store.

So here’s what you may have missed in the world of cybersecurity news.

Radisson Hotel Group victim of data breach

Loyalty scheme members of Radisson Hotel Group may have had their personal information leaked as a result of a data breach, the hotel group reports. According to the report of the incident, the breach impacted only a small percentage of Radisson Rewards members, and no credit cards or passwords were compromised. However, an investigation by the hotel group has revealed that names, addresses, email addresses, and some company names, phone numbers, Radisson Rewards member numbers and frequent flyer numbers have been accessed by the attackers.

The incident was noticed on October 1, 2018, and Radisson Rewards immediately revoked access to the attackers. Since then, all affected accounts have been secured and are continually monitored for any possibly unauthorized behavior. Radisson Rewards members have also been cautioned to monitor their accounts for any kind of suspicious activity, even if there is little risk to the account. Furthermore, the hotel group cautions to be careful of phishing attempts aiming to get personal information. All users should remember that Radisson Rewards will never ask for a password or user information via email.

Affected users should have received emails between October 30 and October 31, 2018. Members who did not receive an email are believed to have not been affected.

HSBC Bank data breach

It has been revealed that a small amount of HSBC bank users had their personal information accessed. According to a notice about the breach, HSBC noticed that certain accounts were accessed by unauthorized users between October 4, 2018 and October 14, 2018. As soon as the bank noticed this, online access to those accounts was suspended, preventing further unauthorized entry. Information that had been accessed includes full names, mailing addresses, phone numbers, email addresses, dates of birth, account numbers, account types, account balances, transaction histories, information on payee accounts, and statement histories.

Victims of the breach were contacted by the bank with information about what happened. The bank also advised all affected people to immediately change online banking credentials. In addition, victims are being offered free Identity Guard credit monitoring service for a year, information about which will be provided in the notice.

It is believed that only a small amount of users had their accounts accessed, but affected people are speculated to have used their online banking passwords for other accounts, which could have been part of another data breach. Passwords should never be reused, particularly for important accounts, such as online banking.

Fake Elon Musk Twitter accounts used in a Bitcoin scam, earning scammers $180,000 in just one day

If you are a regular Twitter user and have interest in cryptocurrency, you might have noticed that fake Elon Musk Twitter accounts have been promoting Bitcoin scams. And people have been falling for them, as evident from the $180,000 scammers managed to make in a single day. The scam itself is quite simple, scammers hack into verified Twitter accounts, change profile pictures into the one that Elon Musk is using in his actual account, change the profile names into “Elon Musk”, and then tweet messages about a Bitcoin giveaway.

One particular tweet by fake Elon Musk says that he is giving away 10,000 Bitcoin to the community. The tweet also claims that he has resigned as the director of Tesla, and has decided to host “the biggest crypto-giveaway in the world”. All seems good so far, but there’s a catch. Users first need to send him from 0.1 to 3 Bitcoins in order to “verify” their address. According to the tweet, people who “verify” their addresses by sending Bitcoin will receive from 1 to 30 Bitcoin back. Furthermore, supposedly those who send more than 0.3 Bitcoin will get +200% back. At first glance, it seems that Elon Musk did, in fact, send those tweets. However, it’s not difficult to notice the weird Twitter handle. The Twitter handle is essentially the name of the account, and it cannot be changed, unlike the displayed name. The twitter handle of Elon Mush’s legitimate Twitter is @elonmusk. All those accounts impersonating Elon Musk have Twitter handles like @PantheonBooks or @farahmenswear, which are legitimate accounts for legitimate companies that have been taken over by scammers.

It’s not a particularly sophisticated or clever scam, but a few things contribute to it being successful. These scams have been promoted through Twitter advertising, appearing on users’ feeds as promoted Tweets. And if Twitter allowed the tweet to be promoted, it must be legitimate, right? Unfortunately, no. Furthermore, scammers hack other legitimate accounts and have them engage with the scam tweets, tweeting out claims that they have received the promised Bitcoin. It’s not difficult to imagine people falling for this scam as less cautious people may not notice the weird Twitter handles, and may not check the account to make sure it’s actually Elon Musk. People falling for the scam has earned scammers around $180,000 in just one day.

Seeing as these scams are profitable, there will be more attempts. However, it’s easy to not fall for one, if users just pay closer attention. The Twitter handle is visible in tweets, and if it doesn’t say @elonmusk, it’s not Elon Musk’s Twitter account. And if that isn’t enough, going through the feed of the Twitter account would prove that it’s not Elon Musk. Furthermore, people in the comments will surely point out that the tweet is indeed a scam.

Infowars online store hit by card skimming malware

Credit card skimming malware has been discovered on the Infowars online store. The malware is categorized as a generic Magecart infection, which essentially monitors for payment information, which is then sent to a remote server controlled by the attacker. In this particular case, people who purchased anything from the Infowars online store between November 11, 21:55 and November 12, 21:37 had their information collected and sent to a server in Lithuania.

The card skimming malware was first noticed by security researcher Willem de Groot who, according to news website ZDNet, was using a scanner designed to detect vulnerabilities and infections in online stores built on the Magento e-commerce platform. The malware was reportedly hidden in a modified block of Google Analytics code, and activated during checkout. It has since been removed.

Alex Jones, the owner of Infowars.com, said in a statement sent to ZDNet that only around 1600 customers may have been affected. The affected people are being informed of this so that they can monitor their accounts for any unusual activity.