10 Biggest Cyber Attacks In May
Cyber Attacks In Full Force In May
No doubt, May was big on data breaches and cyber attacks. Hackers had no qualms about kicking electronics giant Sony when it was down with a seemingly endless series of attacks against its international services -- even as the company reeled from the aftermath of its massive PlayStation Network hack in April.
But Sony wasn't alone. Hackers had no compunction about going after other high-profile targets, including Lockheed Martin, Honda and Hotmail, with targeted attacks that attempted to swipe everything from login credentials and personally identifying data to the contents of e-mail messages.
Here is a quick round of May’s most prominent cyber attacks.
The mega Sony PlayStation breach in April kicked off a slew of attacks for the electronics giant well into May. Sony took down its PlayStation Network login and password reset pages to block a serious security vulnerability following reports of yet another external hack targeting user accounts. The vulnerability occurred in the way that the password reset form is implemented, which contained a glitch that failed to properly verify tokens. The flaw enabled hackers to launch attacks only by knowing users' date of birth and e-mail addresses in order to access their PlayStation Network accounts.
Researchers at U.K.-based gaming news blog yleveia.com reported that they "provided a detailed description" of the exploit to Sony as soon as it was detected, after which Sony immediately took down the login and password reset sites. The hack followed just a few weeks after Sony suffered a massive cyber attack targeting its PlayStation Network and Qriocity services that compromised more than 77 million accounts.
Sony was again pummeled with a cyber attack when hackers broke into a Japanese subsidiary, So-net Entertainment, to compromise e-mail accounts and steal customer rewards points.
So-net Entertainment said that a computer from one IP address tried 10,000 times to get into the customer rewards service. Altogether, the hackers accessed more than 200 accounts and stole about $1,200 worth of points in an effort to redeem them. In addition, hackers also compromised around 90 customer e-mail accounts on the So-net network.
However, So-Net Entertainments said that it didn’t appear that customer addresses, and phone numbers had been exposed during the attack.
Following shortly after the mega-attack against Sony’s PlayStation Network, another Sony site was compromised. Researchers at F-Secure first reported that hackers compromised a Sony Thailand Web site and turned it into a live phishing site, redirecting users to a malicious URL. Specifically, hackers broke into the site, bypassing its security systems, and were redirecting users to a fake Web site designed to pilfer their credit card numbers.
F-Secure researchers said that the Sony Thailand hack likely had nothing to do with the PSN breach.
Sony BMG Greece
Yep, it happened again. Sony suffered from yet another Web site hack, this time against its BMG Web site in Greece.
During the attack against Sony's BMG Greek Web site, first reported by the Hacker News Network, hackers broke into SonyMusic.gr and lifted sensitive information from the database that housed records of more than 8,000 customers using the site. An anonymous hacker then uploaded the database, which contained customer names, e-mail addresses and usernames, to pastebin.com.
However, the hackers claimed that they omitted other personally identifying information, which included telephone numbers and users' passwords.
Prior to the So-Net hack, researchers at F-Secure said it found that Sony Thailand Web site had been compromised and was being used in a phishing attack designed to steal information.
System glitches and error messages caused headaches for LastPass customers following a hack that prompted the company to require to its 1.25 million users to change their master passwords.
LastPass, a free password management service that provides users access to an array of passwords for multiple accounts with one single password, warned users early in May to change their master passwords after they noticed a network traffic anomaly from one of its non-critical machines the day before. Upon exploring the issue further, the company said that they detected a smaller matching traffic anomaly from one of its databases being sent from the server. The system hack prompted the company to require that its users authenticate who they are, either by ensuring that they come from an IP block or by validating their e-mail addresses. The company also acknowledged that the amount of transferred data was big enough to have included users e-mail addresses, the server salt and their salted password hashes from the database.
Lockheed Martin publicly acknowledged in May that it had been the victim of a 3 "significant and tenacious" cyber attacks on its computer systems, most likely related to a security flaw in RSA SecureID tokens, used for two-factor authentication purposes by some of its employees.
Lockheed Martin said in a statement that the company's information security team had "detected the attack almost immediately, and took aggressive actions to protect all systems and data.’
News of the Lockheed breach publicly emerged after the global weapons manufacturer experienced a system disruption related to an external network intrusion. The Bethesda, Md.,-based company then required a password reset for its more than 120,000 employees on the network, and embarked on the process of re-issuing tokens for employees using RSA's Secure ID two-factor authentication tokens.
PBS became the latest hacking victim when miscreants broke into its Web site and exposed users’ login credentials while publishing a phony story that legendary rapper Tupac Shakur was alive and living in New Zealand.
LulzSec, a hacker group, boasted that it broke into PBS’s Web site and exposed sensitive information in response to an episode of a show critical of WikiLeaks and the suspected whistleblower Bradley Manning. Altogether, the group published usernames and hashed passwords for PBS Web site users and administrators, as well as login information and plain-text passwords for PBS affiliate television stations. LulzSec’s retaliation efforts also included defacing PBS.org with a statement that read ’All your base are belong to LulzSec’ coupled with a fake story that appeared to indicate that deceased rapper Tupac Shakur, killed in 1996, was in fact alive and living in a resort in New Zealand. LulzSec, which had taken responsibility for hacking Sony BMG’s Japanese website, pledged that more Sony attacks would follow.
In what became its second data breach in six months, Honda warned that hackers had broken into its systems and obtained unauthorized access to customer data. The pilfered information included customers’ names, addresses, Vehicle Identification Numbers, and in a small number of cases, and Honda Financial Services (HFS) account numbers, Honda said.
However, Honda was quick to add that the stolen information ’did not include any data that would typically be used for identity theft or fraud,’ such as birth dates, telephone numbers, email addresses, credit card numbers, bank account numbers, driver’s license numbers, social insurance numbers, or dollar amounts of HFS financing or payments. Honda said that it was in the process of notifying affected customers via mail, while maintaining ’We do not recommend that customers take any specific action at this time, other than being alert for marketing campaigns from third parties that reference your ownership of a Honda vehicle.’
Attackers targeted the SSL certificate authority Comodo by going after its resellers, and in May the latest victim was Brazil-based ComodoBR, in an attack that enabled hackers to gain unauthorized access to sensitive data, according to The Register.
Hackers launched a SQL injection assault that exploited vulnerabilities in ComodoBR’s Web site that allowed them to take control of the site’s backend server. The attackers then posted two data files that exposed information related to certificate signing requests, which included employee e-mail addresses, user IDs and passwords.
ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, hackers went after another reseller with an attack that forged counterfeit certificates signed with Comodo's root signing key. Comodo said that two more of its resellers were targeted similar attacks. Comodo has since revoked the signing privileges of all its resellers and implemented a two-factor authentication system for them to use.
Researchers at Trend Micro revealed an active cyber attack targeting Hotmail users, which only requires that the victim preview the message in their browser in order to launch malware.
During the attack, victims are sent a message that appears to be from the Facebook Security Team. However, upon previewing the message, users automatically downloaded a malicious script from a remote URL, which is then injected directly into the Web page and initiates data theft.
The script then swiped the content of confidential e-mail messages and contact information, as well as forwards victims’ e-mails to a specified address, presumably that of the attacker.
Unlike other mass attacks, this one appears to be targeted to each user’s Hotmail ID.