Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response
Also: Microsoft Will Bid VBSript Goodbye and A Novel Magecart Attack
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week: Google began phasing out passwords, Microsoft will bid VBSript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S. voter registration data stolen from District of Columbia and Volex reports a cyberattack.
See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations
Google Phases out Passwords
Google on Tuesday announced its phasing out passwords as the default sign-in method for users in a favor of passkeys. Passkeys based on the WebAuthn standard creates an asymmetric keypair, with the private key stored on the user’s device and the public key by the service provider. A successful match works as a logon credential, without the necessity of a service provider having to store passwords. Users unlock the private key by verifying their identity through methods that include facial recognition, fingerprint scanning or a PIN.
The tech giant asserts that passkey logins are 40% faster than password-based logins.
Microsoft bids VBScript Goodbye
Microsoft is bidding farewell to VBScript after 30 years in use. A programming language akin to Visual Basic or Visual Basic for Applications, VBScript has also served hackers as a pathway for Windows hacking. Trojans including Emotet and Qbot (also know as Qakbot) spread through VBS. The notorious ILOVEYOU worm from the year 2000 was a VBS file.
Microsoft plans to make VBScript an on-demand feature before its eventual removal, allowing users time to adapt to its retirement. Microsoft began the slow road to removing VBScript from Windows in 2016 when it deprecated VBS in Internet Explorer 11.
Credit Cards Exposed in Air Europa Hack
Spanish airliner Air Europa urged customers to cancel their credit cards after a recent data breach. The airline disclosed that hackers compromised sensitive details, including full payment card numbers, CVV numbers, and expiration dates. While the extent of the breach and potential financial impact remain undisclosed, angry customers shared emails on social media advising card cancellation. Air Europa asserted there’s no evidence of the breached data being used for fraud. The method of the recent breach is unclear.
Spanish consumer advocacy organization Ocu recommended consumers follow the airliner’s advice and cancel payment cards used to purchase air fares on Air Europa. It also asked the Spanish data protection agency to investigate the incident. Spanish authorities fined Air Europa 600,000 euros in December 2020 for a payment card data breach affecting 489,000 individuals.
Magecart Cyberattack Uses Sneaky 404 Page Tactic
Akamai researchers discovered Magecart online skimmer malware being hidden into HTTP 404 page not found error pages displayed by online shops that use the Magento and WooCommerce platforms.
Attackers have targeted numerous websites, including major players in the food and retail sectors, with this novel concealment technique. The loader triggers a “404 Not Found” error by calling for a non-existent page. It injects obfuscated attack code into the page not found response, decoding into JavaScript what appears to be a code comment. “The attacker successfully altered the default error page for the entire website and concealed the malicious code within it!” Akamai researchers wrote.
U.S. Voter Registration Data Stolen
The government agency overseeing elections in the U.S. capital is investigating a breach of voter records, prompted by claims from the threat actor RansomedVC. The District of Columbia Board of Elections says it has confirmed that “some D.C. voter information was accessed through a breach” of its website hosting provider DataNet Systems.
Volex Suffers Cyberattack
British power and data transmission product manufacturer Volex told investors Monday that hackers gained unauthorized access to “certain IT systems and data, at some of the Group’s international sites.”
Volex has initiated an investigation, engaged third-party specialist consultants to assess the extent of the breach and to formulate an incident response plan. The 131-year-old company, with operations in 27 locations across 24 countries, emphasizes that it remains operational, experiencing only “minimal disruption” to production. Volex, headquartered in the United Kingdom, primarily serves markets in Europe, North America and Asia.