Cyber Victor – a leading blog on cyber security

US fitness chain Town Sports has suffered a data breach, where a server containing over a terabyte of spreadsheets representing internal company data, financial records and personal customer records.

The archive contained records of almost 588,000 members and staff. Exposed information includes names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and a member’s billing history.

The unprotected server was exposed for almost a year. The company secured the database the day after it was informed of the data leak.

Town Sports International Holdings is an operator of fitness centers in the Eastern United States, California and in Switzerland. Its brands include New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, TMPL Gym, and Total Woman Gym and Spa.

Read more about it here.

Giant office retail company Staples informed some of its customers of a data breach, related to their orders. The company sent a brief letter signed by its CEO Alexander ‘Sandy’ Douglas, describing the incident. The incident occurred around September 2, 2020, in included “non-sensitive customer order data”: names, addresses, email addresses, phone numbers, last four credit card digits, and details about the order (delivery, cost, product). Credential information or credit card information wasn’t exposed.

Although this breach is considered low impact, it may still cause serious damage to customers. Adversaries could use the information to launch phishing attacks.

Read more about it here.

Zoom announced it has implemented Two-Factor Authentication (2FA) to protect all user accounts against cyber attacks.

“Zoom’s enhanced Two-Factor Authentication (2FA) makes it easier for admins and organizations to protect their users and prevent security breaches right from our own platform.” reads the announcement published by Zoom.

“Zoom offers a range of authentication methods such as SAML, OAuth, and/or password-based authentication, which can be individually enabled or disabled for an account.”

In order to use 2FA, it needs to be enabled on the Zoom account. Sign into the Zoom Dashboard. Navigate to Advanced -> Security in the menu, and toggle the “Sign in with Two-Factor Authentication” option on. Then select to enable 2FA for one of the following options:

• All users in your account
• Users with specific roles
• Users belonging to specific groups

Read more about it here.

The University of Utah admitted it paid a $457,059 ransom after a July 19, 2020 ransomware attack, that infected its systems on the College of Social and Behavioral Science CSBS). The University was able to recover the operations from backups, but decided to pay the ransom to avoid having ransomware operators leak student information online: “This was done as a proactive and preventive step to ensure information was not released on the internet.”

According to the University of Utah, the ransomware encrypted only 0.02% of the data stored on its servers. The University officials added that the university’s cyber insurance policy covered part of the ransom.

Read more about it here.

On August 18, 2020, Santander Bank became aware that many of its ATM’s were dispensing cash using fake debit cards and valid preloaded debit cards, more than the cash value stored on the cards. Criminal groups across New York, New Jersey and Connecticut.

In response, Sandander shut down all ATM machines that day. The next morning, ATM machines were available only to its customers.

As a result, dozens of people were arrested.

Read more about it here.

US-based business travel company CWT said last week that it paid cyber criminals $4.5 million as ransomware.

The attackers initially demanded $10 million, claiming that 30,000 CWT computers were infected, and 2 terabytes of files were encrypted. In reality, the number of the infected computers was smaller.

CWT negotiated with the attackers, and agreed to pay $4.5 million in Bitcoins (414 Bitcoins). After paying, it was able to access the encrypted files.

CWT posted revenues of $1.5 billion last year and says it represents more than a third of companies on the S&P 500 U.S. stock index.

Read more about it here.

Popular video conferencing platform Zoom disclosed this week that it fixed a bug, which allowed attackers to crack private meeting numeric passcodes.

By default, Zoom meetings are protected by a six-digit numeric password. However, according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting password attempts enabled “an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private (password protected) Zoom meetings.”

Upon reporting the issue to Zoom on April 1, 2020, the tech company took the web client offline and fix the problem by April 9. Zoom mitigated the issue by both requiring a user logs in to join meetings in the web client, and updating default meeting passwords to be non-numeric and longer.

Read more about it here.

On July 15, 2020, some of the world’s richest and most influential politicians, celebrities, tech moguls and companies were the subject of a massive Twitter hack. The Twitter accounts of Elon Musk, Joe Biden, Barak Obama, Jeff Bezos, Michael Bloomberg, Kim Kardashian West and Bill Gates, as well as the corporate accounts of Apple and Uber, were hacked. The tweets were asking followers to send money to a Bitcoin address, which the celebrity would have matched with their own money. There have been at least 363 transactions since the tweets were posted, and that Bitcoin address accumulated over $118,000.

Shortly after the incident, many verified users reported they could no longer tweet, including media companies. Twitter acknowledged the issue.

It is still unknown how these accounts have been hacked.

This is the first time Twitter accounts have been hacked. In July 2018, cybercriminals impersonated the Twitter account of Elon Musk. In August 2020, Cybercriminals hacked Twitter CEO Jack Dorsey’s account. And on Jan. 1, 2020, Mariah Carey’s Twitter account has been hacked.

Read more about it here.

The Cybersecurity and Infrastructure Security Agency (CISA), with contributions from the the Federal Bureau of Investigation (FBI), issued an advisory on cyberattacks from the Tor network, and recommendations for mitigation.

Tor (a.k.a. The Onion Router) is a software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. Threat actors are leveraging Tor to conceal their identity and point of origin when engaging in “malicious cyber activity impacting the confidentiality, integrity, and availability of an organization’s information systems and data.” Examples of this activity include performing reconnaissance, penetrating systems, exfiltrating and manipulating data, and taking services offline through denial-of-service attacks and delivery of ransomware payloads.

Organizations can implement mitigations of varying complexity and restrictiveness to reduce the risk of cyberattacks from the Tor network:

• Most restrictive approach: Block all web traffic to and from public Tor entry and exit nodes.
• Less restrictive approach: Tailor monitoring, analysis, and blocking of web traffic to and from public Tor entry and exit nodes.
• Blended approach: Block all Tor traffic to some resources, allow and monitor for others.

Read more about it here.

Akamai is global content delivery network (CDN), cybersecurity, and cloud service company.

“On June 21, 2020, Akamai mitigated the largest packet per second (PPS) distributed denial-of-service (DDoS) attack ever recorded on the Akamai platform. The attack generated 809 million packets per second (Mpps), targeting a large European bank.” reads a post published by Akamai.

Akami did not disclose the name of the bank.

This latest attack was clearly optimized to overwhelm DDoS mitigation systems via high PPS load. The packets sent carried a meager 1 byte payload (for a total packet size of 29 with IPv4 headers).

Read more about it here.