Finland's 3rd Largest Data Breach Exposes 130,000 Users' Plaintext Passwords 

Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports.

Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business advice to entrepreneurs and help them create right business plans.

Unknown attackers managed to hack the website (http://liiketoimintasuunnitelma.com) and stole over 130,000 users’ login usernames and passwords, which were stored on the site in plain-text without using any cryptographic hash.

Right after knowing of the breach on 3rd April, the company took down the affected website, which is currently showing "under maintenance" notice with a press release about the incident on its homepage.

"We are very sorry for all the people who have been subjected to crime and who may be affected by mental or financial disadvantages. Unfortunately, we are not yet able to know exactly how many people are and what information this information breaks. We have filed an offense report, and the parties do not need to report to the police separately," says Jarmo Hyökyvaara, Chairman of the Board of the New Business Center of Helsinki.

"The maintenance and security of our service was the responsibility of our subcontractor, our long-term partner. Unfortunately, the security of the service has not been enough to prevent this kind of attack. This is, in part, our mistake, and as a subscriber and owner of the service we are responsible for this."

The company also ensures that the detailed information of its customers was stored on a different system, which was not affected by the data breach.

The incident has been reported to the Helsinki police, who is currently investigating the case as a gross fraud.

As soon as the website returns, users who have an account with the affected website are strongly recommended to change their passwords.

Since the plain-text passwords have been exposed to hackers, it would be a great idea for users to change their passwords for any other website, in case they are using identical to the one used on this website.

Read More

CopyCat Android Rooting Malware Infected 14 Million Devices

CopyCat Android Rooting Malware Infected 14 Million Devices 

CopyCat Android mobile malware was able to infect over 14 million devices last year and root eight million of them, researchers have revealed.

The malware, spread through popular apps repackaged with the malicious code and distributed through third-party stores and phishing scams -- but not Google Play -- infects devices in order to generate and steal advertising revenue.

According to Check Point researchers, the hackers behind the campaign were able to earn roughly $1.5 million in two months, infecting 14 million devices globally and rooting 8 million of them in what the security team calls an "an unprecedented success rate."

Check Point

Once a device is infected, CopyCat waits until a restart to allay suspicion then attempts to root the device. Check Point says that CopyCat was able to successfully root 54 percent of all the devices it infected, "which is very unusual even with sophisticated malware."

In order to achieve root status, the malicious code uses six different vulnerabilities for Android versions 5 and earlier through an "upgrade" pack pulled from Amazon web storage. Some of the flaws the malware tests for are extremely old and the most modern ones were discovered over two years ago -- and so should your device be patched and up-to-date, CopyCat should not be a worry.

"These old exploits are still effective because users patch their devices infrequently, or not at all," the researchers note.

The malware then injects malicious code into the Zygote app launching process, which permits attackers to generate fraudulent revenue by installing apps and substituting the user's referrer ID with their own, as well as display fraudulent ads and applications.

This technique was first used by the Triada Trojan. According to Kaspersky Labs, the malware targeted the same process to gain superuser privileges before using regular Linux debugging tools to embed its DLL and target mobile browsers.

In total, fraudulent ads were displayed on 26 percent of infected devices, while 30 percent were used to steal credit for installing apps on Google Play. In addition, Check Point says the malware would also send device brand, model, OS version and country to CopyCat command and control (C&C) centers.

At the peak of the campaign in April and May 2016, CopyCat mainly infected users in Asia, although over 280,000 infections were also recorded in the United States.

Check Poin

Google was able to quell the campaign, and now the current number of infected devices is far lower -- but those affected by the malware may still be generating revenue for the attackers today.

The researchers are not sure who is behind the malware campaign but has tentatively linked MobiSummer as some of the malware's code is signed by the Chinese ad network.

See also: Windows ransomware found to be incredibly rare

Earlier this week, a UK teenager was charged for supplying malware for use in distributed denial-of-service (DDoS) attacks and assisting criminals in striking high-profile targets worldwide, including NatWest, Vodafone, O2, BBC, BT, Amazon, Netflix, and Virgin Media, among others.r

Read More

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

One of the world's largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised.

Bithumb is South Korea's largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea's currency, the Won.

Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world.

Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts.

Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim's account, according to the Kyunghyang Shinmun, a major local newspaper.

A survey of users who lost cryptocurrencies in the cyber attack reveals "it is estimated that hundreds of millions of won [worth of cryptocurrencies] have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen."

Besides digital currencies, hackers were succeeded in stealing the personal information of 31,800 Bithumb website users, including their names, email addresses, and mobile phone numbers, the South Korean government-funded Yonhap News reported.

However, Bithumb claims that this number represents approximately 3% of its customers.

The exchange also told Yonhap that it contacted South Korea's cybercrime watchdog on June 30, Friday after it learned of the hack on June 29.

Bithumb believes that one of its employee's home computer was hacked in the attack and not its entire network and no passwords were compromised, so it is impossible for hackers to gain direct access to user accounts.

The digital currency exchange says that the loss of funds is the result of using "disposable passwords" in order to carry out digital transactions online.

"The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked," Bithumb told the newspaper. "However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions."

While more than 100 Bithumb customers have already filed a complaint with the National Police Agency's cybercrime report center regarding the hack, South Korean officials are now investigating the incident.

One of the world's largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised. Bithumb is South Korea's largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea's currency, the Won. Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world. Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts. Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim's account, according to the Kyunghyang Shinmun, a major local newspaper. A survey of users who lost cryptocurrencies in the cyber attack reveals "it is estimated that hundreds of millions of won [worth of cryptocurrencies] have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen." Besides digital currencies, hackers were succeeded in stealing the personal information of 31,800 Bithumb website users, including their names, email addresses, and mobile phone numbers, the South Korean government-funded Yonhap News reported. However, Bithumb claims that this number represents approximately 3% of its customers. The exchange also told Yonhap that it contacted South Korea's cybercrime watchdog on June 30, Friday after it learned of the hack on June 29. Bithumb believes that one of its employee's home computer was hacked in the attack and not its entire network and no passwords were compromised, so it is impossible for hackers to gain direct access to user accounts. The digital currency exchange says that the loss of funds is the result of using "disposable passwords" in order to carry out digital transactions online. "The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked," Bithumb told the newspaper. "However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions." While more than 100 Bithumb customers have already filed a complaint with the National Police Agency's cybercrime report center regarding the hack, South Korean officials are now investigating the incident.

Read More