This Week in Cloud: Saudi Arabia, Muni, the Russian National Bank, and Zynga Are Victims

Hackers and cybercriminals are showing no signs of slowing down heading into the holidays. If anything, attacks are heating up. A few attacks struck high profile government organizations around the world, from San Francisco to Russia to Saudi Arabia. Motives ranged from financial profit to geopolitical disputes. Read on for a collection of the latest news in cybersecurity in This Week in Cloud. 

Shamoon Hits Saudi Arabia and San Francisco’s Subway Is Forced to Offer Free Rides

Researchers observed a variant of a server-wiping virus in an attack on Saudi Arabian government computers. Suspected Iranian hackers targeted Saudi Arabia’s civilian aviation agency with a virus reminiscent of previous attacks in 2012. Meanwhile, San Francisco’s public transportation system, Muni, suffered from a ransomware attack that temporarily disabled payment systems. Now, hackers are threatening to release sensitive information if Muni does not pay a ransom. Muni’s spokesperson claims no sensitive data was accessed. The motive is not clear; hackers claimed Muni was a random victim.

Cyberattacks Strike Saudi Arabia, Harming Aviation Agency | Sewell Chan, New York Times

San Francisco Subway Hackers Now Threaten to Publicly Dump Data | Motherboard

Déjà Vu: Another Central Bank Heist

Earlier in the year hackers stole over $80 million from Bangladesh’s central bank – an attack unprecedented in its scope and target. This week, reports surfaced of a similar theft at Russia’s central bank. While the Bangladesh bank attack allegedly involved support from insiders, the attack on Russia has reportedly been traced to an account compromised by a third party. The similarity: simple stolen passwords were the source of both attacks. If nothing else, the attack should serve as a lesson for all financial services organizations not to trust a single password without multi-factor authentication and behavioral analysis.

In the private sector, video game company Zynga has taken legal action against a former employee for stealing confidential corporate data before joining a competitor. The employee downloaded folders directly from a corporate Google Drive account. Zynga discovered the theft after the fact and had to use browser history to conduct an investigation. The inside episode should remind companies that traditional security products do not offer visibility and protection for activity in cloud applications, even when the applications are sanctioned by the company. There is no substitute for cloud-specific threat protection.

Russia’s Central Bank Says It Was the Victim of an Attempted Cyber Heist | Reuters

Zynga Sues 2 Former Employees Over Alleged Massive Data Heist | Cyrus Farivar, Ars Technica

Browser Vulnerabilities Continue to Plague Internet Users

Much of the time researchers are fortunate enough to discover browser vulnerabilities before they are exploited, but this was not the case with a security flaw that allowed attackers to deanonymize users of the privacy tool Tor. Many leading tech companies have relied on bug bounties to crowdsource the research of security vulnerabilities, and the practice has even spread to government agencies in the past year. Google released an update fixing 36 security vulnerabilities. The company paid out $70,000 in rewards to researchers.

Mozilla and Tor Release Urgent Update for Firefox 0-day Under Active Attack | Dan Goodin, Ars Technica

Google Chrome Desktop Update Mends 36 Vulnerabilities | Bradley Barth, SC Magazine

By the Numbers

1.3 million

The number of Google accounts hacked by infecting Android phones through illegitimate apps

$173 billion

The amount that will be spent on infrastructure-as-a-service (IaaS) cloud offerings in 2026, up from $38 billion in 2016

118

The number of healthcare data breaches in the third quarter of 2016