Hackers and cybercriminals are showing no signs of slowing down heading into the holidays. If anything, attacks are heating up. A few attacks struck high profile government organizations around the world, from San Francisco to Russia to Saudi Arabia. Motives ranged from financial profit to geopolitical disputes. Read on for a collection of the latest news in cybersecurity in This Week in Cloud.
Shamoon Hits Saudi Arabia and San Francisco’s Subway Is Forced to Offer Free Rides
Researchers observed a variant of a server-wiping virus in an attack on Saudi Arabian government computers. Suspected Iranian hackers targeted Saudi Arabia’s civilian aviation agency with a virus reminiscent of previous attacks in 2012. Meanwhile, San Francisco’s public transportation system, Muni, suffered from a ransomware attack that temporarily disabled payment systems. Now, hackers are threatening to release sensitive information if Muni does not pay a ransom. Muni’s spokesperson claims no sensitive data was accessed. The motive is not clear; hackers claimed Muni was a random victim.
Cyberattacks Strike Saudi Arabia, Harming Aviation Agency | Sewell Chan, New York Times
Déjà Vu: Another Central Bank Heist
Earlier in the year hackers stole over $80 million from Bangladesh’s central bank – an attack unprecedented in its scope and target. This week, reports surfaced of a similar theft at Russia’s central bank. While the Bangladesh bank attack allegedly involved support from insiders, the attack on Russia has reportedly been traced to an account compromised by a third party. The similarity: simple stolen passwords were the source of both attacks. If nothing else, the attack should serve as a lesson for all financial services organizations not to trust a single password without multi-factor authentication and behavioral analysis.
In the private sector, video game company Zynga has taken legal action against a former employee for stealing confidential corporate data before joining a competitor. The employee downloaded folders directly from a corporate Google Drive account. Zynga discovered the theft after the fact and had to use browser history to conduct an investigation. The inside episode should remind companies that traditional security products do not offer visibility and protection for activity in cloud applications, even when the applications are sanctioned by the company. There is no substitute for cloud-specific threat protection.
Zynga Sues 2 Former Employees Over Alleged Massive Data Heist | Cyrus Farivar, Ars Technica
Browser Vulnerabilities Continue to Plague Internet Users
Much of the time researchers are fortunate enough to discover browser vulnerabilities before they are exploited, but this was not the case with a security flaw that allowed attackers to deanonymize users of the privacy tool Tor. Many leading tech companies have relied on bug bounties to crowdsource the research of security vulnerabilities, and the practice has even spread to government agencies in the past year. Google released an update fixing 36 security vulnerabilities. The company paid out $70,000 in rewards to researchers.
Mozilla and Tor Release Urgent Update for Firefox 0-day Under Active Attack | Dan Goodin, Ars Technica
Google Chrome Desktop Update Mends 36 Vulnerabilities | Bradley Barth, SC Magazine
By the Numbers
The number of Google accounts hacked by infecting Android phones through illegitimate apps
The amount that will be spent on infrastructure-as-a-service (IaaS) cloud offerings in 2026, up from $38 billion in 2016
The number of healthcare data breaches in the third quarter of 2016