Weekly Threat Report – 20/4/18

By Graham Duckworth

Weekly Threat Report

20th April 2018

Cyber criminal groups identified on social media

Facebook has deleted approximately 120 private discussion groups that were promoting a host of illicit cyber criminal activities. These included spamming, selling stolen debit and credit account credentials, DDoS-for-hire services and botnet creation tools.

The groups, which equated to more than 300,000 members, we’re deleted as a result of analysis work carried about by a cyber security researcher.

Unfortunately, it’s unlikely that Facebook’s deletion of these groups will have a long term impact, as the activity will be displaced elsewhere or will adopt different names to make their detection more difficult in the future.

Thai mobile operator in reported data breach due to poor cloud security

TrueMove H, a major mobile operator in Thailand, suffered a data breach involving the personal data of around 46,000 customers. Data included images of identity documents such as driving licences and passports.

The breach was uncovered by a security researcher using open source tools to scan for publicly accessible information on misconfigured Amazon Web Services Storage Services (AWS S3) buckets, a popular cloud storage solution.

Airline database hacked by disgruntled former employee

A former employee of the Alaskan airline PenAir hacked the flight reservation system in an apparent retaliation for being fired.

The former employee created a fictitious user profile with escalated privileges to enable suture system access. This was then used to block other user’s access and to delete critical data.

PenAir realised their data had been disrupted and worked through the night to reduce any impact to customers.

The individual was identified following an FBI investigation and has been charged with carrying our fraud in ‘connection to computers’.

We recommend that user privileges should always be managed and reviewed regularly to reduce the impact of a breach. For more information to to talk to us about your own policies, call us on 01284 700015 or email quack@greenduck.co.uk


This report is drawn from the National Cyber Security Centre.