Major Cybersecurity Incidents in January 2021
We bid goodbye to 2020 with the hopes of seeing fewer bad actor events in cyberspace in 2021 compared to the year before. If only wishes were horses. Quashing our hopes of an uneventful start, the first month of this year has seen its fair share of cybersecurity incidents. Breaches and hacks continue to target the familiar attack vectors — public utilities, healthcare facilities, cryptocurrency platforms, fintechs, government agencies and so on. Some of the events involve employee-side mishandling of information while others include malicious exploits from third parties. Notedly this month, a particular hacker group has been actively breaking into Indian companies who have significant userbases and subsequently their trails have been doggedly tracked by a cybersecurity researcher Rajshekhar Rajaharia. We have documented their cat-and-mouse story below:
Juspay Suffers Data Breach
Indian payment gateway platform Juspay which processes transactions for Amazon, Cred, Swiggy, BigBasket, Airtel and Myntra among others admitted in early January to having suffered a massive data breach back in August 2020. Juspay revealed this information after a security researcher found personal details and card information of their customers being sold in a dark web marketplace. The breach supposedly happened through an old AWS access key. It is expected to have leaked 35 million payment records (masked card data, merchant ID etc) and exposed metadata of 100 million users (email IDs, phone numbers etc). There are reports that claim that the numbers could be higher.
Juspay has said that OTPs, PINs, CVVs and passwords have not been compromised which would mean that the stolen data cannot be used to steal money directly from cards or bank accounts. However, it still puts the end user at the risk of social engineering and phishing attacks. As per Rajshekhar Rajaharia, the security expert who first uncovered the stolen data trove, the hacker(s) seems to be rather interested in making a quick buck from selling the information. It is believed that the infamous hacker group ShinyHunters might be behind the attack. Reports suggest that security intelligence firm Cyble pitched its services to Juspay along with the offer to bury news of the leak when they discovered it back in October 2020. Following the attack, the payment gateway has refreshed all its API keys, activated 2 factor authentication (2FA) for its internal tools among other measures.
ClickIndia, ChqBook, WedMeGood Databases Stolen
Just days after the Juspay data breach came to the fore, Rajshekhar Rajaharia unearthed another large database being sold by the same hacker group, ShinyHunters who were also responsible for stealing BigBasket’s 20 million user database last year. This time the data being offered was of three more Indian companies — ClickIndia, ChqBook and WedMeGood. Personal information of a total of 10 million users have been compromised in this hack. In this case as well, the three companies are alleged to have discovered the breach much earlier but didn’t acknowledge it until Rajaharia alerted the public with his findings. Particularly concerning is the information leaked from Chqbook since that includes personal finance information as well which can be used for complex targeted phishing attacks. Chqbook counts B2B giant Metro Cash & Carry among its partners. The data on sale also includes information of 4.5 million Metro Cash & Carry cards.
Back-to-back instances of these major data breaches made the authorities swing into action this month. India’s banking authority RBI has started talking to key players in the digital payments ecosystem to gauge the state of security preparedness. Best practices for storage of card data by payment aggregators are also being explored. Letters have also been sent out to banks regarding potential attacks in the future based on existing vulnerabilities.
Cryptocurrency Exchange BuyUcoin’s Data Leaked
ShinyHunters haven’t allowed Indian enterprises to catch a break with the latest victim being cryptocurrency exchange BuyUCoin. Rajshekhar Rajaharia found a data dump containing information about users of the exchange posted on a hacker forum this month. The leaked data includes personally identifiable information of 0.3 million users of the platform which is the full userbase of BuyUCoin. Like the Chqbook hack, the worrying part in this incident is the bank account details of users which were part of the stolen information. The exchange has assured users that their funds are safe but in a security advisory has prescribed everyone to change their passwords in order to be safe. They have, however, denied the attack having taken place. BuyUCoin claimed that a ‘Low Impact Security Incident’ took place which leaked 200 dummy data entries. Experts have refuted BuyUCoin’s claims based on the information dumped on hacker forums and from reactions of other threat actors on those forums who thanked the original posters of the stolen data.
Stolen Pfizer Data Manipulated Prior to Leak
Pharmaceutical companies Pfizer and BioNTech have been increasingly attacked in recent times in light of their COVID-19 vaccine efforts. It was revealed last month that hackers had gained access to some of their critical vaccine data. The European Medicines Agency (EMA) disclosed this month that bad actors had manipulated the stolen information before releasing them to hacker forums with the intent of spreading misinformation about the vaccine. There has been a growing effort by threat actors to undermine public trust in vaccines and destabilise public healthcare initiatives through malicious fake news campaigns.
Dairy Farm Targeted by Ransomware
Asian retail chain giant Dairy Farm was attacked by the REvil (or Sodinokibi) ransomware operation. As we had mentioned in our earlier incidents report, REvil operates a private ransomware-as-a-service (RaaS) model with affiliates around the world. These affiliates share proceeds from successful heists with REvil operators. Dairy Farm has 230,000 employees working at 10,000 retail outlets. The attackers gained access to the company devices and encrypted them following which they reportedly demanded a USD 30 million ransom. Dairy Farm has played down the incident saying only 2% of their network has been affected and subsequently isolated. Their stores seem to be unaffected by the event.
Tachyon VPN helps protect users by masking their IP and encrypting traffic. This prevents instances of social engineering attacks and avoids targeted instances of phishing. Installing a VPN service is one of the easiest ways to thwart Man-In-The-Middle (MITM) attacks like DNS spoofing, WiFi snooping and SSL hijacking. With hackers increasingly looking for centralised attack vectors, a decentralised VPN like Tachyon VPN makes your system even more robust. Distributed systems like Tachyon are difficult to take down by bad actors since nodes are anonymous and run independently. In an increasingly connected world, reducing attack vectors is of paramount importance. Tachyon VPN helps you stay one step ahead in that game.
Download Tachyon VPN from App Store: https://apps.apple.com/us/app/id1500439310
Download Tachyon VPN from Google Play: https://play.google.com/store/apps/details?id=eco.tachyon.android
Download Tachyon VPN from macOS here: https://tachyon.eco/d/Tachyon_1.7_2020-06-02_cbc39602.dmg
Download Tachyon VPN from Windows: Coming Soon
About Tachyon Protocol:
Tachyon Protocol is a decentralized internet protocol that aims to create a libre, secure and private internet for users. By implementing techniques from DHT, blockchain, UDP and encryption, Tachyon is committed to building the next generation TCP/IP that can provide a self-sufficient internet environment with high security, untraceability, availability, and maximum network speed. Tachyon brings to fruition years of experience and research by Sunny King (inventor of PoS i.e. Proof-of-Stake consensus mechanism), Peerchemist (Peercoin Project Leader and President of the Peercoin Foundation) and FinTech investor Alex Yang. Tachyon VPN currently has nearly 2.4 million users and over 1,500 distributed nodes to choose from. For more information, please visit https://tachyon.eco/.
Stay Connected:
Don’t forget to follow us on these platforms and get notifications. Launch a hot discussion about Tachyon anytime anywhere.
➤ Telegram Group: https://t.me/tachyoneco
➤ Telegram Channel: https://t.me/tachyonprotocol
➤ Twitter:https://twitter.com/tachyon_eco
➤ Medium:https://medium.com/tachyon-protocol
➤ LinkedIn: https://www.linkedin.com/company/tachyon-protocol
➤ KaKao: https://open.kakao.com/o/gRTetMzb
➤ Reddit: https://www.reddit.com/r/TachyonIPX/
➤Youtube:https://www.youtube.com/channel/UCvrANAq2HBYEPSL5nnsYQPg/
