New month, new IT stories, and some (not so) new security problems. And what a month it’s been! From Iranian hackers to the return of ransomware and the Facebook scandal, March kept us on our toes.
WannaCry, the Windows ransomware that took off last May around the world, has reared its ugly head again, infecting some systems at aircraft and weapons manufacturer Boeing.
In a leaked internal memo, Boeing Chief Engineer Mike VanderWel called for “All hands on deck,” and claimed that WannaCry “ is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down. We are on a call with just about every VP in Boeing."
VanderWel also said he was concerned that equipment used to test airframes after they roll off the production line was hit by WannaCry, and expressed fears that WannaCry could “spread to airplane software.” Luckily, that’s not possible, because aircraft do not use Windows for critical systems.
The outbreak was likely caused by a failure to patch vulnerable systems at Boeing.
Indictment of Iranian Hackers
US Government officials have announced a round of sanctions and criminal indictments against an alleged Iranian hacker network that targeted hundreds of universities, businesses, NGOs, and Government organizations world-wide.
“Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code,” said Geoffrey S. Berman, U.S. attorney for the Southern District of New York, in a statement.
The indictment connects nine of 10 named individuals to the Mabna Institute, a tech firm based in Shiraz, a major center for Iran’s electronics industries.The Justice Department alleges that the Mabna Institute is frequently hired to hack international targets for Iranian universities and the Islamic Revolutionary Guard Corps (IGRC).
Charges leveled against the defendants include computer fraud, wire fraud, conspiracy, and identity theft.
Guccifer 2.0 Outed as Russian Intelligence Officer
Guccifer 2.0, the hacker who took credit for providing WikiLeaks with thousands of emails stolen from the DNC, has been outed as an fire of Russia’s military intelligence service, the GRU.
The hacker’s true identity was discovered by American investigators after he failed to turn on his VPN to disguise a public IP address and location when visiting either Twitter or WordPress.
Largest DDoS in History Strikes (Twice)
March saw two of the largest DDoS attacks in history, first with a 1.3tbps attack against GitHub, and then with a 1.7tbs reflection/amplification attack against a US internet service provider. Due to strong defense capabilities in both instances, no outages were reported.
Facebook Faces Fallout after Cambridge Analytica “Data Breach”
In March, a whistle-blower told reporters from the New York Times and The Guardian about a data breach on the personal data of some 50 million Facebook users, carried out by Cambridge Analytica, a political firm hired by the Trump campaign during the 2016 election campaign.
According to reports, data collected included details on users’ identities, friend networks and ‘likes.’ That information was used to target audiences for digital ads. While that may seem run-of-the-mill for those familiar with digital advertising, it was the way that Cambridge obtained this data that has caused such a shake up for facebook.
MyFitnessPal Leaks Data of 150 Million Users
UnderArmor-owned fitness tracking app MyFitnessPal has been hacked, and hackers made off with the data of 150,000,000 users, according to reports. The hack is the biggest hack of the year so far, in terms of number of people affected.
Breached data includes usernames, emails and hashed passwords. Under Armor claims that no payment or tracking information has been breached in the attack, but recommends that users change their passwords.