Reading Time: ~ 2 min.
ATM Jackpotting Attacks on the Rise
ATM manufacturer Diebold
Nixdorf has identified a malicious campaign that uses proprietary software to
“jackpot” the machines. The attack requires malicious actors to breach the ATM
manually and then use the software to force the machine to dispense cash at a
rapid rate, known within the industry as jackpotting. While these attacks don’t
seem to affect customer data or finances, the company is unsure how the
attackers obtained the proprietary software used in the scam.
Ransomware Locks Down Telecom Argentina
Argentina is being extorted for over $7.5 million following a ransomware
attack last week. The hacker group REvil is believed to be behind the attack,
which may mean the stolen data is set to be posted on the group’s auction site.
Officials are still unsure of how the intrusion occurred, but it’s likely to
have stemmed from a compromised remote access point.
Maryland Health Services Breach Affects Thousands
More than 40,000 individuals may have had personal
information leaked after a ransomware attack on Lorien
Health Services in Maryland. The breach was discovered in June, but after
the healthcare provider refused to pay the ransom the hackers began publishing
the stolen data, which includes Social Security Numbers and other highly
sensitive information. Lorien was quick to notify affected clients and had
begun offering credit monitoring services to those affected within two days of
the attack being confirmed.
University of York Data Breach
of York in the UK has learned of a data breach that occurred in May and
could affect a considerable number of students and staff. The breach itself was
enabled by a third-party service provider and contained personally identifiable
information on an unknown number of victims. While there is little the university
can do to contain this type of attack, it comes as another reminder of the
importance of supply chain data security and the knock-on effect of such
Meow Attacks Target Vulnerable Databases
Dozens of unsecured databases from Elasticsearch
and MongoDB were wiped in a new malicious campaign that seems to attack
indiscriminately. Discovered within the last week, the Meow
attacks as they’re known appear to use an automated script to overwrite any
data in vulnerable databases and destroy any remaining data. This string of
attacks may encourage stronger security policies among previously lax database
administrators, but the lesson is costly for affected businesses.