22 November 2019

IRM Weekly Cybersecurity Roundup: Hospital hit by cyber-attack and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

French hospital hit by cyber-attack

A hospital in Rouen, France, was hit by a cyber-attack last week causing “very long delays in care”.

Rouen City, France - Hospital Hit by Cyber-Attack

Medical staff returned to the “old-fashioned method of paper and pencil” after being forced to abandon computer systems due to the ransomware.

The details of the strain of ransomware has not been revealed but, so far, no medical or personal data has gone missing.

Patients at the hospital have not been endangered because of the cyber-attack.

The hospital states they will not pay any ransom to have files restored, adding that all systems will be returned to normal by this weekend. You can read more here.

Google camera app security flaw could affect millions

Millions of Google and Samsung smartphones could be endangered after researchers found a vulnerability in the Google camera application.

The flaw known as CVE-2019-2234, allowed malicious actors to operate silently to listen and record voice calls, take photos and record videos. It can even capture GPS tags to locate users.

The flaw begins when the user downloads a malicious app that requests storage access permission. Once permission has been accepted, it creates a persistent connection to a command and control server that cannot be severed, even when the app is closed.

Both Google and Samsung have confirmed the issue exists and Google has issued a patch. You can read more here.

Macy’s.com hit by Magecart attack, hijacking customer payment details


US department store Macy’s revealed their website has been hit by hackers. Macy’s checkout and “My Wallet” pages were attacked with malicious script in an attempt to steal customer’s payment information.

The script was discovered on October 15th, a week after the website was infected, when the company observed “a suspicious connection” between Macy’s website and a remote website.

The attackers were able to access detailed personal information including, customer names, addresses, phone numbers, email addresses, payment card numbers, security codes and expiration dates.

Macy’s has taken steps to prevent this happening in the future and states a small number of users were affected. You can read more here.

Over 2 million passwords from gaming and cryptocurrency websites dumped online

2.2 million users have had their passwords and other personal data dumped online after a dual data breach.

Users of cryptocurrency wallet service “GateHub” and gaming bot provider “EpicBot” had their personal details posted online. Data included email addresses, hashed passwords, hashed recovery keys, encrypted XRP ledger wallets, secret keys from non-deleted wallets only and names. The information was heavily encrypted with cryptographically hashed technology called Bcrypt, known for being one of the toughest bad actors to break into.

1.2 million Gatehub accounts and 800,000 EpicBot accounts were discovered. Gatehub account holders reported on Twitter that their information had been stolen and posted online. One Twitter user posted his email of the “Have I Been Pwnd” email telling him his information had been leaked. You can read more here.

Louisiana State Government hit by ransomware attack

The State Government of Louisiana was forced to take several state agency servers offline this week after a large-scale coordinated ransomware attack.

Several servers including government websites, email systems and other internal applications were taken offline to mitigate the risk of the malware’s infection spreading.

Agencies such as the Office of the Governor, Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development were subsequently shutdown.

This is the second ransomware attack on Louisiana and there are similarities to the July ransomware attack.

There is no anticipated data loss and the State did not pay the ransom. You can read more here.

Quick-fire Updates

Disney+ accounts leaked: Disney’s brand new video-on-demand streaming service was compromised within a week of being launched, the hacked Disney+ account details are being offered online for just $1. You can read more here.

Why you shouldn’t print your boarding passes: Cybersecurity experts are warning travellers avoid printing off their boarding passes, fearing hackers could access the information to take over frequent flyer accounts. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.