ISA is committed to keeping the security community up to date with the latest cybersecurity news.
Nintendo Hack Affects 160,000 Users
On Friday, April 24, computer gaming giant Nintendo reported that some 160,000 user accounts have been hacked. In an announcement on their Japanese support site, officials advised users that unauthorized use of userids and passwords had revealed player data including nickname, name, date of birth, gender, country / region, and email address. The breach appears to have occurred in early April, evidenced by a growing number of players taking to social media to report unauthorized purchases and account activity.
To combat the problem, Nintendo has disabled the ability to log into Nintendo accounts using “Nintendo Network ID (NNID)” credentials, effective immediately. NNID is used to access Nintendo 3DS series and Wii U game consoles. Nintendo has reset the passwords for the affected gaming accounts, and will be in direct communication with users to provide further reset instructions. Nintendo also recommended that a) players use different passwords for their NNID and their Nintendo Store accounts, and b) users enable two-factor authentication for accessing the gaming accounts.
Nintendo encourages users to review their accounts and cancel any unauthorized transactions, and to contact their support team directly with any further concerns.
The use of unique passwords and multi-factor authentication are best practices for all online activities, not just in the gaming world. The individual user exposure in this incident will be minimized if the passwords involved are not shared with other sites and services. Reusing passwords creates the potential for an even wider hack, once the credentials are published. As a precaution, all players should change their NNID passwords immediately, whether or not they have experienced any problems to date
Oil & Gas Sector Under Attack
Co-ordinated “spear phishing” attacks have been reported against organizations in the oil and gas sector. Spear phishing is the use of targeted, customized emails – usually pretending to come from a trusted source – but designed to steal information or otherwise compromise a user computer or device. Two separate attacks were reported in the industry over the last few weeks, and documented in detail by cybersecurity software developer Bitdefender.
March 31 saw the first wave of attacks, featuring emails purporting to come from an Egyptian engineering contractor. Malware-bearing messages were sent to energy concerns in the United States, Malaysia, South Africa, Turkey, and the Middle East. The emails were reportedly very convincing, containing legitimate industry information and accurate technical jargon.
The second attack came on April 12. Target companies throughout the Philippines received phishing emails that appeared to come from a shipping company. The emails were also well-crafted to appear legitimate, containing information on an actual sea vessel that likely would have been familiar to the recipients.
Both phishing attacks contained “zip” file attachments which, if opened and executed, attempted to drop “Agent Tesla” malware on the target Windows computers. Agent Tesla spyware attempts to give hackers remote control of a targeted computer. Commonly, it activates keylogger malware that can capture and record every keystroke on the affected machine. This is an example of mainstream hacker software – first released in 2014, Agent Tesla has been used in a wide variety of attacks ever since, and even has its own web page for criminals to download and license its use on a subscription basis.
These attacks illustrate the importance of maintaining vigilance in watching for unexpected emails, and taking extreme caution before clicking on links or suspicious attachments in emails.
Zero-day Vulnerability in Sophos XG Enterprise Firewall
UK-based cybersecurity firm Sophos has confirmed a zero-day attack on a flaw in its XG Enterprise Firewall product. According to a bulletin published in the company’s public knowledgebase, a Sophos customer reported a “suspicious field value visible in the management interface” of the firewall on Wednesday, April 22. After further investigation, Sophos confirmed that they had identified the problem: a “previously unknown SQL injection vulnerability” had been used to gain access to the customer device in an effort to download a malware payload. While the bulletin did not identify the customer or whether data had actually been exfiltrated, it did confirm that information including admin and remote usernames and hashed passwords could have been harvested by the malware found.
Sophos was quick to publish an emergency security update for the vulnerability. By Saturday, April 25, they had released an update on their website, pushed the fix out to customers who had “auto update” capabilities enabled, and changed the firewall interface to display a warning message in the event that the flaw had been exploited on a given device.
The incident underscores the importance of regular and knowledgeable monitoring of critical security infrastructure components, and the value of enabling auto-updates on these devices.
ISA can help. With almost three decades of experience, we are Canada’s leading cybersecurity-focused organization. We are proud to serve clients both large and small across a diverse range of industries. We provide our clients with comprehensive counsel on complex, evolving, and multi-faceted issues related to information security and data breaches. Our project leaders bring many years of experience to every engagement. And every member of our team of certified cybersecurity professionals uses a deep understanding of information security to anticipate and satisfy our clients’ needs.
ISA has deep expertise across enterprise-grade security architecture, engineering, advisory and managed services. ISA partners with our valued customers to deliver excellent outcomes by providing subject matter expertise across network security, application security, endpoint security, cloud security, identity & access management, GRC advisory and a range of security assessment services.