Nowadays, nobody surprised by news about another hackers attempt to break into databases, bank accounts and other confidential information. All of this has already become habitual and ordinary. Services that prevent and investigate cybercrime, usually find out the causes of break-ins and its technology very quickly, but capturing the criminals and prevention of following attacks are at a very low level.
Hacking Apple cloud photo storage service, iCloud
At the end of August, this year, in social networks and forums in the Internet unusual photos began to periodically appear. The thing is that photos in free access were the photos of nude famous pop-stars and actresses.
Among them were such celebrities as Jennifer Laurence, Kristen Dunst, Avril Lavigne and many other stars. This indecent content began becoming popular and, as it’s popularity grew, more and more photos were uploaded. When the FBI became interested in this phenomenon, their number was already counted in hundreds.
Of course, we will not condemn famous women, but the leak source was founded very quickly. It turned out that these intimate photos were taken by criminals after hacking iCloud cloud service. It took them only few months to become the owners of such valuable photo archive.
During this period of time the criminals made hundreds if phishing attacks on celebrities accounts located on this popular cloud service. Their goals are still mystery. Anyway, there was no information about money compensation for work they did.
The figurants of this scandalous story behave themselves quite predictably: in some cases — threatening the owner of websites where their photos were places by multimillion claims, in other cases — simply denying their similarity with the persons depicted in the photos.
Specialists from Apple claim that such a leak was possible not because of their protection system vulnerability, but because of disregard for protecting the data by its owners themselves.
Theft of confidential data from cloud service Azure, Microsoft company
International consulting corporation Deloitte became another victim of hacker attack. This sensation was published in The Guardian, informing the readers that the corporation took an active part in many cybersecurity projects itself. According to the latest information, 244 000 employees and some clients suffered from the actions of hackers.
The cause for everything was the inadmissible oversight of the victims themselves. They placed their personal data on Azure cloud service, owned by Microsoft. In addition to business correspondence, hackers got access to IP-addresses, personal data and also to passwords and financial information.
According to The Guardian, this cyber attack took place at the end of 2016, but information about it appeared only several months later. The company administration confirmed the fact of hacking and the fact that not only the employees were harmed, but also a number of clients were. Six of them already received notification about this incident.
After internal investigation it became clear that the login to the system was made using an account of system administrator protected with a simple password. Experts have not yet figured out, who was behind this intervention, but the subject of interest for hackers was defined precisely. The main target for hackers were american companies that used Deloitte services.
The FBI continues investigating this incident, but declines to comment on anything, because it’s not yet finalized. The official representative of Deloitte made a statement that the company does not plan to suspend its activities due to hacker attack and is able to continue working as usual.
Crypto-currency mining using Amazon, AWS cloud services
According to information distributed by RedLock company, which specializes in cyber crimes investigation, AWS cloud services of 2 large companies were hacked for exploiting their computing resources for Bitcoin mining. The hackers gained access to the servers after discovering that administrative consoles did not have appropriate protection.
After more serious analysis it became clear that mining was launched using an application based on Kubernetes. It is one of Google technologies made specifically to ease working with applications for such services.
In fact, self-made bot was used. Two international companies — Gemalto and Aviva — became its victims.
As we can see, hacking methods are changing, their skills become more perfect, and, most importantly, their goals are changing too. Experts say that usual hacking servers to get data for selling it later goes down in history. Recent years statistics shows that hacking servers is more often done to exploit their computing resources, and modern cybersecurity systems were completely unprepared for such attacks.