This week we cover unique cases that published around end of July 2019,
The first cyber incident happened in Bulgaria 🇧🇬 a country in east Europe with population of nearly 7,000,000 citizens and is a member of the European Union.
The Bulgarian authorities have arrested a 20-year-old man on suspicion of involvement in cyber attack against Bulgaria tax agency and it affected more than 5,000,000 citizens, around 70% of the country population, some experts say that it effected almost every adult living in Bulgaria.
Among the stolen data were names, addresses and even some details of personal income, local media reported.
The authorities acknowledged that Bulgaria’s national tax agency was hacked after a news outlet received an email with a taunt and a claim of responsibility.
Since Bulgaria is member of the EU and it needs to comply with the GDPR, The General Data Protection Regulation in EU law on data protection and privacy for all individual citizens of the European Union. this means that Bulgaria’s tax agency could face fines of up to $22.5 million over the breach from the EU.
Some experts estimated that this cyber attack was possible because of legacy systems that were used were not patched properly. and simple proper network maintenance would have solved this vulnerabilities that were exploited.
The country’s finance minister, Vladislav Goranov, has apologised in parliament for the breach.
Mr. Goranov said anyone who attempted to exploit the data “would fall under the impact of Bulgarian law”.
And we ask Mr. Goranov, why not invest in proper cyber security measures instead making empty threats ? 🙂
Though the police cautioned that the investigation was in its early stages, some officials suggested that Russia might have been behind the attack, as retaliation for the country’s recent purchase of American-made fighter jets.
Paige Thompson, a 33-year-old from Seattle, has been arrested and charged by the FBI with stealing personal data belonging to more than 100 million Capital One customers from the USA and another 6 Million from Canada.
Capital One is a bank holding company specializing in credit cards, auto loans, and other financial services.
The FBI complaint against Thompson revealed several interesting details about the cyber attack. Thompson worked in Amazon Web Services also known as AWS, AWS is one of the biggest providers of cloud computing services in the world.
The vulnerability the hacker exploited was related to specific mis configuration in the specific firewall that was used by Capital One and allowed the hacker to further sniff traffic and execute commands on servers in the network.
In order to successfully exploit and find such specific vulnerabilities in the firewall it usually means that the hacker had some inside knowledge, her work at AWS might have gave her the information she needed in order to take advantage of this vulnerability.
It seems that in this (rare) case the hacker got caught because she was bragging too much and not careful enough, the hacker thought that using the darknet and different anonymizing techniques will provide the needed protection to hide her identity and that confidence resulted in her posting files and tweets on the internet that were related to the hack and even she even consulted with others.
CapitalOne confirmed the hack and confirmed that they found out about it after receiving email that led them to the files the hacker started to publish on the internet. and that the vulnerability was immediately fixed.
That’s it for this podcast, I hope you found this brief overview interesting.
Stay safe and see you at the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts and cyber intelligence.