In AppSealing News, AppSealing Blog

Hackers are constantly on the prowl to find their next victim. It is not only unsuspecting individuals who become their target, but even multi-billion-dollar businesses suffer, which may boast of well-staffed security teams. To put it in other words, no one escapes from the prying eyes of hackers, who are always looking out for security vulnerabilities in user devices and network carriers. In 2019, unscrupulous elements carried out massive data breaches, so much so that even the CEO of Twitter Jack Dorsey was not spared, who fell prey to a “SIM-swap” fraud. It reminds us how vulnerable our data and codes are. 

Here are a few major attacks that took place in 2019:

Privacy at stake in UK govt app

The EU Exit: ID Document Check app launched by the Home Office of the UK government exposed several European Union members who used it to apply to remain in the UK post-Brexit to privacy and malware threats. Promon, a Norwegian security firm, found the application to be prone to malware reading and not having a proper mechanism in place to shield users’ private information.

Zynga’s risky game

A report revealed that the credentials of nearly 173 million users were leaked when hackers broke through the security wall of the game developer Zynga. The news came into the limelight around September when the hacker Gnosticplayers said he was in possession of data on over 218 million users.

OTA bug bites Android

Hackers took advantage of the authentication constraints of Open Mobile Alliance Client Provisioning (OMA CP), the standard over-the-air (OTA) mechanism, and targeted Android users with phishing text messages. The bug led Android users to install malicious settings that routed them to servers controlled by miscreants.

Holidays hit by virus gloom

A Trend Micro research found that two major hotel booking sites were under attack by a credit card skimming malware called Magecart. Hackers were able to replace the original credit card forms with a duplicate on these websites, which, in turn, gave them access to sensitive user information, such as card numbers, addresses, and telephone numbers.

GPS trackers under threat

Researchers found that GPS trackers could be hacked to make calls on premium-rate numbers. GPS trackers are widely used in various devices, ranging from watches – which generally come with a pay-as-you-go SIM cards – to pet collars. Researchers demonstrated how they could use these devices to vote for television shows that carry premium SMS charges.

Your number isn’t private

The security expert Ibrahim Balic exposed a Twitter bug that let him match phone numbers of several high profile users with their handle. Balic said that he could fetch the relevant account details by using the contacts upload feature on Twitter’s Android application.

Capital One data leak

Over a hundred million Americans and six million Canadians had their sensitive information stolen from the financial company Capital One’s database. In July 2019, the breach was identified and informed to the Federal Bureau of Investigation, which arrested a certain Paige Thompson of Seattle in this connection. The sensitive information included names, addresses, phone numbers, postal codes, and credit limits and scores apart from other confidential data.

Disney streaming hacked

Just hours after Disney launched its much-awaited streaming service, attackers hacked several accounts and sold them online. This left several users without access to their own accounts. Reports said that the accounts were sold for as less as $3 on dark web sources.

LightInTheBox breached by dark elements

Last November, it was found that Chinese e-commerce player LightInTheBox was hit by a major data breach that exposed sensitive user details to the tune of 1.3 TB. Attackers gained access to users’ IP addresses, information on geographical locations, and user log activity. This data could be used by attackers to orchestrate large-scale frauds.

Twitter CEO targeted

Even the CEO of one of the world’s largest companies is not immune to security threats. Jack Dorsey became a victim of the “SIM-swap” fraud, where attackers trick telecom companies into transferring a number. The user then loses access not only to the primary number but in many cases, access to social media and bank accounts. Dorsey lost control of his number for a brief while, as Twitter confirmed in September that his account was restored.

Malicious apps take advantage of ‘StrandHogg’

In December 2019, the Norwegian security company Promon discovered a vulnerability in Android OS called StrandHogg that malicious apps can use to get access to a phone’s storage. Experts said that the flaw arose due to Android’s poor multitasking functionality.

A new trojan called Ginp

In November, a trojan called Ginp that stole credit card login details and data were discovered. The trojan initially masked itself as a Google Play Verificator app but later updates added bank-specific features. Ginp has been further developed into a more potent trojan with codes taken from the Anubis banking trojan. Experts feel that Ginp will continue to evolve.

They year 2019 looked like a time when hackers made merry with user information in a variety of ways. With attackers constantly developing new applications and methods to breach data security, users must be on guard at all times. They should follow safe usage practices to minimize exposure to such threats and have a more secure 2020.

Govindraj Basatwar, Global Business Head
Govindraj Basatwar, Global Business Head
A Techo-Commerical evangelist who create, develop, and execute a clear vision for teams. Successfully created a SaaS business model with multi Million Dollar revenues globally. Proven leadership track record of establishing foreign companies in India with market entering strategy, business plan, sales, and business development activities.