Advantex Weekly Threat Report – March 25th, 2019

A round-up of the latest cybersecurity threats and vulnerabilities online.

In this weeks ‘Advantex Weekly Threat Report’, we reveal all on the ransomware attack affecting global aluminium plant Hydro, how your Facebook password could be exposed to thousands of users, and the news of two email phishing scams hitting the inbox of Netflix and Amex users.

This report is aggregated from recent open source reports online.



Up to 600 Million Facebook Passwords Exposed

It has been reported that the passwords of millions of Facebook users around the globe were accessible by thousands of its employees.

An anonymous, Facebook Software Engineer has revealed the alarming news that the passwords of up to 600 million Facebook users dating back to 2012 have been stored in plain text and could be searched and accessed by more than 20,000 of its employees.

The same source revealed that access logs showed some 2,000 engineers or developers had made approximately 9,000,000 search queries for data containing the plain text user passwords.

In a statement, Facebook said it had now resolved the “glitch” that had stored the passwords on its internal network.

Facebook Engineer, Scott Renfro said an internal investigation was launched after Facebook discovered the logs, and there are no “signs of misuse”.

Facebook said it discovered the issue back in January during a routine security audit, which also showed that most of the people affected were the users of Facebook Lite, most commonly used in nations where accessibility and communications are of a poor standard.

Facebook told Reuters;

“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,”

They also went on to add that a password reset would only be enforced if there was any sign of misuse.

As a precaution, we recommend changing your Facebook password either way – better to be safe than sorry!



Huge Aluminium Plants Hit by Severe Ransomware Attack

One of the world’s biggest aluminium manufacturers has been forced to go back to manual operations at some of its core sites following a severe ransomware attack.

Hydro, which employs over 36,000 employees across 40 countries was hacked late on Monday night, forcing some of the company’s core factories to halt production, with some being forced to resort to manual operations as to technology.

Hydro Aluminium Notice

Updates were posted to the firm’s social media channels due to the main website being down but has since relaunched with an update from their Head of IT, Jo De Vilegher:

“The malicious virus attack caused many of Hydro’s IT-systems to be shut down, not because they were infected but to contain the virus and prevent it from spreading further. Although the situation is progressing from day to day, it remains unclear how long it will take to restore stable I- operations. We need to cure the infected parts of our network, before reopening the healthy parts,”

Hydro has reported the attack to the police and authorities at it continues to investigate the ins and outs of the attack.



Phishing Bait in Place for Netflix and Amex Users

Cybersecurity experts at Microsoft’s ‘Windows Defender Security Intelligence’ team reported the discovery of two new email-based phishing campaigns, targeting popular services from Netflix and Amex (American Express).

Whilst it’s still unclear if the attacks are orchestrated by the same group, the emails are said to imitate the brands exceptionally well, featuring all the legitimate logos, copy and the forms even mimic those on the respective company websites – making them very plausible.

Both phishing emails warn users of account issues, a common tactic used by hackers.

The phishing campaign targeting Netflix customers used a “Your account is on hold” subject line, creating a sense of panic and urgency with the recipient, potentially catching them off-guard.

Netflix phishing campaign

The email linked to a very realistic looking form, which was used to collect and extract credit card information and billing information.

The AMEX phishing email told recipients that their online access had been blocked and they need to verify their identity immediately. Recipients are then redirected to a convincing page requesting personal and credit card details such as their address, mother’s maiden name and even their card PIN number.

AMEX phishing campaign

Whilst the emails are somewhat convincing, the chances are, Amex isn’t going to email you about your account being down, and they would never ask for your pin number online. So if you have your doubts about an email, and you think it’s malicious, remain vigilant and report any suspicious emails to the subject service provider. Even if the emails are in fact genuine, if you’re in doubt, don’t hesitate to question them – it’s always better to be safe than sorry.



Don’t get caught out, protect your users, data, and technology!

Send us your details below and get a FREE Cybersecurity Consultation!.

We’ll carry out a FREE no-obligation consultation at your business and examine your existing infrastructure and security network(s). As well as examine what you’re currently doing, we will advise on how you can best protect your data – and help prepare you and your business for the imminent threat of a cyberattack.

Don’t take the risk, get in touch today!