Dropbox Confirms Breach: Over 68 Million Accounts Leaked

This week we hear about how Dropbox Confirms Breach - Over 68 Million Accounts Leaked and how a RIPPER Malware is Behind ATM Raids in Thailand.

Breach

Dropbox Confirms Breach - Over 68 Million Accounts Leaked

Dropbox recently confirmed that they were breached in 2012, and disclosed that it was bigger than they had originally thought. There were about 5GB worth of files containing details of over 68 million accounts. The leaked information included email addresses and hashed passwords for Dropbox users, and “the data is legitimate,” according to a senior Dropbox employee.

Dropbox has forced password resets as a precautionary measure for all potentially impacted users.

References: Dropbox Confirms 2012 Breach Bigger Than Previously Known | Hackers Stole Account Details for Over 60 Million Dropbox Users | Dropbox Hacked - More Than 68 Million Account Details Leaked Online

 

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Log management could detect any suspicious user account activity
  • Vulnerability scanner to identify any potential vulnerabilities in the environment
  • Netflow traffic may also reveal large data transfers and potential data leakage
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Malware

RIPPER Malware Behind ATM Raids in Thailand

Cyberthieves were able to steal 12 million Baht, approximately $350,000, at ATM machines in Thailand with a new malware called RIPPER. It shares traits to other similar malware, but RIPPER is unique in that it interacts with the ATM by inserting a special ATM card that has an EMV chip that serves as an authentication mechanism. It disables the ATM from local networks, wipes away forensic evidence, and dispenses about 40,000 Baht per withdrawal. 

References: RIPPER ATM Malware Uses Malicious EMV Chip | Ripper! Boffins Find Malware Thought Behind $347k Thai ATM Raids | RIPPER Malware Suspected Behind $350K Thailand ATM Heist, Report

Mitigation Strategies:

  • Log management could detect suspicious activity on malware infected servers
  • Intrusion detection system (IDS) signatures would be able to detect suspicious data activity between malware sources and target systems
  • Vulnerability Scanner to detect vulnerable services and/or applications running on target hosts
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 

Top 20 IP Addresses

58.158.177.102 69.195.129.70
93.184.220.29 118.170.130.207
213.205.40.169 46.109.168.179
80.150.6.138 81.183.56.217
185.117.72.99 69.162.96.148
208.71.106.48 213.180.150.17
195.78.215.76 82.197.131.109
188.118.2.26 195.248.63.109
81.196.20.134 114.44.192.128
87.222.67.194 112.140.42.29

*IP addresses provided by Recorded Future.