HBO Data Breach & EvilAbigail Attacks Linux

This week, the Alert Logic team highlights the HBO Data Breach and EvilAbigail Attacks Linux. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

HBO Data Breach

The data taken on July 31 from HBO is more than just a couple show episodes and Game of Thrones spoilers. The company paid security contractors to sniff out exactly what leaked online, and they've revealed that the hackers stole thousands of internal company documents.

The hackers had originally contacted media revealing their exploits and linking to what they stole. The first info dump includes personal information from a senior HBO executive, including access credentials for online services. The hackers claimed to have stolen 1.5 terabytes of data from the company, which they plan to keep releasing in future batches.

References: DMCA Filing says Hackers Stole ‘Thousands’ of Internal HBO Docs | HBO Security Contractor: Hackers Stole ‘Thousands of Internal Documents’ | The HBO Hackers Stole 'Thousands' of Internal Company Documents

Mitigation Strategies:

Malware

EvilAbigail Attacks Linux

EvilAbigail is a Python-based tool that allows automated attacks on Linux systems. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended.

An Evil Maid attack is characterized by the attacker’s ability to physically access the target multiple times without the owner’s knowledge.

References: Introducing EvilAbigail | Automated Linux Evil Maid Attack

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity.

This Week's Suspicious IP Addresses

97.76.179.218 209.221.9.136
208.100.26.228 218.65.30.251
67.231.60.108 101.95.171.230

*IP addresses provided by Recorded Future.