Tag Archives: British

British Airways data breach may be the work of Magecart

The British Airways data breach may have been the handiwork of the threat actor group known as Magecart.

Security researchers at the threat intelligence company RiskIQ Inc., reported that they suspect Magecart was behind the late August British Airways data breach, based on their analysis of the evidence. The Magecart group focuses on online credit card skimming attacks and is believed to be behind the Ticketmaster data breach discovered in June 2018.

British Airways reported it had suffered a breach on Sept. 6 that affected around 380,000 customers. The company said personal and payment information were used in payment transactions made on the website and the mobile app between Aug. 21 and Sept. 5.

In a blog post published a week later, RiskIQ researcher Yonathan Klijnsma said that because the British Airways data breach announcement stated that the breach had affected the website and mobile app but made no mention of breaches of databases or servers, he noticed similarities between this incident and the Ticketmaster breach.

The Ticketmaster breach was caused by a web-based credit card skimming scheme that targeted e-commerce sites worldwide. The RiskIQ team said that the Ticketmaster breach was the work of the hacking group Magecart, and was likely not an isolated incident, but part of a broader campaign run by the group.

The similarities between the Ticketmaster breach and the reports of the British Airways data breach led Klijnsma and the RiskIQ team to look at Magecart’s activity.

“Because these reports only cover customer data stolen directly from payment forms, we immediately suspected one group: Magecart,” Klijnsma wrote. “The same type of attack happened recently when Ticketmaster UK reported a breach, after which RiskIQ found the entire trail of the incident.”

Klijnsma said they were able to expand the timeline of the Ticketmaster activity and discover more websites affected by online credit card skimming.

“Our first step in linking Magecart to the attack on British Airways was simply going through our Magecart detection hits,” Klijnsma explained. “Seeing instances of Magecart is so common for us that we get at least hourly alerts for websites getting compromised with their skimmer-code.”

He noted that in the instance of the British Airways data breach, the research team had no notifications of Magecart’s activity because the hacking group customized their skimmer. However, they examined British Airways’ web and mobile apps specifically and noticed the similarities — and the differences.

The fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets.
Yonathan Klijnsmathreat researcher, RiskIQ

“This attack is a simple but highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer which grabbed forms indiscriminately,” Klijnsma wrote. “This particular skimmer is very much attuned to how British Airway’s (sic) payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer.”

Klijnsma also said it was likely Magecart had access to the British Airways website and mobile app before the attack reportedly started.

“While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets,” he wrote.

Magecart, RiskIQ noted, has been active since 2015 and has been growing progressively more threatening as it customizes its skimming schemes for particular brands and companies.

In other news

  • President Donald Trump signed an executive order this week that imposes sanctions on anyone who attempts to interfere with U.S. elections. After Russian interference in the 2016 U.S. presidential election, there are fears that there will be further interference in the upcoming 2018 midterm election. In response to those fears, Trump signed an executive order that sanctions would be placed on foreign companies, organizations or individuals who have interfered with U.S. elections. The order says that government agencies must report any suspicious, malicious activity to the director of national intelligence, who will then investigate the report and determine its validity. If the director of national intelligence finds that the suspect group or individual has interfered, there will be a 45-day review and assessment period during which the Department of Justice and Homeland Security will decide whether sanctions are warranted. If they are, the foreign group or individual could have their U.S. assets frozen or be banned from the country.
  • A vulnerability in Apple’s Safari web browser enables attackers to launch phishing attacks. Security researcher Rafay Baloch discovered the vulnerability and was also able to replicate it in the Microsoft Edge browser. Baloch published the proof of concept for both browser vulnerabilities early this week, and while Microsoft had addressed the issue in its August Patch Tuesday release — citing an issue with properly parsing HTTP content as the cause — Apple has yet to issue any patches for it. The vulnerability in Safari iOS 11.3.1 could thus still be used to spoof address bars and trick users into thinking they are visiting a legitimate site that is actually malicious.
  • The hacker known as “Guccifer” will be extradited to the U.S. to serve a 52-month prison sentence. A Romanian court ruled that the hacker, who is known for exposing the misuse of Hillary Clinton’s private email server before the 2016 U.S. presidential election and whose real name is Marcel Lehel Lazar, will be extradited to America to serve his 52-month sentence after finishing his seven-year sentence in Romania — his home country. Lazar pleaded guilty in May 2016 to charges of unauthorized access to a protected computer and aggravated identity theft. Lazar is believed to have hacked into the accounts of around 100 people between 2012 and 2014, including former Secretary of State Colin Powell, CBS Sports’ Jim Nantz and Sidney Blumenthal, a former political aide to Bill Clinton and adviser to Hillary Clinton.

New partnerships advance the Cascadia Innovation Corridor – News Center

New cross-border initiatives to connect Washington state and British Columbia

SEATTLE — Sept. 12, 2017 — Leaders from Washington state and British Columbia today announced a suite of new initiatives focused on improving connectivity, strengthening innovation and generating economic opportunity.

Launched in September 2016 in Vancouver, British Columbia, the Cascadia Innovation Corridor is built upon a shared spirit of creativity, innovation and entrepreneurship. The Corridor boasts world-renowned research organizations and global corporate leaders in a diverse array of existing and emerging technology disciplines, including aviation and aeronautics; software development; cloud computing; online retailing; big data transmission, storage and analysis; the Internet of things; mobile communications; biotechnology and the life sciences; and global health.

Governments, universities, companies, research institutions and others have joined together to tap the potential of the Cascadia region to create new and exciting economic opportunities while celebrating cultural diversity and inclusion.

By focusing on research, economic development and transportation, the Cascadia Innovation Corridor is enhancing greater connectivity, productivity and innovation for the nearly 12 million people living in British Columbia and Washington State.

Announcements today include these:

  • Three internationally recognized polytechnics have joined forces to provide industry aligned, high-skill talent for the Cascadia Corridor’s workforce needs. British Columbia Institute of Technology, Lake Washington Institute of Technology and Oregon Institute of Technology will collaborate to leverage their applied education offerings in high-demand STEM fields, and provide expanded professional practice for students and career opportunities for graduates within the Corridor’s path of influence.
  • Expansion of the Global Innovation Exchange (GIX) to include the University of British Columbia. GIX is a global partnership between major research universities and innovative corporations to develop leaders in innovation. The University of Washington and Tsinghua University in Beijing are founding partners, with support from Microsoft Corp. GIX is expanding to include the University of British Columbia as an academic network member, building a bridge across the Pacific between the Cascadia Corridor and China, and between the higher-education community and the business community in a manner that benefits students. More academic network partners will be announced shortly.
  • Seattle-Vancouver Financial Innovation Network. Set to be launched in Q4 of 2017 with support from Microsoft and Madrona Venture Group, the Seattle-Vancouver Financial Innovation Network (FIN) will bring together leading Cascadia Corridor financial services and technology companies and relevant U.S. and Canadian regulatory authorities to establish an integrated international financial center (IFC). Initial FIN programs will include promotion of coordinated digital economy cross-border investments with an emphasis on fintech, mixed reality, artificial intelligence, intelligent apps and quantum computing. The long-term FIN strategic objective is the creation of an integrated financial services cluster that competes directly with other similar-sized IFCs, such as Boston, Dublin, Shenzhen, Munich and Melbourne.
  • Progress on transportation connecting the Cascadia region

o   The state of Washington is performing an in-depth feasibility study for a potential high-speed rail line that would connect the Cascadia region. Microsoft is donating $50,000 to supplement the $300,000 in state funding approved for the study.

o   In addition, Harbour Air and Kenmore Air are working together on a new seaplane route linking Seattle and Vancouver, with a final announcement expected later this year.

  • A new cross-border startup accelerator partnership among British Columbia, Washington and Oregon. The Canadian Consulate General in Seattle, representing the government of Canada, has brought innovation partners in the three regions together to establish the Cascadia Innovation Network (CIN), which initially will include business incubators, accelerators and universities, but may later include venture capital firms and other innovation partners. The CIN focuses on bringing innovative ideas to the public by introducing startups to cross-border funding and support opportunities. A new memorandum of understanding will initially bring together the University of Washington (Co-Motion), Washington State University, Cambia Grove, Oregon Health and Science University, Oregon Translational Research & Development Institute (OTRADI), Portland State University Business Accelerator, Innovation Boulevard (BC Health Tech Accelerator), University of British Columbia (e@entrepreneurship), Accelerate Okanagan, Wavefront, and Foresight.

The two-day conference, hosted by the Seattle Metropolitan Chamber of Commerce, Microsoft, Washington Roundtable and Business Council of British Columbia, examines shared regional opportunities and challenges, including discussions on venture capital investment, higher education, life sciences, smart cities and augmented reality/virtually reality.

Speakers include Washington Governor Jay Inslee, Parliamentary Secretary to the Minster of Environment and Climate Change Jonathan Wilkinson, Hootsuite Chief Executive Officer Ryan Holmes, Microsoft President Brad Smith, BuildDirect President and CEO Jeff Booth, University of Washington President Ana Mari Cauce, University of British Columbia President Santa Ono, LifeLabs President and CEO Sue Paish, and Harvey Mudd College President Maria Klawe.

Quotes

Governor Jay Inslee: “This special relationship between our two communities is worth celebrating, cultivating and growing. Our rich history together and our confidence in the future will allow us to tackle our biggest challenges head-on, and do it in a way that makes sure everyone throughout this great region has the opportunity to be a part of the progress, and the future we create.”

Premier John Horgan: “By developing the Cascadia Innovation Corridor, we have the opportunity to unlock even more jobs and opportunities, not just in Metro Vancouver but across the province. We’re stronger when we work together. B.C. is looking forward to working with Gov. Jay Inslee and Prime Minister Justin Trudeau to develop opportunities across Cascadia.”

Brad Smith, Microsoft President: “Last year we came together as a region to build something that we simply can’t create apart: an innovation corridor to create more opportunity and prosperity on both sides of the border. By linking our two cities together through cross-border collaboration, research, funding and educational opportunities, we will spur new economic activity and opportunity that creates a better future for everyone.”

Maud Daudon, President and CEO, Seattle Metropolitan Chamber of Commerce: “We are at our best when we work together, and the spirit of collaboration between Washington and British Columbia is alive and well. We look forward to a lively discussion over the next two days about how we can work together to ensure our region can continue to compete on a global scale.”

Greg D’Avignon, President and CEO, Business Council of British Columbia: “The BC and Washington State economies were among the strongest in North America last year, due in large part to the diversity of our talent, technology and natural assets. Our two great countries, working in collaboration through the Cascadia Corridor, can make the Pacific Northwest a globally dominant digital innovation cluster that will benefit the future health and prosperity of our people, environment and economies for decades to come.”

Steve Mullin, President, Washington Roundtable: “Strong collaboration over the last year — among policy, business and community leaders from both sides of the border — has been exciting and catalyzing. I believe the shared commitment to growth and innovation will lead to great opportunities and expanded prosperity for both Washington state and British Columbia.”

Michael Schutzler, CEO, Washington Technology Industry Association: “Cross-border collaboration is exactly what our region needs. Business, academic and government leaders together in one room is a unique collaboration but an integral process to achieve results. We are proud to sponsor this year’s event to bring meaningful change to our city.”

Bill Tam, CEO and President, BC Tech Association: “It has been amazing to see the progress of the Cascadia corridor partnerships over the past year. This region more so than many others demonstrates the collaboration that’s needed to become among the top tech ecosystems in the world.”

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

About the Seattle Metropolitan Seattle Chamber of Commerce

The Seattle Metropolitan (Seattle Metro) Chamber of Commerce engages the innovation and entrepreneurship of its 2,200 members to advance economic prosperity, advocate for a vital business environment, and build sustainable and healthy communities in the Seattle region. Founded in 1882 by local business leaders, the Chamber today is an independent organization representing a regional workforce of approximately 700,000 people. For more information, visit www.seattlechamber.com.

About Washington Roundtable

The Washington Roundtable is a nonprofit organization comprised of senior executives of major private sector employers in Washington state. Our members work together to effect positive change on public policy issues that they believe are most important to supporting state economic vitality and fostering opportunity for all Washingtonians. Learn more at waroundtable.com.

About Business Council of British Columbia

Now in its 51st year as the premier business organization in British Columbia, the Business Council of BC is a non-partisan organization made up of 250 leading companies, post-secondary institutions and industry associations from across BC’s diverse economy. The Council produces exceptional public policy research and advocacy in support of creating a competitive economy for the benefit of all British Columbians.

About BC Tech Association

The BC Tech Association is guided by our mission to make BC the best place to grow a tech company. For more than 20 years, BC Tech has been providing opportunities for the tech industry to collaborate, learn and grow together. We are dedicated to connecting companies, developing talent, sharing stories and advocating on behalf of tech companies to keep our industry thriving.

Since our founding in 1993, the tech industry has quintupled to nearly $25 billion in revenue. In that time, we have played a privileged role in supporting the growth of the tech community that now includes over 9,000 companies, employs more than 90,000 people and that has been one of the strongest contributors to BC’s economic growth over the past decade.

About Washington Tech Industry Association

The Washington Technology Industry Association (WTIA) is a non-profit trade group. The primary mission of the WTIA is helping Washington residents gain access to high-wage tech-industry jobs. The WTIA acts as an independent, unifying voice to motivate industry, education and government peers to collaborate effectively and also uses group buying power to help tech companies grow profitably. The WTIA group includes the 501c6 WTIA Member Trade Association, the 501c3 WTIA Workforce Institute, and the 501c9 WTIA Voluntary Employees’ Beneficiaries Association. Apprenti is a program operated by the WTIA Workforce Institute.

For more information, press only:

Microsoft Media Relations, WE Communications for Microsoft, (425) 638-7777, rrt@we-worldwide.com

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://news.microsoft.com. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://news.microsoft.com/microsoft-public-relations-contacts.