Transport

FakeSpy Android Malware Targets Japanese Delivery Company, Heathrow Airport Fined for Data Protection Failings

2 - 9 October 2018

Hackers have been using fake sites that closely resemble that of the Japanese delivery company Sagawa to spread a new FakeSpy Android malware variant. One of the fake sites has no SSL certificate and its page layout is broken.
Cyber_News_Transport
Hackers have been using fake sites that closely resemble that of the Japanese delivery company Sagawa to spread a new FakeSpy Android malware variant. One of the fake sites has no SSL certificate and its page layout is broken. The fake site has a popup message that redirects the visitor to a malicious page that requests a phone number for alleged security purposes. Other fake sites do not ask for phone numbers but drop a malicious Sagawa application once the visitor clicks on the sites. The application contains a FakeSpy variant with several functions, such as intercepting incoming SMSes, pilfers SMSes, as well as creating and sending SMSes to other devices to spread the malware.

The Heathrow Airport in London, UK, has been fined 120,000 pounds by the Information Commissioner’s Office for ‘serious failings’ in securing personal data. The airport suffered a breach last year when an employee lost a USB stick that held unencrypted personal data of employees. In addition, investigations found that only two percent of Heathrow Airport’s 6,500 employees had received data protection training. 

References:
[1] FakeSpy Comes Back. New Wave Hits Japan
[2] Heathrow Airport fined by UK data protection regulator for failings
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence