Real cases

Data since 2012

Real cases of hacked carsDate
The data of 21,000 drivers appears for sale on the dark webNov 2020Read More
Headline The data of 21,000 drivers appears for sale on the dark web
Year 2020
Month Noviembre
Country United Kingdom
Description 

An attack on the database of a British insurer – whose name is unknown – led to the leakage of the personal data of 21,000 drivers across the UK. The leaked information included names, addresses, contact methods and driver’s license numbers. Shortly after the theft occurred, the data appeared for sale in “street markets” on the Dark Web.

Intentionality Cracker
Target Empresa
Company British insurance company
Type of company Vehicle insurer
Data / Life Datos
Access Aplicación
Recognized by brand No
Source https://www.teiss.co.uk/british-motorists-data-hacked/
International automotive dealer suffers an attack by ransomwareDic 2020Read More
Headline International automotive dealer suffers an attack by ransomware
Year 2020
Month Diciembre
Country Australia
Description 

The Australian subsidiary of Inchcape – an international automotive distribution and service provider that works with a large number of brands – is undergoing a cyberattack. A group of crackers filters the ‘ransomware’ known as ‘Ransomexx’ on their servers, which encrypts and captures large volumes of sensitive company data. Some of this information has even ended up leaked on the Dark Web.

Intentionality Cracker
Target Empresa
Company Inchcape
Type of company Automotive Distribution and Services
Data / Life Datos
Access Remoto
System Company servers
Recognized by brand 
Source https://www.itwire.com/security/auto-services-firm-inchcape-hit-by-windows-ransomexx-ransomware.html
Crackers expose data of a logistics operator in the U.S.Dic 2020Read More
Headline Crackers expose data of a logistics operator in the U.S.
Year 2020
Month Diciembre
Country United States
Description 

The american company Cardinal Logistics -located  in North Carolina, United States- and which counts with a fleet of more than 3.100 transportation vehicles, suffered a ransomware attack from the REvil group. When the information hijacking ended -where could be found  confidentiality agreements type NDA, financial information and employees data-, the crackers spread a small amount of confidential data on the Dark Web in response to the company’s refusal to pay the ransom.

Intentionality Cracker
Target Empresa
Company Cardinal Logistics
Type of company Transport and logistics
Data / Life Datos
Access Remoto
System Databases
Reach 1
Recognized by brand 
Source https://www.freightwaves.com/news/hackers-leak-data-from-trucking-firm-cardinal-logistics
A vulnerability is found on a ticket sales platformDic 2020Read More
Headline A vulnerability is found on a ticket sales platform
Year 2020
Month Diciembre
Country 
Description 

An independent investigator finds a flaw in the ‘Online Bus Ticket Reservation 1.0’ platform. It is a software for the sale of transport tickets, developed in open source to be used by bus companies, whether urban or interurban -for example: Abhibus, Red Bus, Travelyari, APSRTC, TSRTC, Goibibo, Yatra, Makemytrip, Yatragenie… -. A failure in the authentication procedure allows access to the service by entering a simple code in the username and password fields, so the attacker does not need to create a user account on the platform.

Intentionality Hacker
Target Otros
Company SourceCodester
Type of company Software developer
Data / Life Datos
Access Aplicación
System Online platform for booking bus tickets
Recognized by brand 
Source https://www.realinfosec.net/2020/12/08/online-bus-ticket-reservation-1-0-sql-injection/
Police officer arrested for abuse of personal dataDic 2020Read More
Headline Police officer arrested for abuse of personal data
Year 2020
Month Diciembre
Country United Kingdom
Description 

A police officer from the island of Guernsey – in the United Kingdom – is arrested for harassing a woman while she is off duty. In the subsequent investigation, the authorities discover that it is a habitual practice of the accused, in which he uses -without authorization- the data of his victims’ vehicles – brands, models, license plates, name and address of the owners … – with in order to locate them.

Intentionality Cracker
Target Otros
Company Guernsey Police Department
Type of company Security forces and bodies
Data / Life Datos
Access Aplicación
System Database
Recognized by brand 
Source https://guernseypress.com/news/2020/12/04/officer-used-police-database-to-contact-nine-women-online/
Vancouver subway system hit by ransomware attackDic 2020Read More
Headline Vancouver subway system hit by ransomware attack
Year 2020
Month Diciembre
Country Canada
Description 

TransLink -the company that manages the Vancouver subway- suffered a ransomware attack against its computer network, even paralyzing the provision of the service. The group responsible -called ‘Egregor’- threatens the company with publishing all the stolen data if its financial demands are not met -that is what a ransomware attack is all about-.

Intentionality Cracker
Target Empresa
Company TransLink
Type of company Public Transport
Data / Life Datos
Access Aplicación
Recognized by brand 
Source https://globalnews.ca/news/7499986/translink-suspicious-network-activity-update/
Fuel distributor hit by ransomware attackDic 2020Read More
Headline Fuel distributor hit by ransomware attack
Year 2020
Month Diciembre
Country Canada
Description 

The Canadian company Parkland Corp, a fuel distribution company, has suffered a ransomware cyber-attack -which consists of ‘kidnapping’ or stealing data and demanding a ransom in exchange for releasing or decrypting it-, which has not affected its operations. A group known as ‘Clop’ claims responsibility for the attack, although to date it has not offered any proof of its actions.

Intentionality Cracker
Target Empresa
Company Parkland Corporation
Type of company Distribution
Data / Life Datos
Access Remoto
System Databases
Recognized by brand 
Source https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack
Disable a connected carrier platform for five daysNov 2020Read More
Headline Disable a connected carrier platform for five days
Year 2020
Month Noviembre
Country United States
Description 

The DriverConnect platform – used by thousands of carriers in the United States – suffered an attack on its servers, forcing the provider company -Rand McNally- to completely disconnect the service. Due to this, the affected drivers were not able to use any of their associated functions such as the navigator, vehicle status diagnostics, ‘hands-free’ telephony and messaging, or the cameras outside the cabins. The company managed to restore the platform five days after receiving the attack.

Intentionality Cracker
Target Vehículo
Company Rand McNally
Model DriverConnect
Type of company Service provider
Data / Life Otros
Access Aplicación
System DriverConnect Connected Services Platform
Recognized by brand 
Source https://www.freightwaves.com/news/5-days-later-rand-mcnally-says-eld-system-back-online
A Tesla Model X is hacked through the bluetooth systemNov 2020Read More
Headline A Tesla Model X is hacked through the bluetooth system
Year 2020
Month Noviembre
Country United States
Description 

The security researcher at the Belgian university KU Leuven, Lennert Wouters, has revealed a number of cybersecurity vulnerabilities affecting the Model X and its hands-free opening system. Wouters showed that a cracker could make a copy of the firmware – the instructions of a computer program – that uses the car’s remote control… via Bluetooth. That way you would be able to get an unlock code and that in turn would allow you to unlock the vehicle. The American company, famous for being one of the first that allows updating its models remotely, has said that it plans to update the software of its key system to correct these vulnerabilities, as Wouters says in the Wired medium. In the meantime, Model X owners are encouraged to install whatever updates Tesla makes available to them in the coming weeks to prevent such an attack.

Intentionality Hacker
Target Vehículo
Company Tesla
Type of company OEM
Data / Life Datos y Vida
Access Aplicación
System Bluetooth
Recognized by brand No
Source https://www.wired.com/story/tesla-model-x-hack-bluetooth/



Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies