Strætó Was Hit by Cyber-Attack

Strætó, the Iceland Public Bus Network, came under attack from hackers yesterday, RÚV reports. The company‘s web servers were hacked but the app was not tampered with.

Jóhannes Rúnarsson, the CEO of Strætó, said to RÚV that the incident had been reported to the Data Protection Authority, the Police and the Computer Emergency Response Team of Iceland. He added that the attack could have resulted in data leakage, but data hostage was unlikely. The attack is not believed to be connected to the log4j vulnerability.

According to RÚV, measures have been taken to prevent further data leakage and experts are currently analysing the situation. However, Strætó warns against sharing credit card info via e-mail with potential scammers.

Email Scammers Targeting Athletics Associations

A number of Icelandic athletics associations have fallen prey to email scams and have lost a considerable amount of money as a result, RÚV reports. Police warn these associations to be on their guard; cybercriminals waged a similar campaign against athletics associations a few years ago and are reusing the same techniques now.

The most common type of scam is that the managing director, an employee, or a volunteer of an athletics association will receive an email that appears to come from their organization’s bookkeeper or director. The email will ask them to make a bank transfer to a foreign bank account and say that this needs to be done within a very short window of time.

The scammers seem to have done considerable homework on their marks. According to Auður Inga Þórsteinsdóttir, director of the National Association of Youth Organizations (UMFÍ), athletics associations with higher revenue are asked to transfer more money than less monied organizations—anywhere from ISK 400,000 [$2,901; € 2,452] to ISK 1 million [$7,253; €6,130]. UMFÍ urges any organizations that are targeted by such scams to report them to the police.

Internet fraud and email scams have cost Icelanders a total of ISK 1.5 billion [$10.88 million; €9.19 million] over the last three years.

Police Warn Against Blackmailing Scam

Police have issued a warning about an email scam gaining traction in the capital area, RÚV reports. Victims of the scam receive an email stating that their computer has been infected with a virus after visiting a pornographic site and that they must pay the blackmailers if they want to avoid having incriminating webcam videos sent to everyone in their contact list.

“It seems that XXXXXXXXX is your password,” reads the threatening email. “You do not know me and you’re probably thinking why you are getting this mail, correct? In fact, I actually placed a malware on the adult vids (pornographic materials) website and guess what, you visited this website to have fun (you know what I mean). While you were watching videos, your internet browser initiated operating as a RDP (remote Desktop) with a key logger which gave me accessibility to your display screen as well as cam. Just after that, my software gathered all your contacts from your Messenger, FB, as well as email.”

Police are advising people targeted by the scam not to pay the ransom and say that this is likely a case in which email addresses were bought in bulk online, and, in some cases, passwords as well. They say the threat of compromising videos is an empty one, and only meant to strike fear in people targeted by the scam in order to ensure they pay the ransom.

The police recommend that people cover their webcam when it is not in use and also check whether their email addresses have been subject to any data leaks on websites that they use. You can check whether your email or password data has been compromised at https://haveibeenpwned.com/