Cyware Monthly Cyber Threat Intelligence

Monthly Threat Briefing • Dec 28, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Dec 28, 2018
The Good
As December comes to an end, so does 2018. The past year saw some incredible cybersecurity incidents and advancements. It is our pleasure to help you wrap up the last month of the year with some of the biggest cybersecurity news of December. As always, we begin by highlighting all the good that took place in cyberspace. A new bill has been introduced to the US Congress, which would allow hackers to report bugs directly to the Department of Homeland Security (DHS). Adobe Sign has updated its digital ID authentication feature aiming to enhance signer security using a smartphone or selfie. The Democrat Senate group has introduced Data Care Act to protect Americans’ information online. Meanwhile, Google is working on blocking the ‘Back button’ hijacking of Chrome browser.
A new bill has been introduced to the US Congress, which would allow hackers to report bugs directly to the Department of Homeland Security (DHS). The Public-Private Cybersecurity Cooperation Act, introduced Senators Rob Portman, and Maggie Hassan, requires DHS to create a permanent bug bounty program of sorts, that will ensure that hackers can report problems they find to the proper authorities without being prosecuted for breaking laws.
Adobe Sign has updated its digital ID authentication feature aiming to enhance signer security using a smartphone or selfie. It has also introduced a new signer identification feature called ‘Government ID Authentication’, that allows users to snap a photo of their driver’s license or passport as a form of digital ID authentication.
The Democrat Senate group has introduced Data Care Act to protect Americans’ information online. The Act would require websites, apps, and other online providers to take responsibility for protecting personal sensitive information and preventing the misuse of users’ data.
Google is working on blocking the ‘Back button’ hijacking of Chrome browser. Google engineers are currently working on an update that will block malicious websites from hijacking the Chrome browser's history and, indirectly, the Back button.
Cybersecurity and Infrastructure Security agency bill has been passed. The bill will replace the National Protection and Programs Directorate with the new Cybersecurity and Infrastructure Security Agency. The White House has agreed to a Senate version of the Cybersecurity and Infrastructure Security Agency (CISA) without opposition.
The UK government has announced a new standard for cyber security to protect driverless cars from hacking. This new standard is also designed to attract investment in the UK’s autonomous vehicle industry.
The Bad
As people geared up for Christmas celebrations in December, cybercriminals also suited up to launch numerous cyberattacks. The past month saw several major data breaches and leaks. Hackers hit Quora, compromising the data of 100 million users. Thousands of sensitive emails of US Republicans was hacked during the US 2018 midterm elections. Oil firm Saipem’s servers in the Middle East were hit by a massive cyberattack. Meanwhile, a misconfigured cloud server exposed taxpayer ID numbers of almost 120 million Brazilians.
Hackers hit Quora, compromising the data of 100 million users. Information such as names, email addresses, IP, encrypted passwords, user IDs, and more was accessed by the attackers. The firm is still investigating the matter and is notifying customers about the breach.
Thousands of sensitive emails of US Republicans was hacked during the US 2018 midterm elections. The National Republican Congressional Committee (NRCC) reportedly hushed up a major data breach that it sustained earlier this year. The attack saw four senior NRCC aides’ phones surveilled for months by the hackers. Although NRCC alerted the FBI about the breach, senior Republican leaders were unaware about the attack until recently.
A slew of massive Hollywood-style bank heists, targeting at least eight European banks, saw hackers steal millions of dollars. The attackers planted devices like a laptop, Raspberry Pi and Bash Bunny inside the targeted banks’ premises, which provided them with remote access to the banks’ networks.
Oil firm Saipem’s servers in the Middle East hit by a massive cyberattack. Saipem detected a cyberattack that affected its servers in the Middle East, including the United Arab Emirates, Kuwait, and Saudi Arabia. It’s servers in its main operating centers in Italy, France, and Britain were not affected.
Hackers stole login credentials from over 40,000 government authority accounts. The stolen data includes usernames and passwords in plain text. More than half of the stolen accounts (52 percent) belonged to Italian government officials.
Misconfigured cloud server exposed taxpayer ID numbers of almost 120 million Brazilians. A misconfigured Apache server containing CPF numbers of nearly 120 million Brazilians were exposed for an unknown period of time. The exposed CPF’s were linked to people’s sensitive information such as names, birth dates, emails, phone numbers, addresses, employment details, and more.
Data breach hit Facebook exposing 6.8 million users’ photos. The social networking site has come under fire again for a new API bug leaked private photos of 6.8 million users to third-party apps. The leaked photos were accessible by 1,500 apps built by 876 developers.
Twitter suspects state-sponsored threat actors to be behind its recent data breach. The attack targeted one of Twitter’s support forms which the account users use to contact Twitter about the issues they have with their account. Twitter confirmed that the data breach did not expose full phone numbers or any other private data.
Nasa suffered a data breach affecting its employees’ personal information. The US National Aeronautics and Space Administration (NASA) disclosed that it has suffered a data breach that may have resulted in the compromise of personal information of both current and former employees.
Caribou coffee chain suffered a data breach impacting 239 stores. Cybercriminals gained unauthorized access on to the coffee chain’s point of sale (POS) systems as a result of which customers’ data were exposed.
Save the Children Federation lost $1 million to a cyberscam that involved the use of fake invoices. The scammers gained unauthorized access to employees’ email accounts to send fake invoices and other fraudulent documents.
The San Diego School District was hit by a data breach compromising the personal data of over 500,000 staffers and students. SDUSD suffered a data breach after cybercriminals launched a targeted phishing attack against a staffer to gain access to login credentials and use it to infiltrate the school district’s networks.
BevMo was hit by a massive data breach recently. The cybercriminals gained unauthorized access to the BevMo website and installed a malicious code on the checkout page. The breach impacted nearly 15,000 customers and saw hackers compromise both credit card and personal information of customers.
Attackers recently hacked Electrum wallets, stealing over 200 bitcoins worth around $750,000. The attack resulted in the Electrum wallet apps displaying a message on users’ systems that asked them to download a malicious update from an unauthorized Github repository. The attack lasted for seven days and temporarily stopped after Github removed the attacker’s Github repository.
New Threats
December was unfortunately plagued by a swarm of new malware and ransomware attacks. A few new threat actors also emerged over the past month to cause mayhem in cyberspace. 21 new Linux malware strains were discovered. A new Spectre-like CPU attack was uncovered. A new sextortion scam was uncovered that delivers the Azorult data-stealer and the GandCrab ransomware. Magecart’s card skimming tool was up for sale in the Dark Web. A vulnerability in the ThinkPHP framework was exploited by the hacker group D3c3mb3r. Meanwhile, few MacOS malware samples went undetected by most of the antivirus providers.