Cyware Monthly Cyber Threat Intelligence

Monthly Threat Briefing • Feb 1, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Feb 1, 2019
The Good
As January comes to an end, let’s brush up all that happened in the cybersecurity landscape over the month. Let’s first start with all the good events that happened in the past month. USB Type-C Authentication Program was launched to protect against non-compliant chargers and malicious devices.T-Mobile announced caller verification technology to combat Spammers. Researchers have developed a machine named ‘Mayhem’ that detects software vulnerabilities and patches them. Meanwhile, Google is working on a feature that provides protection against ‘drive-by-download’ attacks.
USB Implementers Forum (USB-IF) announced the launch of its USB Type-C Authentication Program, which aims to provide host systems the opportunity to protect against non-compliant USB chargers and mitigate risks from maliciously embedded hardware or software in USB devices.
Google introduces new, secure features for G Suite. These features are introduced as a measure to alert admins on activities such as phishing and data exfiltration. Google said that the alert center in G Suite now comes with improvements in security-related notifications and alerts.
T-Mobile announced Caller Verification technology to alert users on incoming calls that are non-authentic. This caller verification technology is based on STIR and SHAKEN standards which deter spam or spoof calls. The technology will be available to T-Mobile customer who uses Samsung Galaxy Note 9.
Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites. This browser extension is currently available for Chrome and Firefox, with plans to have one available for Microsoft Edge in the future.
Whatsapp is in the process of bringing fingerprint security for Android and iOS users. Only smartphones with a biometric scanner can make use of this feature. WABetaInfo suggests that the feature will be introduced in version 2.19.3.
Yubico Creates Physical Security Key for iPhones. Instead of entering a password and a code sent to a mobile device, you log in by plugging in the physical key to gain account access. In case hackers get ahold of user passwords, they wouldn't be able to login without the key.
Mitsubishi Electic Corporation has developed as multi-layered defense technology that protects connected vehicles from cyber attacks by strengthening their head unit’s defense capabilities. This multi-layer defense technology helps achieve more secure vehicle systems in accordance with the increasing popularity of vehicles that are equipped for connection to external networks.
Red Hat has announced the release of its open-source Podman project on January 17, 2019. The Podman project has integrated multiple core security capabilities which enables organizations to run their containers securely. The core security capabilities include rootless containers and improved username space support for better container isolation.
Researchers have developed a machine named ‘Mayhem’ that detects software vulnerabilities and patches them. Mayhem identifies possible weaknesses and generates a working exploit. This machine can work directly on a binary code, which means that Mayhem can analyze a program without the help of a human.
Google is in the process of adding drive-by-download protection feature to all the versions of Chrome. The feature is already active in the current Chrome Canary edition. However, a more stable version will be available on Chrome 73, scheduled for release in March or April.
The Bad
January witnessed numerous data breaches and cyber attacks that saw the exposure of millions of people's personal information across the globe. BlackMediaGames suffered a data breach compromising almost 7 million user accounts. Oklahoma Securities Commission accidentally leaked 3 TB data including internal documents belonging to FBI. An online Casino group inadvertently exposed over 108 million records containing information such as bets, wins, deposits, and more. Collection #1 breach totaled 773 million email addresses and almost 22 million unique passwords. Last but not least, followed by Collection #1, the new Collection #2-5 breach totals 2 billion unique usernames and passwords.
BlackMediaGames was hit by a massive data breach compromising almost 7,633,234 user accounts. The breach was discovered after Dehashed, a Data-Mining and Hacked Database Search Engine, received an email that included the evidence of server access and provided details of the exposed database. The information compromised in the data breach included usernames, emails, passwords, IP addresses, Game & Forum activities, and payment information.
Abine Blur password manager suffered a data breach compromising private data of over 2.4 million users. The information compromised in the breach included users’ email addresses, first and last names, last and second-to-last IP addresses used to login to Blur, encrypted Blur passwords.
A new hacking campaign by TheHackerGiraffe hacked thousands of exposed Chromecasts, Smart TVs, and Google Home devices in order to stream a YouTube video promoting PewDiePie's YouTube channel, urging the users to subscribe to the channel and fix their devices.
Ethereum Classic token was hit by 51% attack, with deep chain reorganizations and double spends amounting to over $1 Million. ETC market cap fell by around 6% since the discovery of the attack.
Chinese fraudsters stole $18.6 million dollars from Tecnimont S.p.A. Tecnimont S.p.A’s India head was the primary victim of this attack. Attackers used spam emails to convince the Indian chief of a possible ‘acquisition’ in China and successfully sourced the money from the chief.
An unsecured storage server belonging to the Oklahoma Securities Commission exposed 3TB data files including sensitive FBI investigations. The exposed files included years of FBI data including FBI interviews, emails among people involved with investigations, bank transaction history, and letters from witnesses.
Set of email IDs and passwords of up to 2,692,818,238 rows from various sources were found to be hosted on cloud service MEGA. Out of which, 773 million were email addresses and almost 22 million were unique passwords. The large collection of files on the MEGA cloud service totaled over 12,000 separate files with almost 87GB data.
A misconfiguration issue in NASA web app that uses JIRA server has exposed sensitive information of employees and projects. The data exposed included usernames, email addresses and job roles of employees. The exposed server also contained the name of current projects and upcoming milestones.
An ElasticSearch server of an online casino group was left publicly available without a password, accessible to anyone. The leaky server exposed almost 108 million records containing information such as bets, wins, deposits, withdrawals, including payment card details.
An unprotected ElasticSearch database was left publicly available online without authentication for at least a period of two weeks which resulted in the exposure of almost 24 million bank loan and mortgage documents. The exposed documents included documents from Citigroup, Wells Fargo, Capital One, and the Department of Housing and Urban Development among others.
Followed by Collection #1 that totaled 773 million username-password leaks, Collection #2-5 totals 2.2 billion unique usernames and passwords. This confidential data is said to be distributed in online hacker forums and torrent websites. All of these leaked data seemed to have been drawn from earlier breaches of Yahoo, LinkedIn, and Dropbox.
Universiti Teknologi Mara (UiTM) has suffered a data breach affecting the records of around 1,164,450 students. The breach included the records of those students who were or are in the institute from 2008 to 2018. The leaked data included details such as students’ names, MyKad numbers, student IDs, campus codes, residence addresses and more.
New Threats
Several new malware, ransomware, vulnerabilities, and threat groups, emerged over the past month. A new Android malware dubbed ANDROIDOS_MOBSTSPY was found affecting users in almost 196 countries. Magecart group 12 recently compromised an advertising script to inject malicious code into hundreds of websites. A new ransomware family tracked as ‘Anatova’ was discovered by security researchers. In the meantime, researchers uncovered a critical bug in Apple iOS devices that could allow Facetime users to access the microphone and front camera of recipients.