Cyware Monthly Cyber Threat Intelligence

Monthly Threat Briefing • February 1, 2019
Monthly Threat Briefing • February 1, 2019
The Good
As January comes to an end, let’s brush up all that happened in the cybersecurity landscape over the month. Let’s first start with all the good events that happened in the past month. USB Type-C Authentication Program was launched to protect against non-compliant chargers and malicious devices.T-Mobile announced caller verification technology to combat Spammers. Researchers have developed a machine named ‘Mayhem’ that detects software vulnerabilities and patches them. Meanwhile, Google is working on a feature that provides protection against ‘drive-by-download’ attacks.
The Bad
January witnessed numerous data breaches and cyber attacks that saw the exposure of millions of people's personal information across the globe. BlackMediaGames suffered a data breach compromising almost 7 million user accounts. Oklahoma Securities Commission accidentally leaked 3 TB data including internal documents belonging to FBI. An online Casino group inadvertently exposed over 108 million records containing information such as bets, wins, deposits, and more. Collection #1 breach totaled 773 million email addresses and almost 22 million unique passwords. Last but not least, followed by Collection #1, the new Collection #2-5 breach totals 2 billion unique usernames and passwords.
BlackMediaGames was hit by a massive data breach compromising almost 7,633,234 user accounts. The breach was discovered after Dehashed, a Data-Mining and Hacked Database Search Engine, received an email that included the evidence of server access and provided details of the exposed database. The information compromised in the data breach included usernames, emails, passwords, IP addresses, Game & Forum activities, and payment information.
Abine Blur password manager suffered a data breach compromising private data of over 2.4 million users. The information compromised in the breach included users’ email addresses, first and last names, last and second-to-last IP addresses used to login to Blur, encrypted Blur passwords.
A new hacking campaign by TheHackerGiraffe hacked thousands of exposed Chromecasts, Smart TVs, and Google Home devices in order to stream a YouTube video promoting PewDiePie's YouTube channel, urging the users to subscribe to the channel and fix their devices.
Ethereum Classic token was hit by 51% attack, with deep chain reorganizations and double spends amounting to over $1 Million. ETC market cap fell by around 6% since the discovery of the attack.
Chinese fraudsters stole $18.6 million dollars from Tecnimont S.p.A. Tecnimont S.p.A’s India head was the primary victim of this attack. Attackers used spam emails to convince the Indian chief of a possible ‘acquisition’ in China and successfully sourced the money from the chief.
An unsecured storage server belonging to the Oklahoma Securities Commission exposed 3TB data files including sensitive FBI investigations. The exposed files included years of FBI data including FBI interviews, emails among people involved with investigations, bank transaction history, and letters from witnesses.
Set of email IDs and passwords of up to 2,692,818,238 rows from various sources were found to be hosted on cloud service MEGA. Out of which, 773 million were email addresses and almost 22 million were unique passwords. The large collection of files on the MEGA cloud service totaled over 12,000 separate files with almost 87GB data.
A misconfiguration issue in NASA web app that uses JIRA server has exposed sensitive information of employees and projects. The data exposed included usernames, email addresses and job roles of employees. The exposed server also contained the name of current projects and upcoming milestones.
An ElasticSearch server of an online casino group was left publicly available without a password, accessible to anyone. The leaky server exposed almost 108 million records containing information such as bets, wins, deposits, withdrawals, including payment card details.
An unprotected ElasticSearch database was left publicly available online without authentication for at least a period of two weeks which resulted in the exposure of almost 24 million bank loan and mortgage documents. The exposed documents included documents from Citigroup, Wells Fargo, Capital One, and the Department of Housing and Urban Development among others.
Followed by Collection #1 that totaled 773 million username-password leaks, Collection #2-5 totals 2.2 billion unique usernames and passwords. This confidential data is said to be distributed in online hacker forums and torrent websites. All of these leaked data seemed to have been drawn from earlier breaches of Yahoo, LinkedIn, and Dropbox.
Universiti Teknologi Mara (UiTM) has suffered a data breach affecting the records of around 1,164,450 students. The breach included the records of those students who were or are in the institute from 2008 to 2018. The leaked data included details such as students’ names, MyKad numbers, student IDs, campus codes, residence addresses and more.
New Threats
Several new malware, ransomware, vulnerabilities, and threat groups, emerged over the past month. A new Android malware dubbed ANDROIDOS_MOBSTSPY was found affecting users in almost 196 countries. Magecart group 12 recently compromised an advertising script to inject malicious code into hundreds of websites. A new ransomware family tracked as ‘Anatova’ was discovered by security researchers. In the meantime, researchers uncovered a critical bug in Apple iOS devices that could allow Facetime users to access the microphone and front camera of recipients.