Cyware Monthly Cyber Threat Intelligence

Monthly Threat Briefing • Apr 2, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Apr 2, 2018
March witnessed many developments in the domain of cyber technology, research and innovation. The developments ranged from US Cyber Command consolidating its analytics support capabilities to the researchers from MIT and Harvard unveiling a new system that enhances privacy in private browsing. Researchers also developed a new technique involving the C++ homomorphic encryption to make it operate at a 75 times faster rate. Prominent Telecommunication companies joined forces to launch Mobile Authentication Task Force--to improve security solutions for mobile devices. The US Army moved towards developing a new method that would leverage brain-like computer architectures for integer factorization. Meanwhile, scientists at University of Texas at San Antonio (UTSA) developed a new algorithm that helps in detecting and preventing cyber attacks in real-time. The best news of all came with the approval of TLS 1.3 protocol that would enhance internet security.
The U.S. Cyber Command is looking forward towards an analytics solution housed in a contract called RAINFIRE. The command issued a request for information to gain insights on joint analytics support capabilities. The analytics solution is poised to serve the Capabilities Development Group and further integrate with different collaborative IT initiatives. The overall purpose is to support the cyber warfighters employed by the Department of Defense.
Researchers from the leading institutes of MIT and Harvard have come up with a new system that is tasked to improve the privacy in private browsing. The system has been named Veil and provides enhanced protection to the people sharing their computers with other people at different public or private venues like offices, hotels, business centers and even university computer centers. The new system can be integrated with the existing private-browsing systems and anonymity networks.
Researchers at IBM have remodified the C++ homomorphic encryption technique which is now said to be operating at 75 times faster rate. The technique allows users to operate on encrypted data sans decryption, thus enabling a secure operation. For instance, companies could use the technique to encrypt their cloud-based database and work on them without decoding the text. The first version of HElib C++ library was released by IBM three years ago.
Academics have come up with a new facial recognition system, named Face Flashing. The design works on two important factors viz. the light patterns that get reflected off a human face and the speed with which the system interprets the reflected light to detect any forgery attempt. The technique works with cameras and in connection with an LCD screen on computers, phones, and authentication panels.
Last year, prominent Telecommunication companies - AT&T, Verzion, Sprint, and T-Mobile had joined hands to launch Mobile Authentication Task Force. The focus was to create an improved security solution for their devices. The Telecom companies seem to have arrived at the solution that will now undergo further trials in coming weeks and would likely be available for adoption by the year-end.
Google has unveiled Bristlecone, a new quantum computing chip with 72 quantum bits much above the previous record holder of IBM with a mere 50-qubit processor. As per team Google, although few more tests are required but its expected that the chip will be available this year. Google has pinned high hopes on this chip that would help them achieve “quantum supremacy”, a point at which a quantum computer can do calculations beyond the reach of today’s fastest supercomputers.
Artificial Intelligence is now being leveraged by banks to provide enhanced security to consumer’s credit card data. Capital One has come out with a virtual credit card number for its customers to make online purchases. The technology behind the card is a browser extension that runs in the background of the cardholder’s computer automatically detecting when the person finishes off the shopping. Once the customer reaches a checkout page a virtual credit card number covering that person’s transactions with that specific retailer is generated and all payment fields on the site are filled. That way, if a retailer were to be hacked, or if the customer identified a fraudulent charge on their bill, Capital One could simply deactivate the compromised credit card alias, instead of replacing the card itself.
Researchers released a “kill switch” that effectively counters the memcached vulnerability bringing a downfall in the frequency of massive DDoS attacks being carried out by the hackers. The tool suppresses a memcached DDoS attack while leaving the compromised servers online. It makes use of ‘flush_all’ command to defeat the DDoS exploit.
U.S Army is moving closer to cracking codes with brain-like computers. A new method to leverage upcoming brain-like computer architectures for a well known old number-theoretic problem known as integer factorization has been discovered by scientists at the U.S Army Research Laboratory. The scientists have mimicked brain functions of mammals in computing and subsequently opened up paths to new age solution space that is very different from traditional architectures but nearer to devices that are able to operate within size-, weight-, and power constrained environments. The new technology will dramatically increase computing power in the battlefield and exponentially increase information processing and computational problem-solving capability.
If there is one thing on which almost everyone would agree, it would be needed for a faster internet. Now, researchers from the Moscow Institute of Physics and Technology are making progress in creating ultra-high-speed quantum internet by using a previously known substance called ‘silicon carbide’. The paper published in npj Quantum Information talks about increasing data transfer rate in unconditionally secure quantum communication lines to more than 1 Gbps bringing it at par with its classical counterpart. Silicon Carbide is a semiconductor that gave birth to the field of optoelectronics. It is the same material in which the phenomenon of electroluminescence was observed for the first time and later used to create the world’s first light-emitting diode (LED).
Scientists at the University of Texas at San Antonio (UTSA) have developed a new algorithm that may help detect and prevent cyber attacks on GPS-enabled devices in real time. Electrical Grids depend on GPS signals to understand time and location. For example, the US electrical power grid depends on GPS to give timestamps for its measurements at stations across the country. However, hackers can spoof these signals and disrupt the understanding of these signals. As of now, the algorithm has successfully mitigated the effects of spoofed GPS attacks on electrical grids and other GPS-reliant technologies.
A new tool has been developed that will enable electrical grid operators to better detect not only a physical attack but also raise an alarm for a hacker looking out for vulnerabilities in the critical links of the grid. The motivation for developing this tool came after a rifle attack on an electrical substation near California’s Silicon Valley in April 2013. The tool uses micro phasor measurement units to collect information regarding the physical state of the power distribution grid. When this data is combined with SCADA, it provides real-time insights into system performance and issues alerts for even minor disruptions.
After 4 years and 28 drafts, Internet Engineering Task Force (IETF) has passed the much needed update to internet security. TLS 1.3, as it is known, will be implemented in various software products ranging from Oracle’s Java to Google Chrome browser. The updates protocol will strive towards thwarting any attempts by state or non-state actors to eavesdrop and intercept HTTPS and other encrypted network traffic. Furthermore, it will also help fasten secure communication owing to its streamline approach.
DARPA has started working on a new program, Collection and Monitoring via Planning for Active Situational Scenarios (COMPASS), that would use technology to get inside the enemy’s head thereby learning about their intent in the nebulous “gray zone” of conflict. The programme would work towards developing a new software that would monitor the enemy response to stimuli and attempt to discern enemy intentions. If this technology is successfully developed, it will completely change the course of future warfare.
Well, March was pretty bad with Facebook data breach being the biggest one--impacting at least 50 million people. The data breach raised several questions, both moral and legal, regarding social media policies. The other big news was the largest DDoS attack that was carried out. Memcached-based DDoS attack, as it is called, broke the previous record set up by Dyn attack thereby emphasizing on the fact the high intensity DDoS attacks are going to be the new normal. The other significant news came from the Equifax that made a staggering revelation of increasing the toll of the affected in the previous data breach by 2.4 million. Overall, the month of March was more damaging than February.
Earlier this week, the US Marine Corps Force Reserve was at the receiving end of a major data breach that lead to the disclosure of sensitive information of over 21,000 Marines, sailors and civilians. The data breach occurred due to accidental exposure in an unencrypted email. The DoD’s Defense Travel System (DTS) sent an email, to a wrong distribution list, that included an attachment containing the sensitive information related to the affected people.
The famous web-based hosting service GitHub suffered a massive 1.35 Tbps Denial of Service attack this week. GitHub got clogged and went down multiple times this week until the humongous traffic was moved to Akamai, the cloud computing company that was tasked to provide protection from such attacks. As per security analysts, such attacks would become the new normal in coming times.
The infamous Equifax breach is still throwing up with new revelations. This week, the company discovered that additional 2.4 million U.S consumers that were affected by the cyber attack. As of now the total count of the affected has totaled to 147 million. In the newly discovered breach, the victims were found to have their sensitive details like names and partial driver’s license information stolen. The good news was that the hackers could not get their hands on their Social Security numbers.
Security researchers have discovered a massive trove of data that was exposed due to an unprotected Amazon Web Services S3 bucket. The breach affects the company named Birst, a Cloud Business Intelligence and Analytics firm. The exposed database is 50.4 GB worth of data of one of Birst’s users Capital One, a McLean, Virginia based financial services giant and eighth-largest commercial bank in the United States. The leaked data contained technical information on Birst appliance specially configured for Capital One’s cyberinfrastructure.
The Memcached-based DDoS attacks have taken the entire security world by surprise. After GitHub, another company was targeted by the hackers. In a blog post, Arbor Networks uncovered a massive 1.7 Tbps DDoS attack targeting customers of a US-based internet service provider. The attack was carried out using the same technique that was used in the 1.35Tbps attack on GitHub. The number of affected victims has not been disclosed yet.
Danish Telecom company TDC's recently reported about network problem which could potentially affect their customers in Denmark, Sweden, and Norway. Due to the network failure, at least 450,000 of their customers who are predicted to be affected, were unable to make or receive any call. The problem is yet to be identified.
A security researcher has managed to identify nearly 50,000 websites which have been infected with crypto-jacking scripts. These websites include government and public service agency portals. At least, 7,368 of these compromised sites are powered by WordPress. However, some these sites have already been cleared away with the malware. According to the researcher, Coinhive continues to be the most widespread crypto-jacking script out there, accounting for close to 40,000 infected websites – a stunning 81 percent of all recorded cases.
RMH Franchise Holdings disclosed that more than 160 Applebee's restaurants across the US were affected by an anonymous malware that was found on point-of-sale (PoS) systems. The malware was designed to extract details such as names, credit/debit card number, expiration dates and card verification codes, though it did not impact payments made online or using self-pay tabletop devices. In a majority of cases, the malware was present in PoS systems since December 6, 2017, while in some cases the malware has been active since November 23 or December 5, 2017.
Researchers from a German security firm have revealed that the Chicago based famous jewelry brand Limoges Jewelry owner MBM Company has suffered a data breach impacting over 1.3 million people. As per the report, the company was allegedly handling customer details improperly over an unsecured Amazon S3 storage bucket. The leaked information includes addresses, zip-codes, e-mail addresses, IP addresses and even plain text passwords.
St. Louis healthcare facility, BJC HealthCare, disclosed that a data storage error had potentially compromised patient records impact 33,420 people. As per the disclosure made, the data was publicly available for nine months due to a misconfigured server that was left without a security protocol in place allowing someone to view scanned documents containing patient's driver's licenses, insurance cards and treatment-related documents from 2003 to 2009.
Another healthcare facility made an announcement of a breach that might have impacted medical records of about 135,000 patients. St. Peter’s Surgery & Endoscopy Center revealed that it had unearthed a breach that occurred on 8th January 2018 with an unauthorized party gaining access to its servers. As per the healthcare facility, despite no evidence of hackers gaining access to patient data being found, it could not be conclusively ruled out that hackers did not access personal and medical information of patients including their names, date of birth, addresses, diagnosis codes, insurance information, and Medicare details.
One of the largest social media breaches in the history impacting 50 million people was unearthed when a whistleblower disclosed how Cambridge-Analytica violated privacy policy of Facebook to steal personal information of the users. An app, named My Digital Life, developed by the firm Cambridge Analytica paid 270,000 account holders to take a personality test. However, the data was then used to steal every account holders friend information. The information was later used to send targeted political advertisements. The breach has raised various serious questions and impacted the credibility of Facebook. Many governments across the world are now planning to posture their social media laws to prevent any misuse of data for manipulation of voters.
The famous fast-moving-games business Camelot has asked millions of National Lottery players to change their passwords following a suspicious activity involving lottery accounts. As per Camelot, the hackers have not been able to access core systems or databases and hence lottery draws or prizes have remained unimpacted. However, it has recommended about 10.5 million registered users to change their login passwords after a number of unauthorized logins were noticed. As per the officials, the account breaches might have been carried out through “credential stuffing” attack.
Soon after the United States disclosed that Russia had been targeting its energy sector, a new attack on PREPA, an energy utility organization, was reported from Puerto Rico. The company revealed that though hackers had succeeded in hacking it, but no customer data was compromised. The official disclosure further revealed that PREPA’s customer service system was not affected though the attack led to longer wait times at its service center.
Orbitz, a subsidiary of online travel agency Expedia Inc suffered a data breach impacting 880,000 payment cards. As per the official statement, hackers may have accessed personal information from about 880,000 payment cards. The breach is learned to have occurred somewhere between Jan. 1, 2016 and Dec. 22, 2017, for the partner platform and between Jan. 1, 2016 and June 22, 2016, for the consumer platform. The information that may have been stolen includes phone numbers, names, email and billing addresses. The company assured that social security numbers of its U.S customers were not impacted in the breach.
City of Atlanta’s computer systems were attacked probably by SamSam ransomware. The incident was confirmed by an official statement that disclosed the incident involving city computer’s experiencing outages on internal and customer-facing applications. While the attack did not impact the services but some applications that customers use to pay bills or access court-related information were severely impacted. As of now, there is no clarity if any personal or financial information or any kind of employee data has been compromised.
The Russian-linked Fancy Bears hacker group was found targeting Britain’s anti-doping agency attempting to disrupt its systems. However, as per the statement released by the agency, none of the data was compromised and no core activity including their testing program suffered any kind of impact. While the agency did not point towards any hacker group but given the past cyber incidents in which Fancy Bears targeted WADA and IOC, the experts did not have to brainstorm much to guess the actor involved.
An Post customers suffered a security incident when the company shared their sensitive details without their knowledge with a subsidiary. The incident impact about 8,000 customers who had asked the company to redirect their mail to a new address. The file containing the data was sent to Dublin-based Precision Marketing Information Limited which trades as Data Ireland. As per the information disclosed, the data breach occurred between April 2016 to September 2017.
Medical records of at least 42,000 patients were impacted when a Long Island, N.Y., a medical center left exposed a port normally used for remote synchronization. Security researchers found that port 873, used for remote synchronization and moving data between devices, on the server belonging the medical practice was configured open allowing access to anyone who knew the server’s IP address.
The WannaCry ransomware attack was once again in new when in infected few computers at Boeing’s production facility. After the initial scare that the ransomware might have brought down the production equipment, the company executive dispersed fear-mongering by stating that the attack had been contained with minimal damage. As per the company statement, the infection was limited to a few machines and there was no interruption to the 777 jet program or any other program.
March also witnessed the hackers unveiling new malware with increased sophistication. A new version of the GandCrab ransomware was discovered by security researchers. A new trojan with code cannibalization feature was found targeting Brazilian institutions. The highlights of the month included Qrypter malware - developed by an underground hacker group called ‘QUA R&D’ and targeting hundreds of organizations all across the world in a series of attacks, ThreadKit - a new exploit kit delivering multiple payloads for advanced threat actors, and GoScanSSH - a malware targeting linux-based systems that carefully avoids machines connected to government or military networks.