Cyware Monthly Cyber Threat Intelligence

Monthly Threat Briefing • Nov 1, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Nov 1, 2018
As we bid adieu to October, its time to summarize all the major breaches, attacks, malware, as well as new technologies that have emerged over the past month. Lets begin by lauding all the new positive developments that have occurred in the past month, California passed a new law that aims at boosting IoT security, researchers from the MIT created a new system to protect against Meltdown and Spectre attacks. Meanwhile, the US Cyber Command is dogging the heels of Russian online trolls attempting to distribute disinformation campaigns and warning them that they are being watched.
Google plans to enforce more stringent roles on developers to block malicious Chrome extensions. The new measures will give the users of extensions more control over which sites extensions can access. Google is also prohibiting extensions using obfuscated code. Extension developers will also have to do more to protect their developer accounts. For instance, starting 2019, extension developers will have to enable two-factor authentication for their accounts.
California passed a new law that aims at boosting IoT security. The new law makes it illegal for connected device manufacturers to ship devices with default passwords. The law also makes it mandatory for manufacturers to create a unique credential for each device, or ensure that the user is forced to create a unique password when they boot up the device for the first time.
The Wall Street Journal launched a programme designed to help small businesses improve their security. The WSJ Pro Cybersecurity program offers small business information about cyberthreats, security response methods, and more via its website and newsletters.
Researchers from MIT have created a new system which is able to reduce the risk of memory-based attacks such as Meltdown and Spectre. Lebedev and his team at MIT CSAIL are working on a system which they say is a more effective alternative to protecting modern PC architecture against timing attacks, and the invention has proven to be more secure than Intel's "Cache Allocation Technology" (CAT). The system labeled as the Dynamically Allocated Way Guard (DAWG) splits the cache into multiple buckets.
Passengers checking into flights at Shanghai's Hongqiao International Airport can now use their face to prove their identity thanks to the rollout of facial recognition technology. The airport this week unveiled self-service kiosks for flight and baggage check-in, security clearance, and boarding powered by facial recognition technology.
The Army’s Research, Development and Engineering Command is laying the groundwork for its artificial intelligence plans with a newly crafted strategy. The RDECOM strategy, which has not been made public, details where the command currently is regarding the development of AI capabilities, where it wants to go in the future, and defines taxonomy associated with the technology.
The European Union is gearing up to create new regulations that would impose economic sanctions on cybercriminals. In the face of increasingly sophisticated cyberespionage and cybercriminals campaigns, EU leaders are now mulling imposing sanctions on hackers to stem the flow of destructive cyberattacks.
The US Cyber Command is dogging the heels of Russian online trolls attempting to distribute disinformation campaigns and warning them that they are being watched. The operation is aimed at deterring more sophisticated Russian cyberattacks targeting US infrastructure.
Apple launched a new T2 security chip that is designed to stop attackers from spying on users. This new security feature is capable of disconnecting the microphone whenever the lid of the MacBook is closed. It is designed to help protect a device’s encryption keys, storage, fingerprint data, and secure boot features.
Google launched reCAPTCHA v3 that aims to better protect websites from spam and make the security procedure more user-friendly. The latest version of the security tool is designed to run an adaptive risk analysis in the background and provide websites with a score that shows how suspicious an interaction is.
Over the past month, numerous destructive data breaches, leaks and cyberattacks were observed. These attacks affected numerous government and private entities. Facebook acknowledged suffering a massive breach. Google plans to shut down Google Plus next year after a breach exposed 500,000 customers’ data. A water company already dealing with the aftermath of Hurricane Florence was attacked by a ransomware campaign resulting in one-of-its-kind a joint physical and a cyber disaster. Meanwhile, The HealthCare.gov’s sign-up system was hit by hackers who stole the data of around 75,000. Switzerland-based cryptocurrency exchange Trade.io was hacked and $7.5 million worth of cryptocurrencies was stolen.
The biggest data breach of the week award goes to Facebook. The tech giant acknowledged suffering a massive breach that compromised over 50 million user accounts. The attackers exploited a flaw that first appeared in July 2017, when Facebook made some changes in the video uploading feature. This is Facebook’s second breach in 2018. The previous breach made headlines after profile details of 87 million users were improperly accessed by the political data firm Cambridge Analytica.
Sales engagement startup, Apollo was hit by hackers who stole a database that contained 200 million contact records. The stolen database contained the contact details of prospective customers from 10 million companies. The compromised data includes customers’ names, email addresses, company names, and other business information.
Brazilian banks suffered a massive attack by cybercriminals who used a 100,000-strong botnet. The attack targeted users attempting to access the online banking sites of Brazilian banks were being redirected to phishing sites. The cybercriminals behind the GhostDNS botnet campaign are still scanning the internet for Brazilian routers with weak or no passwords.
Google will shut down Google Plus next year after a breach exposed 500,000 customers’ data. The breach was caused by an API bug, which, if exploited, could allow third-party apps to gain access to public profile information of Google Plus users’ friends.
The Slovak Foreign and European Affairs Ministry has become the target of a massive cyber attack, Slovak Prime Minister Peter Pellegrini said on Wednesday, adding that at the moment it's not possible to specify who is behind the attack. The prime minister added that the issues concerning the identity of attackers and the subject of their interest are currently the main objective of the ongoing investigation.
Around 35 million US voter records from the year 2018, were found on a popular hacking forum for sale. The seller was demanding $42,200 dollars for all the records from 19 states. The advertisement on the hacking forum says that the data sold is from updated statewide voter lists and contains vulnerable information including phone numbers, full addresses, and names of millions of US residents.
A water company in the US state of North Carolina already dealing with the aftermath of Hurricane Florence was left to juggle a complete database rebuild because of a nasty ransomware infection. ONWASA said that the attack began on October 4 when Emotet was first spotted on the utility's network. IT staff had thought to have contained the initial infection, only to see a second attack kick off in the wee hours of Saturday, October 13.
The HealthCare.gov’s sign-up system was hit by hackers who stole the data of around 75,000. The hackers gained access to the HealthCare.gov’s sign-up system, called the Federally Facilitated Exchange (FFE), which is used by the HealthCare insurance agents and brokers to enroll users into Obamacare plans.
Switzerland-based cryptocurrency exchange Trade.io was hacked and $7.5 million worth of cryptocurrencies was stolen. The stolen funds were stored in a cold storage wallet. The cryptocurrency exchange discovered the breach after it observed a large number of cryptocurrencies being transferred from one of the accounts associated with its cold storage wallets.
Hong Kong-based airline Cathay Pacific was hit by a massive data breach that compromised 9.4 million passengers’ data. Passengers' personal details including names, nationality, dates of birth, phone numbers, email addresses, passport numbers, identity card numbers, frequent flyer membership numbers, custom service remarks, and travel history might have been stolen by hackers.
Eurostar detected a breach and began resetting users passwords. The firm said that the cybercriminals behind the attack used Eurostar account holders’ usernames and passwords to infiltrate systems. It is still unclear as to how many users have been affected by the breach and whether the attackers succeeded in exfiltrating any sensitive corporate or user data.
October saw various new malware, vulnerabilities and other threats come out of the woodwork. White-hat hackers discovered 150 bugs in websites of the US Marine Corps. A previously unknown threat group called Gallmaker was brought to light by security experts. A new data reconnaissance campaign leveraging attack techniques dating back to the year 2010 and first used by APT1 was discovered. Meanwhile, a new Android malware dubbed TimpDoor was recently discovered and has already infected around 5,000 victims in the US.