Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Sep 3, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Sep 3, 2019
**The Good **
As we bid adieu to August, its time to recap all that happened in cyberspace over the month. Researchers from the Georgia Institute of Technology developed a tool dubbed SkyWalker to check vulnerabilities in mobile apps. The Global Cyber Alliance launched a cybersecurity development platform named AIDE for the Internet of Things (IoT) products. Meanwhile, major tech companies including Alibaba, Google Cloud, IBM, Intel, Microsoft, joined the Confidential Computing Consortium.
Microsoft has launched the Azure Security Lab and doubled its Azure bug-bounty reward to $40,000 in an effort to further strengthen cloud security. The newly-launched Azure Security lab is isolated from the main Azure framework in order to prevent hacking attempts and tests from disrupting the normal functionality.
The Global Cyber Alliance, an international cross-sector effort designed to address cyber risks, launched the Automated IoT Defence Ecosystem (AIDE), a cybersecurity development platform for the Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers, and individuals to identify and patch vulnerabilities, and secure IoT devices against cyber threats.
Major tech companies including Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent joined a new industry group named the Confidential Computing Consortium, which focuses on promoting secure computing practices. This consortium plans to bring together hardware vendors, developers, and others to promote the use of confidential computing, and better protect data.
Google has announced a new bug bounty program named ‘Developer Data Protection Reward Program’ (DDPRP) through which researchers can report cases of data abuse in Android apps, OAuth projects, and Chrome extensions. The tech giant has also announced the expansion of its ‘Google Play Security Rewards Program’ (GPSRP) to include all Android apps from the Google Play Store with over 100 million or more installs.
A team from the Georgia Institute of Technology has developed a tool dubbed SkyWalker to check vulnerabilities in mobile apps that use multiple cloud services. The tool lets app developers audit various cloud-based tools and find vulnerabilities before they integrate them into their products.
The Bad
This month witnessed numerous data breaches and cyber attacks that led to the exposure of millions of people's personal information across the globe. Twenty-two local government entities in Texas fell victim to a coordinated ransomware attack. Magecart attackers have compromised over 80 e-commerce websites that were running an outdated version of Magento. Last but not least, Silence hackers targeted banks across 30 countries including China, Russia, the United Kingdom, Bangladesh, and Bulgaria, among others.
A coordinated ransomware attack targeted almost twenty-two local government entities in Texas. The impacted organizations are not revealed because of security concerns, however, two of the impacted municipalities, the City of Borger and the City of Keene publicly disclosed that they’ve been impacted by the ransomware attack. The threat actor who attacked Texas governments demanded a collective ransom payment of $2.5 million.
Security researchers have discovered that Magecart attackers have compromised over 80 eCommerce websites that were running an outdated version of Magento. 25% of these compromised websites are large brands in the motorsports industry and luxury retail.
CafePress suffered a data breach compromising over 23 million customer accounts, email addresses, and other records containing personal information. According to HaveIBeenPwned, CafePress was hacked in February 2019 and almost 493,000 accounts are being sold on hacker forums.
Researchers have found several misconfigured Jira servers that have been leaking information about internal projects and users belonging to large organizations such as Google, NASA, Yahoo, and Lenovo, among others. The leaked data includes names, roles, and email addresses of employees who are involved in various projects of an organization, along with the current state and development of those projects.
An unprotected server belonging to Boeing had exposed full code designed to run on the Boeing 737 and Boeing 787 passenger jets. The leaked code for a component of the Boeing 787 passenger jet has security flaws in it. These vulnerabilities can be abused by an attacker to send malicious commands to far more sensitive components that control the plane’s safety-critical systems, including its engines, brakes, and sensors.
A fraudster bribed AT&T employees over $1 million to unlock mobile phones and install unauthorized devices on the company's internal network for over five years between 2012 and 2017. This resulted in millions of mobile phones being removed from AT&T’s service or payment plans. However, the fraudster has been arrested and extradited to the U.S.
According to a new report published by Group-IB, Silence hackers launched 16 campaigns against banks across 30 countries including China, Russia, the United Kingdom, Bangladesh, and Bulgaria, among others. Within a span of 3 years, from June 2016 to June 2019, Silence hackers have stolen at least 4.2 million US dollars.
New Payments Platform Australia (NPP) disclosed that PayID records and associated data in the Addressing Service were exposed in a data breach caused by a vulnerability in one of the financial institutions sponsored by Cuscal Limited. The exposed PayID records include PayID names and the associated account numbers. However, NPP confirmed that none of the exposed data can enable the withdrawal of funds from a customer’s account.
An unprotected database belonging to a popular movie-ticket subscription service MoviePass exposed almost 161 million records of customer credit card data. The exposed records revealed details such as debit card numbers, expiry date, customer card balance, and card activation date. Researchers also said that more than 58,000 records contained customer card data and the customer count was growing by every minute.
Hostinger, a web hosting provider, has been hit with a data breach incident, that has impacted nearly 14 million customers. The data breach occurred after an unauthorized third party gained access to its internal API server. The compromised server contained clients’ first names, usernames, email addresses, hashed passwords, and IP addresses.
Mastercard suffered a security incident, exposing customers’ information on the internet after its Priceless Specials loyalty program was breached. The exposed information includes customers' names, dates of birth, gender, email addresses, phone numbers, home addresses, payment card numbers, and the time of first registration with Priceless Specials.
Imperva has disclosed that it suffered a data breach incident impacting the users of its Cloud Web Application Firewall (WAF) product, previously known as Incapsula. The data exposure has impacted a subset of customers of its WAF product who had accounts registered up until September 15, 2017. The exposed Incapsula customer database included email addresses and hashed and salted passwords. A few Incapsula customers also had their API keys and customer-provided SSL certificates exposed.
Largest lodging franchisor Choice Hotels suffered a data breach which resulted in the exposure of some 700,000 customers’ records. The cybercriminals had managed to gain access to the unprotected MongoDB database to steal the records and left behind a ransom note, asking a ransom of $3,800.
Another publicly accessible database had leaked biometric data of over 1 million people who used Biostar 2 app. The exposed information included fingerprint records, facial recognition information and other personal details.
Hundreds of dental practice offices in the US had their data and patient records encrypted by Sodinokibi ransomware. On August 26, 2019, Sodinokibi aka Revil infected DDS Safe, an online backup product from Digital Dental Record (DDS), through its cloud management provider, PercSoft. Over 400 dental practices have been impacted by the ransomware attack.
New Threats
Several new malware, ransomware, vulnerabilities, and threat groups emerged this month. Researchers uncovered a new version of the Trickbot that steals PIN codes from Verizon Wireless, T-Mobile, and Sprint users. Researchers uncovered a new speculative-execution vulnerability dubbed ‘SWAPGS’ that impacts CPUs in Windows and Linux based machines. Meanwhile, new variants of Neko, Mirai and Bashlite botnets affecting various router models and IoT devices were detected by researchers.