Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Sep 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Sep 2, 2020
The Good
There is a lot going on in the cyber world, but all is not bad. A group of academic researchers discovered a new AI technique to ward off cyberattacks on medical devices whereas, another research group developed an AI-model that identifies cryptocurrency supercomputers to mine cryptocurrencies. In another vein, the National Institute of Standard and Technology (NIST) released the penultimate version of its Zero Trust Architecture for organizations.
Researchers at the Ben-Gurion University of the Negev developed a new AI technique to protect medical devices from malicious operating instructions in a cyberattack, as well as other human and system errors. The technology will help analyze the instructions sent from PC to connected devices, detecting the presence of any anomalous code.
Researchers at Los Alamos National Laboratory developed a new AI-driven model that can identify malicious codes used to hijack supercomputers to mine for cryptocurrencies, such as Bitcoin and Monero.
MITRE released a new Shield framework to help organizations actively detect and counter intruders on their networks. The framework includes different tactics to detect, disrupt, and contain attacks from intruders.
The NIST unveiled the final version of its Zero Trust Architecture for cybersecurity leaders, administrators, and managers to provide a better understanding of the Zero Trust environment. This framework has been developed in collaboration with multiple federal agencies.
The Bad
Last month, several cybercriminal groups were observed evolving their TTPs and going on an attacking spree on organizations globally. A series of DDoS attacks on New Zealand’s stock exchange (NZX) disrupted its trading operations for four consecutive days. Meanwhile, ransomware actors rained attacks on Valley Health Systems, LG, Konica Minolta, and Brown-Forman, among other renowned firms. Moreover, the University of Utah had to pay a ransom of over $450,000 to prevent student data from getting leaked.
Utah Pathology Services disclosed undergoing a data breach that resulted in the exposure of the personal information of approximately 112,000 patients. The hackers also attempted to redirect funds exploiting an employee’s account.
NZX was offline for four days after a group of cybercriminals launched DDoS attacks on its networks. NZX resumed trading later without giving any clarity on the attacker.
REvil ransomware operators claimed to have breached and stolen sensitive data from Valley Health Systems, a regional healthcare system that serves nearly 75,000 patients in Southern West Virginia, Southeast Ohio, and Eastern Kentucky.
Active since 2018, the Lazarus threat actor group has been found to be associated with an ongoing cyberespionage campaign. The campaign, which is carried out through Linkedin, has targeted businesses in at least 14 countries including the U.K and the U.S.
The University of Utah paid a ransom of over $450,000 to prevent the ransomware gang from leaking student data on the internet. The decision was made by the university to protect the integrity of the data even after it was restored from backups.
Even the Japanese technology giant, Konica Minolta, and the U.S. wine and spirits company, Brown-Forman, were not spared from the terror of ransomware attacks. While the ransomware behind Konica Minolta is still unknown, the attack on Brown-Forman was conducted using the REvil ransomware, which pilfered around 1TB of data.
The South African branch of the consumer credit reporting agency, Experian, disclosed a data breach that impacted the personal details of 24 million South Africans and 793,749 local businesses. The incident occurred after the agency handed over some sensitive data to a fraudster posing as a client.
The U.S. chipmaker, Intel, found itself in a soup after 17GB of its data was leaked on the file-sharing site, MEGA. The exposed data consisted of files from the Intel Resource and Design Center, different Intel development and debugging tools, roadmap documents, schematics of various processors, and others.
An artificial intelligence company, Cense, leaked 2.5 million records that contained sensitive medical data and PII. The breached data was stored directly on the same IP address as Cense’s website.
Nine data leak incidents that compromised the medical data of 200,000 U.S. users came to light after researchers discovered misconfiguration issues in GitHub repositories. The affected entities included Xybion, MedPro Billing, Texas Physician House Calls, VirMedica, MaineCare, Waystar, Shields Health Care Group, and AccQData.
Adit, a Houston-based patient management software provider, laid bare personal and sensitive information of 3.1 million patients via an unsecured database for about 10 days. Surprisingly, the database was later, allegedly, deleted by Meow Bot, an automated bot.
The Maze ransomware gang published over 70GB data stolen from LG and Xerox on its leaked site following failed ransom negotiations. Summit Medical Associates also disclosed a ransomware attack that affected the personal information of patients and affiliates.
A report found that Russian-speaking hackers compromised the VPN authentication data of 38 large Japanese companies in the Pulse Secure VPN breach. A hacker had, reportedly, exposed plaintext usernames and passwords, session cookies, IP addresses, and other details of more than 900 Pulse Secure VPN servers in the first week of August.
New Threats
Attackers are continuously testing enterprise security systems and exploring new ways to get through. In one attack campaign, cybercriminals were seen exploiting Unicode and HTML/CSS to manipulate systems and bypass security checks. In another camp, the U.S. government warned against the BeagleBoyz group that has attempted to swindle $2 billion since 2015. Moreover, security experts red-flagged several new threats, including BLINDINGCAN and FritzFrog, challenging the cyber readiness of organizations.