Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Jan 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Jan 2, 2020
The Good
2019 was a busy year in the world of cybersecurity with many new reports of malware, vulnerabilities, and data breaches. For the month of December, let’s first begin with the positive developments in cyberspace. A group of researchers developed a new cryptography method for full secrecy based on a One-time pad (Vernam Cypher). Meanwhile, the U.S. Congress passed the TRACED Act to curb robocall spam menace. Also, global law enforcement took down the network of the notorious Imminent Monitor RAT (IM-RAT).
A group of researchers presented a new cryptography method for full secrecy based on a One-time pad (Vernam Cypher). The complex time-varying irreversible structures of silicon chips can be used as the one-time key, which cannot be recreated and intercepted as it is never stored anywhere. Also, the method is compatible with the existing optical communication infrastructure.
Apple opened its bug bounty program to all security researchers, shifting from an invitation-based bug bounty program. The company will now accept vulnerability reports for a much wider spectrum of products that includes iPadOS, macOS, tvOS, watchOS, and iCloud. In addition, the company has also increased its maximum bug bounty reward from $200,000 to $1,500,000, of course depending on the exploit chain's complexity and severity.
The US Congress passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act to fight against spam robocalls. The bill includes penalties of up to $10,000 per incident for robocallers that break the law and it pushes telcos to implement stricter call authentication technologies. It will make it easier for consumers to identify robocalls so that they can avoid answering them.
Google announced that it will offer financial aid to motivate volunteer work done by the open-source community for improving cybersecurity. The tech giant will help them arrange additional resources while prioritizing the security of its products. The support is available for both small teams ($5,000) as well as for a large team ($30,000) of developers.
The global law enforcement authorities dismantled the infrastructure behind the Imminent Monitor RAT (IM-RAT), a notorious remote access tool (RAT). Since first appearing in 2012, it was dubbed as the fastest remote administration tool ever created using new—and never used before—socket technology. According to Europol, the tool had more than 14,500 buyers across 124 countries and had been used to infect tens of thousands of victims.
The Bad
The month saw multiple data breaches and incidents that impacted organizations across the world. Smart home device maker Wyze confirmed a server leak that exposed the details of about 2.4 million customers. In other news, the online music streaming service Mixcloud exposed the information of over 21 million user accounts, which was also put up for sale on a dark web forum. Also, sophisticated Chinese hackers managed to steal $1 million during a transfer from a VC firm to a start-up.
Smart home tech makers Wyze Labs confirmed a data leak impacting over 2.4 million of its users. The incident had occurred due to an unguarded Elasticsearch database. The database was left open for over three weeks, from December 4 to December 26. Wyze products include smart devices like security cameras, smart plugs, smart lightbulbs, and smart door locks.
San Antonio’s Center for Health Care Services (CHSC) and Roosevelt General Hospital (RGH) in New Mexico, were forced to take down their computing systems following malware attacks. RGH suffered malware infection on November 14 and also requested its patients to monitor their credit reports for potential identity theft or fraud attempts.
The operators of Maze ransomware publicly released 2GB (of 32 GB) files that were stolen by them during the attack at the city of Pensacola. The crooks had demanded a $1 million ransom to decrypt the locked files. The attackers stated that they released the stolen data to prove to the media that they stole more than just a few files during the attack.
A database containing more than 267 million Facebook users’ IDs, phone numbers, and names was left exposed on the web without a password or any other authentication. Experts think this may be the result of an illegal scraping operation wherein bots might be used to copy sensitive information online. More sophisticated attacks could be also planned through this data since it includes both a phone number and an email address.
A data breach exposed personal data of nearly 6,000 students of Montgomery County, Maryland. Initially, what looked like a security incident affecting 1,344 accounts at one school, was later found to be affecting nearly 6,000 accounts, during multiple hack attempts involving more schools. The suspect reportedly performed a brute force attack.
Around 260 passengers were left stranded after RavnAir canceled at least a half-dozen flights in Alaska due to a cyberattack on its computer systems. Airlines said operations were expected to be slowed or disrupted for the next week because of the necessity of shutting down the IT network. The airline serves more than 100 communities in Alaska, many of which are not accessible by road.
A thief reportedly stole multiple unencrypted physical hard drives from a Facebook payroll staffer's car. Some tens of thousands of current and former Facebook employees were impacted. The company also faced criticism due to how long it took to come clean—the break-in took place on 17 November 2019. According to Bloomberg, banking information of 29,000 Facebook employees in the U.S. was compromised.
Online music streaming service Mixcloud suffered a data breach exposing the information of over 21 million user accounts. The exposed data was put up for sale for $4,000, or about 0.5 bitcoin, on a dark web forum. The data contained usernames, email addresses, and passwords that were hashed and salted using the SHA-2 algorithm.
The details of over 15 million Iranian bank cards were published online after hundreds of bank branches were set on fire last month by demonstrators. Experts suspect a state-sponsored cyberattack and the largest financial scam in Iran’s history. The breach, which mostly targeted Iran’s three largest banks, affected close to one-fifth of the population.
Chinese hackers managed to steal $1 million from being wired from a Chinese VC firm to an Israeli startup. The stolen funds were part of an upcoming multi-million dollar seeding fund for the startup. The hacker reportedly sent a total of 18 emails to the Chinese VC firm and 14 to the Israeli startup ahead of the compromised bank transfer.
New Threats
The discovery of new security threats made several headlines this month. A critical flaw in Citrix Application Delivery Controller and Citrix Gateway put 80,000 corporate LANs at risk. On the other hand, at least 200 equipment manufacturers across the world fell victim to a malware campaign called ‘Gangnam Industrial Style’. Moreover, Facebook-owned Whatsapp addressed a severe bug allowing a group member to crash the messaging app for other group members.