Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Apr 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Apr 2, 2020
The Good
The month of February witnessed much hustle and bustle in the cyber threat landscape, including some path-breaking research by some of the security experts. Recently, a group of researchers devised a method called DEEP-Dig to fool hackers into sharing their tactics. Meanwhile, researchers at Open Cybersecurity Alliance introduced a new language framework to connect cybersecurity tools via a common messaging platform. In other news, scientists developed an automatic system to create random strings of numbers and encryption information.
A new cyber defense approach called DEEP-Dig (DEcEPtion DIGging) that focuses on improving intrusion detection of a system, has been developed by a group of scientists at the University of Dallas. The approach will trap malicious actors into a decoy site, allowing machines to learn their tactics. Researchers anticipate that the approach will benefit defense organizations.
A team of researchers devised a powerful approach to secure web browsers last month. The new method works by shifting some of the browser code into ‘secure sandboxes’ that prevent malicious code from taking over a user’s computer. This new strategy is now a part of the Firefox browser’s test release for the Linux operating system.
The Open Cybersecurity Alliance (OCA) launched a new language framework called OpenDXL Ontology to connect cybersecurity tools through a common messaging framework. The new framework aims to eliminate the need for custom integration between entities such as endpoint systems, firewalls, and behavior monitors.
For the first time, scientists built a robotic system that uses the crystallization process to create random strings of numbers and encrypted information. This method proves to be a good alternative to existing true random number generators which usually takes a longer time to crack the algorithm.
Japan CERT released a new utility tool called EmoCheck that allows Windows users to check if they are infected with the Emotet trojan. Once installed on a system, the tool scans for the trojan and if it is found, it alerts the user with the process ID and the location of the malicious file.
The Bad
Also, some of the big firms around the world leaked out terabytes of data due to unsecured database servers. Rallyhood, a community collaboration platform, disclosed nearly 4.1 terabytes of files via unprotected bucket. There were more firms that faced similar incidents, including Tetrad and Decathlon. While Tetrad, a US market analysis firm, laid bare 120 million records of Americans, sports giant Decathlon leaked 123 million records belonging to UK and Spain customers.
Rallyhood exposed nearly 4.1 terabytes of files via an unprotected AWS S3 bucket, giving anyone access to a decade’s worth of user files. Some of the files contained sensitive data like shared passwords lists, contracts, and other permission slips and agreements.
Around 747GB data related to 120 million Americans was exposed by a market analysis company Tetrad due to a misconfigured Amazon S3 bucket. The leaky database included data from Chipotle, Kate Spade, and Bevmo.
Sports giant Decathlon also made headlines last month for revealing 123 million records due to an unsecured Elasticsearch server. It contained information belonging to Decathlon Spain and possibly its UK business as well.
A data breach at Dutch airline Transavia affected the data of as many as 80,000 passengers. The compromised data dated back to 2015 and included passengers’ full names, dates of birth, and information regarding luggage reservations.
Over 10.6 million guest records stolen from MGM Resorts were posted on an online hacking forum last month. The compromised records included data of regular tourists, celebrities, government officials, reporters, CEOs and professionals from tech firms.
A popular photo app, PhotoSquared leaked around 94.7 GB data containing over one million records due to a misconfigured S3 database. The records dated back from November 2016 to January 2020. The exposed data included user photos, order records, receipts, and shipping labels.
Public Services and Procurement Canada inadvertently shared the data of more than 69,000 public servants with the wrong people. The data leaked included full names, personal record identifier numbers, home addresses, and overpayment amounts of employees.
Cosmetics giant Estée Lauder Companies Inc. came under fire for leaking over 440 million records publicly due to an unprotected database. The exposed records included emails in plain text, internal documents, middleware logs, and more. The duration of the data breach was unknown.
TastSelv Borger tax portal, managed by the US company DXC Technology, accidentally leaked the personal data of 1.2 million Danish citizens due to a software error. The bug was rectified as soon as DXC became aware of it.
Australian logistics company, Toll Group fell victim to a ransomware attack. The firm became aware of it on January 31, 2020, and immediately disabled the relevant systems to prevent the ransomware infection. Over 1000 servers crippled due to the attack.
An open and publicly accessible database belonging to an email marketing firm, Pabbly exposed nearly 51 million records. The exposed records dated back to 2014 and contained customer names, email addresses, subject lines, email messaging, and internal data.
An S3 bucket owned by FutebolCard leaked 25GB of sensitive data belonging to supporters of a number of Brazilian organizations. The exposed information included names, contact details, dates of birth, marital status, social security numbers, and payment method of fans. Futebol rectified the issue on January 31, 2020, by taking the bucket offline.
New Threats
In new threats for the month, researchers released details about a new threat called KrØØk that impacted Wi-Fi chips provided by Broadcom and Cypress. Also, the infamous BlueKeep flaw returned to affect over 55% of medical imaging devices. Whereas, researchers spotted a variant of Racoon info-stealer targeting over 60 web applications.