Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Jul 1, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Jul 1, 2019
The Good
As we gear up to a new month of 2019, let’s quickly glance through all that happened over the past month. Before we get into the cybersecurity incidents and the new threats, let’s first acknowledge all the positive events that happened over the past month. Google announced its expansion of Android’s security key technology to iOS devices.
SK Telecom developed a new technology that allows quantum password keys to be switched and routed to different networks. Meanwhile, Microsoft announced a new feature called ‘OneDrive Personal Vault’ that adds a security layer to protect sensitive files.
Apple unveiled a new ‘Find My’ app, which is available on its Mac and iOS platforms. The new app is a merged version of ‘Find My Friends’ and ‘Find My iPhone’ apps. The purpose of the app is to help the users to locate their lost macOS and iOS devices even when they are not connected to Wi-Fi or a cellular network. The app leverages nearby Bluetooth-enabled Apple devices to accomplish the task.
Google announced that it is expanding Android’s security key technology to iOS devices. This implies that iPhone and iPad users could use Android smartphones as a security key while logging into their Google accounts on an iOS device. For this to work, users should have Bluetooth enabled on both their iOS and Android devices.
Instagram is testing a new in-app account recovery process to help its users recover their accounts in the event of hacks. This recovery process method would help users recover their accounts even if the hacker changed the user name and contact details.
The Commonwealth Scientific and Industrial Research Organisation's (CSIRO) Data61 announced that its researchers have developed a technique dubbed ‘Vaccination’ to protect AI and machine learning algorithms from adversarial attacks. This technique is currently used to identify spam emails, diagnose diseases from X-rays, and predict crop yields.
SK Telecom announced that it has developed a new technology that allows quantum password keys to be switched and routed to different networks. This technology allows networks to transfer a quantum password key to another network when the network being used is down. It will also allow routing of the transfer when connected to multiple networks.
Microsoft announced a new security layer for protecting sensitive files with its new feature ‘OneDrive Personal Vault’. This feature is a protected area in OneDrive that can be accessed only with the Microsoft Authenticator app or a second step of identity verification, such as fingerprint, face recognition, PIN, or authentication code. This feature is supported in web, Android, iOS, and Windows 10.
Financial services company Moody’s Corporation collaborated with cybersecurity think-tank Team8 for developing a framework to measure businesses’ defenses and preparedness against cyber attacks. This framework will help companies that engage in mergers and acquisitions or when purchasing cyber insurance policies.
The Bad
June witnessed numerous data breaches and cyber attacks that saw the exposure of millions of people's personal information across the globe. A cybersecurity firm revealed that a Chinese threat group had launched cyberattacks against several telecommunication companies across 30 countries since 2017. In another instance, the Chinese cyber-espionage campaign ‘Cloud Hopper’ compromised almost eight tech services companies. Meanwhile, the US Customs and Border Protection agency disclosed that the photos of travelers and license plates have been compromised in a cyber attack at one of its contractors.
The web payment page breach at American Medical Collection Agency (AMCA) has impacted millions of individuals of Quest Diagnostics, Laboratory Corporation of America Holdings (LabCorp) and Opko Health Inc. While Quest Diagnostics saw the compromise of personal & financial information of nearly 11.9 million patients, LabCorp disclosed that 7.7 million customers were affected in the breach. In addition, the data breach affected around 422,600 patients of OPKO Health Inc.
Private details of almost 100,000 Australian bank customers have been exposed in a cyber attack on WestPac’s PayID. An investigation revealed that the attack had begun on April 7, 2019. The company confirmed that no financial information was compromised in the attack.
A security lapse at IT giant Tech Data had exposed its customer and billing data. The incident occurred due to an unprotected database. The database contained a swath of customer personal data and records related to payment cards. After being informed by a research team from vpnMentor, the database was secured by Tech Data.
The Australian National University confirmed that around 200,000 people have been impacted in a data breach that took place in late 2018. The unauthorized party accessed a significant amount of personal data related to staff and students and visitors. The data is believed to be as old as 19 years.
An unprotected Elasticsearch database belonging to FMC Consulting had exposed millions of resumes and company data. The leaky database contained 884,178 internal emails, 5,392,816 company records, 110,000 customer records and 73,000 client messages. Upon learning this, CNCERT/CC immediately took down the unsecured database.
ASCO, one of the largest airplane parts manufacturer, suffered a ransomware attack crippling production in factories across four countries including Belgium, Germany, Canada, and the United States. ASCO’s factory in Zaventem, Belgium was hit by a ransomware infection causing major downtime as most of the plant’s IT systems were infected. As a result, almost 1,000 of its 1,400 workers were sent home.
A Distributed Denial of Service (DDoS) attack on Telegram messenger caused service outages and connection problems for users primarily in South and North America and other parts of the world. A botnet formed of compromised computers sent huge traffic to Telegram servers which resulted in unstable connections as the messenger could not handle all the requests. The attack originated from China during the Hong Kong protests.
E-invitations platform Evite admitted that it suffered a data breach in February. The stolen user data was actually put up for sale in the Dream Market marketplace by the infamous hacker ‘Gnosticplayers’. Evite also provided additional details about the breach. The social planning website revealed that an unauthorized third party gained access to an inactive data storage file that contained Evite user accounts prior to 2013.
The retro gaming site ‘Emuparadise’ suffered a data breach in April 2018, which led to the exposure of account details of almost 1.1 million Emuparadise forum members. The exposed account information included members’ email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes.
The US Customs and Border Protection agency (CBP) disclosed that the photos of travelers and license plates have been compromised in a cyber attack at one of its contractors. CBP said that one of its contractors transferred copies of license plate images and traveler photos collected by CBP to the company’s network, which was later compromised by an attacker. The agency did not reveal the name of the contractor, however, CBP’s public statement sent to the Washington Post included the name “Perceptics” in the title: “CBP Perceptics Public Statement”, indicating that the contractor was Perceptics.
Desjardins, one of the world’s largest banks suffered a security breach after a rogue employee stole the data of 2.9 million customers and disclosed to individuals outside Desjardins without authorization. The data leak impacted almost 2.7 million home users and 173,000 business customers. The financial institution fired the employee who was responsible for the data leak.
Mermaids UK disclosed that it had inadvertently published part of its email database on the internet between 2016 and 2017 that contained 1000 pages of confidential emails. The exposed emails included the private details of transgender children and young people.
A cybersecurity firm revealed that a Chinese threat group had launched cyberattacks against several telecommunication companies across 30 countries since 2017. The tools used in the attacks are linked to the APT10 threat group. The attackers attempted to obtain CDR data such as call logs, cell tower locations, etc. and attempted to compromise the critical assets of the telecom companies.
A hacker stole 9.3 million Ripple (XRP) coins worth $4.25 million and 2.5 million Cardano (ADA) coins worth $225,000 from the Bitrue cryptocurrency exchange platform. Bitrue administrators detected the hack and immediately shut down trading on their platform. The exchange also worked closely with HuobiGlobal, Bittrex exchange, ChangeNOW to freeze the affected funds and accounts.
The City Hall in Lake City, Florida which suffered a ‘Triple Threat’ ransomware attack on June 10, 2019, paid the attackers 42 bitcoins worth nearly $500,000 in order to recover the encrypted files. The city’s insurance provider had made the payment on June 25, 2019. Soon after, the attackers provided the decryption key to retrieve the city’s files and data.
Taiwan’s Ministry of Civil Service (MOCS) suffered a data breach compromising the personal information of almost 243, 376 civil servants including both local and central government officers. The compromised information included ID numbers, names, national identification card numbers, agency information, job designation, and the agencies the civil servants work for.
A ‘human hacking’ forum, Social Engineered had been breached and the user data has been published on a rival website. The data includes 89,000 unique email addresses linked to 55,000 forum account holders, usernames, IP addresses, and passwords. The data breach was due to a security hole in ‘My BB’ open-source software.
Unprotected Amazon Web Services cloud-computer servers belonging to Attunity exposed the company’s passwords and network information. The leaky servers also exposed sensitive information of some of its high-profile customers including Ford Motor Company and the Toronto-Dominion Bank.
Chinese hackers’ global hacking campaign ‘Cloud Hopper’ compromised almost eight tech services companies. The impacted companies include Ericsson, Hewlett Packard Enterprise, IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology
Attackers stole the administrative credentials of the cloud solutions provider PCM which was used to manage client accounts within Office 365. A security expert at a PCM customer said that the attackers prime motive was to steal client information that could be used to conduct gift card fraud at various retailers and financial institutions.
New Threats
Several new malware, ransomware, vulnerabilities, and threat groups emerged over the past month. Researchers spotted a new variant of DanaBot that comes with a new ransomware module. A new variant of Mirai botnet that uses 18 exploits to target IoT devices was spotted in the wild. Meanwhile, a critical vulnerability was uncovered in Outlook for Android app that impacted over 100 million users.