Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Dec 2, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Dec 2, 2019
The Good
November just rolled by and it’s time to recollect the cybersecurity happenings of the past month. To begin with, let’s first glance through all the good that has happened in cyberspace this month. The Cybersecurity Protocol for International Arbitration (2020), a set of detailed guidelines on cybersecurity measures for individual arbitration matters was released. Google has launched an initiative called ‘OpenTitan’ that focuses on the cybersecurity posture of devices in data centers. In other news, the U.S. Air Force plans to launch ‘Infrastructure Asset Pre-Assessment program’, a program to rate the cybersecurity of commercial satellite communication companies.
The Cybersecurity Protocol for International Arbitration (2020), a detailed guideline set on cybersecurity measures for individual arbitration matters was released as part of New York Arbitration Week. These guidelines were the work of a cybersecurity group including representatives from the New York City Bar Association (City Bar), the International Institute for Conflict Prevention & Resolution (CPR), and the International Council for Commercial Arbitration (ICCA).
Google has launched a new open-source silicon root of trust project. Named ‘OpenTitan’, this project focuses on boosting the cybersecurity posture of servers, storage, and other devices in data centers. OpenTitan is said to be managed by lowRISC, a non-profit organization.
The U.S. Air Force is planning to launch a cybersecurity program called ‘Infrastructure Asset Pre-Assessment program’ for satellite communication companies to streamline pre-assessment procedures for contractors. According to this program, satellite communication providers must undergo assessments to ensure that they meet the National Institute of Standards and Technology regulations.
The U.S. Internal Revenue Service is planning to launch a cyber safety campaign that coincides with the year’s busiest online shopping period. Named ‘National Tax Security Awareness Week 2019’, the campaign is set to run from December 2 through December 6. YouTube videos that educate shoppers are said to form an important part of the campaign.
The state of Virginia has developed a new model for quantifying cybersecurity risk and prioritizing defenses. This model is said to be an adaptation of multiple standards for quantifying risk. The model’s accuracy was tested by comparing the outcomes of past breaches with known variables against the model’s predictions, and numbers were found to be fairly close.
Google announced a partnership called ‘App Defense Alliance’ with three cybersecurity firms. This collaboration will aim at enhancing the detection of Potentially Harmful Applications (PHAs). The partners will analyze the dataset before an application goes live on the Google Play Store.
The Bad
This month witnessed several cyber incidents. An unsecured Elasticsearch database exposed over 4 terabytes of data, impacting more than 1.2 billion people. The U.S. branch of T-Mobile disclosed a security breach that impacted the details of some customers of its prepaid service. Meanwhile, major hosting provider SmarterASP fell victim to a ransomware attack.
An open Elasticsearch database was found to be leaking more than 4 terabytes of data associated with People Data Labs and OxyData, two data enrichment companies. Personal and social information of over 1.2 billion people were said to be impacted by this leak. Researchers have not been able to attribute the database to a specific company.
The U.S. branch of T-Mobile announced a security breach that affected some customers of its prepaid service. The exposed data included customer names, phone numbers, account numbers, billing addresses, rate plans, and plan features. The company said that no sensitive information was compromised.
SmarterASP, a major hosting provider, was hit by a ransomware attack. Apart from encrypting customer data, the attack also caused downtime for the company’s website. The company said that it was working with security experts to decrypt the data.
Spain’s largest radio station Cadena SER and an NTT DATA company Everis were hit by ransomware attacks. SER is said to be impacted by an unknown ransomware strain that forced the radio station to disconnect all its systems from the internet. Security experts believe that Everis’ data was encrypted by the BitPaymer ransomware.
Facebook disclosed that around 100 partners may have accessed user information such as names and profile pictures of members in certain Facebook groups. The social media giant said that although there was no evidence of access abuse, the partners have been asked to delete retained member data. An audit is also said to be conducted to confirm the deletion of data.
Cybersecurity firm Trend Micro disclosed a security incident involving a malicious insider threat. Names, email addresses, support ticket numbers, and some telephone numbers may have been compromised due to this incident. A Trend Micro spokesperson reportedly said that around 70,000 customers have been impacted.
The U.K. Labour Party was hit by two cyberattacks in 24 hours. Both of the attacks are said to be distributed denial-of-service (DDoS) attacks and the party said that no data breach occurred. It is not clear if the same hackers were behind both attacks.
A misconfigured AWS S3 storage bucket exposed around 93,000 files with patient information of three drug and alcohol addiction facilities managed by California-based Sunshine Behavioral Health. The exposed data includes names, physical and email addresses, dates of birth, phone numbers, CVV codes, payment card numbers, and health insurance information. The database has been made private now.
Department store chain Macy’s disclosed the details of a data breach involving malicious scripts that stole customers’ payment information. The website was reportedly hacked on October 7, 2019, and the malicious script was injected into the 'Checkout' and 'My Wallet' pages. Macy’s said that only a small number of customers were impacted by this breach.
The state of Louisiana suffered a ransomware attack impacting websites and IT systems. As a response to the attack, the state’s cybersecurity team was activated. The extent of damage to the government’s internal system caused by this cyberattack is not clear yet.
Facebook and Twitter announced that hundreds of Android users may have had their data improperly accessed after the accounts were used to log in to Google Play Store apps. This reportedly happened because One Audience, a software development kit, allowed third-party developers to access users’ personal data. Twitter said that it had notified Apple and Google of the vulnerability.
New Threats
A number of malware and vulnerabilities were reported in the past month. The infamous Nemty ransomware was observed to be delivered by the Trik botnet. The Emotet Trojan was spotted in a new wave of attacks. Meanwhile, a new phishing campaign targeting Office 365 administrators was reported.