Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Nov 4, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Nov 4, 2019
The Good
As October comes to an end, let’s recap all that happened in the world of cyberspace over the last month. We’ll start with the positive developments. The U.S. National Security Agency has launched the Cybersecurity Directorate to improve the country’s cyberdefenses. The cyberspace research had a good month with the announcement of researchers working on the Cyber Anomaly Detection System to detect cyber intrusion on drones and military helicopters. It was also reported that researchers are working on a new cybersecurity method inspired by the human body.
The United States National Security Agency (NSA) has announced the launch of a new Cybersecurity Directorate. This new organization will improve the country’s cyberdefenses by bringing NSA’s threat detection operations, technologies, and cybersecurity personnel together. Initially, the directorate’s focus will be on the defense industrial base and weapon security.
Researchers are working on a new technology called Cyber Anomaly Detection System that can detect cyber intrusion on drones and military helicopters. This new warning system can detect attacks as of now. Future versions are expected to fight against attacks and possibly repair the damage.
Researchers are developing a new cybersecurity method that is inspired by the human body. Using machine learning, the system would be taught to recognize various cyber threats. This method is expected to predict an attack before it happens by observing changes in the environment.
Researchers from Intel have designed a new type of CPU memory dubbed ‘SAPM memory’ that offers protection against speculative execution side-channel attacks. SAPM offers the flexibility of storing only sensitive data in dedicated memory regions. This memory type will implement hardware-level protection and works with physical and virtual memory addresses.
Microsoft and the National Institute of Standards and Technology (NIST) are working together to develop a new guide that makes enterprise patch management easier. The project will focus on building common enterprise patch management reference architectures and processes. The results are expected to be shared in the NIST Special Publication 1800 practice guide after the relevant vendors validate the implementation instructions in the NCCoE lab.
Researchers from North Carolina State University have developed an open-source tool called VisibleV8 that can track and record JavaScript program behavior without alerting websites that run the programs. This tool runs in the Chrome browser and can detect malicious programs, that may not be detected by malware detection systems. This tool is said to contain only 600 lines of code.
The Bad
October also witnessed two cybersecurity providers disclose details of breaches they suffered and an underground store being hacked. Avast went public with the details of a CCleaner 2017 incident-like breach that was detected in September this year. In similar news, NordVPN disclosed a data breach that affected its data center in March 2018. Meanwhile, one of the largest troves of stolen card data, BriansClub, was hacked.
Internet security software provider Avast disclosed that a security breach was detected on September 23, 2019. The attackers compromised an employee’s VPN credentials to gain access to an account that was not protected using a multi-factor authentication solution. The attack was said to be similar in nature to the infamous CCleaner 2017 incident.
NordVPN disclosed a data breach that affected one of its data centers in March 2018. The company said that the breach happened because of poor configuration on a third-party data center. No other servers or user credentials were said to be impacted.
One of the largest underground stores for stolen online credit card data, BriansClub, was hacked. The trove contained more than 26 million credit and debit records that have been stolen from retailers in the past 4 years. This data could allow hackers to create fake cards to illegally purchase goods from stores.
Amazon Web Services was hit by a distributed denial-of-service (DDoS) attack that lasted for around 8 hours. The attack primarily impacted the company's Router 53 DNS web service. This caused service outages for many websites and parts of AWS being taken off the internet.
More than 500 million UC Browser Android users have been exposed to man-in-the-middle (MiTM) attacks because of an Android Package Kit (APK) download. This download was from a third-party server over unprotected channels. This violated Google’s policy that requires apps distributed via Google Play to modify, replace, or update only through Google Play’s mechanism.
The T? Ora Compass Health notified of a cyber attack on its website that put the medical data of a million New Zealanders at risk. The possibly compromised information included names, dates of birth, ethnicity, addresses, National Health Index Number, and enrolment information at medical centers. The attack occurred in August and officials were unable to confirm if any information was accessed.
Russian internet service Beeline fell victim to a data breach that resulted in the data of 8.7 million customers being sold online. The data contained personal information including names, phone numbers, and addresses. Beeline said that the compromised data belonged to Russian customers who opted for home broadband connections before November 2016.
Ten hospitals, three in Alabama, and seven in Australia have fallen victim to a ransomware attack. The attack has forced the hospitals to shut down IT infrastructure and limit patient intake. Emergency procedures were implemented in several hospitals to ensure safe operations.
Comodo Forums suffered a data breach impacting over 170,000 users. The breach leveraged a vulnerability in the vBulletin software that is used to power the forum. The compromised data that included usernames, passwords, and email addresses, was reportedly traded online.
An Elasticsearch database that was not password protected exposed the data of around 7.5 million Adobe Creative Cloud users. The exposed information included customer account details, and no passwords or financial information were compromised. The team from Adobe secured the database the day they were notified about it.
Georgia was hit by a massive cyberattack, that impacted over 15,000 websites in the country including government and media sites. This attack, which is the country’s largest cyberattack so far, was launched by breaching the network of Pro-Service, a local web hosting provider.
One of India’s largest power plants, the Kudankulam Nuclear Power Plant (KNPP) was infected by malware, said its parent company NPCIL. The malware was said to have infected only the administrative network and not the critical internal network.
New Threats
Several malware strains and vulnerabilities were spotted this month. The Emotet Trojan was observed to be propagated using fake Microsoft Office Activation Wizard documents. A decryptor for the Nemty ransomware was published this month. In other news, a security bypass vulnerability in Sudo, the Linux command, was identified by researchers.