Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Nov 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Nov 2, 2020
The Good
User privacy remained at the forefront of cutting-edge cyber innovations in the month of October. For instance, security experts from CSIRO's Data61 and Monash University claimed to have developed the world’s most efficient blockchain protocol, promising both utmost security and privacy. Meanwhile, another research group spurred hopes with their new method of distributing secret cryptographic keys and ensuring user privacy using optical framed knots. In other news, Microsoft collaborated with other firms for the release of a new framework called Adversarial ML Threat Matrix to protect ML systems from cybercriminals.
Researchers from CSIRO’s Data61 and Monash Blockchain Technology Centre claimed to have developed the world’s most efficient blockchain protocol that is both secure against quantum computers and protects the privacy of its users and their transactions. The technology can be applied beyond cryptocurrencies, such as digital health, banking, finance, and government services.
The DHS Science and Technology Directorate (S&T) has designed a new technology called Trusted Mobile System (TrustMS) to secure apps from cyberattacks. It provides protection against exploits, such as stack manipulation, buffer overflows, execution of unintended code, and even execution of an app’s code in incorrect order.
Researchers from the Ben-Gurion University of the Negev and Bar-Ilan University devised a new method of distributing secret cryptographic keys that can be used to encrypt and decrypt data, ensure secure communication, and protect private information. This is possible using optical framed knots.
Researchers at CMU’s CyLab Security and Privacy Institute discovered a neural network model that can help users pick more secure passwords. To claim the research, a series of different machine-generated password recommendations was evaluated.
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, released Adversarial ML Threat Matrix—a new open framework to help security analysts detect, respond to, and remediate adversarial attacks against ML systems. The framework is vetted to protect ML systems.
The Bad
However, threat actors maintained their grip on the cyberspace, acting as a roadblock in the path of development. Exempli gratia, Harvest Finance, a decentralized finance service was hit with a $24 million cryptocurrency heist in a hack operation that lasted only seven minutes. Further, a global corporate immigration law firm disclosed sensitive information of employees at tech giants, including Microsoft and Google, in a breach incident. Some attackers also targeted healthcare facilities and providers in DDoS and ransomware attacks.
A hacker stole cryptocurrency assets, including $13 million worth of USD Coin and $11 million worth of Tether from Harvest Finance, a decentralized financial service. Two minutes after the attack, the hacker also returned $2.5 million back to the platform. The company announced offering a $400,000 bounty for anyone who can help recover the stolen funds.
Fragomen, Del Rey, Bernsen & Loewy, LLP, an immigration law firm, suffered a data breach exposing the personal information of current and former Google employees via their Form I-9. Talking about data breaches, Nitro PDF services underwent a humongous data breach that could potentially affect Microsoft, Google, Apple, Citibank, and other major firms. The stolen data is on sale in a private auction, with a starting price of $80,000.
The month didn’t end well for hospitals and healthcare providers: more than 2PB of medical data was found exposing around 3.5 million U.S. patients via PACS servers; Germany’s Robert Koch Institute for infectious disease control was hit by a DDoS attack, knocking its website offline for two hours; and hospitals in New York and Oregon were targeted by ransomware attacks, disrupting systems and forcing reroute ambulances.
Cyber adversaries swindled 19GB of sensitive data from Gunnebo, a Swedish security company. The leaked data include floor plans of bank vaults and shops, monitoring and alarm equipment, and security functions for ATMs. The records were first used to try to blackmail the company but then emails demanding ransoms were sent directly to patients.
Several giants including media monitoring organization Isentia, furniture making company Steelcase, and multinational energy firm Enel Group suffered ransomware attacks by various groups in the last month disrupting its online services. The Netwalker gang reportedly demanded a ransom of $14 million from the Enel Group.
Malicious actors hacked the Signaling System (SS7) network to gain access to Telegram accounts and email data of high-profile individuals in the cryptocurrency business. Occurring in September, the attack targeted at least 20 subscribers of the Partner Communications Company.
Cybercriminals stole more than $22 million in user funds in multiple campaigns targeting Electrum wallet app for more than two years. The attack was carried out through a social engineering technique, wherein users received a false message for updating their wallets.
Cybercriminals exfiltrated and published nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS). The exposed information included names, addresses, dates of birth, phone numbers, and social security numbers of staff and students.
A threat actor group named Spectre123 allegedly leaked sensitive data from NATO and Havelsan online. The documents included work files, proposals, contracts, 3D designs, resumes, excel sheets containing raw materials information, and financial statements.
Joker’s Stash dark market forum was abuzz after a hacker dumped card details for 3 million Dickey’s Barbecue Pit users. The data, which was compromised between July 2019 and August 2020, was sold for a median price of $17 per card.
Fraudsters siphoned off $15 million from a U.S. company in a well-planned BEC attack that lasted for about two months. They used Microsoft Office 365 email services as part of the evasion strategy. Experts suggest that dozens of businesses in construction, legal sectors, retail, and finance could be on their list of targets.
New Threats
Moreover, the month manifested a sea of diverse vulnerable systems that make an attractive hotspot for cyberattacks. Over a hundred smart irrigation systems designed by Mottech Water Management were found to be deployed with lax security measures. Separately, researchers reported variants of TrickBot and Mirai Botnet suffocating critical infrastructures in the U.S. Additionally, the Silent Librarian hacker group made a comeback as schools and universities began to reopen.