Cyware Monthly Threat Intelligence

Monthly Threat Briefing • Oct 2, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Monthly Threat Briefing • Oct 2, 2020
The Good
Besides implementing all the key security controls, organizations also need to focus on the human element in cybersecurity. Given this, the NIST has devised a method—Phish Scale—to help organizations analyze why employees fall prey to phishing attacks. Further, a team from Quantum Engineering Technology Labs found a unique method to make messaging secure. The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) outlined the best cybersecurity practices for electric utilities.
Researchers at NIST developed a new method called Phish Scale to help organizations avoid getting victimized by phishing attacks. Phish Scale uses a rating system based on the message content in a phishing email.
A team of scientists from the QET Labs at the University of Bristol came up with a new technique to secure a multi-user quantum communication network. The technique can make messaging completely safe from interceptions.
The U.S. General Services Administration’s 18F digital services unit issued a field guide for federal agencies to help them mitigate cyber risks in their systems. The guide covers various topics related to cyber strategy development, including planning, acquisition, and execution.
Additionally, the DHS collaborated with Akamai and the Center for Internet Security on a project called the Malicious Domain Block and Reporting (MDBR) service. Under this initiative, the agency plans to improve the digital security of state and local governments by offering DNS filtering systems for free.
The U.S. FERC and NERC and its entities released a report outlining the cyber incident response and recovery best practices for electric utilities. The guidelines include a clear definition of personnel roles and staff about taking action without unnecessary delays.
The Bad
This month witnessed a range of different incidents where organization fell prey to targeted attacks. One of the largest-ever healthcare ransomware attacks struck Universal Health Services, shutting down its IT network across facilities in the U.S. Whereas, Midwest Property Management, Town Sports International, Microsoft Bing, shopping site Windeln.de, and several others exposed millions of records via unsecured servers. In other news, a hacker uploaded hacking techniques, in a PDF doc, on official websites of the WHO and UNESCO.
Allegedly, Ryuk actors crippled computer networks of the Fortune 500 healthcare provider, Universal Health Services, locking its computers and phone systems. The attack, which is also touted as one of the largest medical cyberattacks in U.S. history, saw no patient or employee data leak during the attack.
French maritime transport and logistics giant, CMA CGM S.A. suffered a cyberattack, shutting down some of its servers at two of its APAC subsidiaries. Reportedly, the company’s Chinese offices were infected with the Ragnar Locker ransomware.
Unsecured databases were responsible for data leaks at Midwest Property Management and Town Sports International. While the Midwest Property Management exposed 1.2 million records, the data leak at Town Sports International affected a terabyte of data associated with the company.
An unencrypted Elasticsearch server at BrandBQ, a European fashion retailer, laid bare sensitive personal and financial data of about 500,000 shoppers. Most of the database’s entries were activity logs from customer actions on the affected websites, including newsletter registrations, purchases (and related checkout details), and user agreements.
Hackers allegedly published data of thousands of Clark County School District students after it was infected with malware on August 27. Some of the files reportedly included employee SSNs, retirement paperwork, student birthdates, addresses, and grades.
University Hospital New Jersey (UHNJ) suffered an attack by SunCrypt ransomware. The attackers stole 240GB of data, of which 1.7GB containing 48,000 documents were posted online.
Researchers found PDF documents containing tricks for hacking online games and Facebook and Instagram accounts, which were uploaded to the websites of several organizations, including the WHO, UNESCO, the Georgia Institute of Technology, and a Cuban government website.
Microsoft exposed one of its backend servers that exposed over 6.5TB of log files containing 13 billion records originating from the Bing search engine via an unsecured Elasticsearch server.
The College of the Nurses of Ontario fell victim to a cyberattack, forcing the governing body for nurses to shut down its services. On the contrary, Long Island’s tertiary care center, Regional Trauma Center, and Stony Brook University notified their patients about a data breach due to the Blackbaud ransomware attack.
The German shopping giant Windeln.de exposed 882GB data from 70 dating and e-commerce sites due to a misconfigured Elasticsearch database. The leaked data included invoices, full names, IP addresses, phone numbers, email addresses, and home addresses.
New Threats
Numerous new malware and vulnerability threats were also discovered this month. Security experts discovered the new Alien trojan capable of stealing credentials from at least 226 Android applications. Meanwhile, BLE reconnection procedure risked billions of Android and iOS devices vulnerable to the new attack dubbed BLESA. Moreover, the Maze actor was spotted using Ragnar Locker’s evasion techniques.