Cyware Weekly Cyber Threat Intelligence April 02 - 06, 2018

Weekly Threat Briefing • Apr 6, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Apr 6, 2018
Notable advancements have been made towards thwarting cyber attacks. A simulated Android OS environment, named Droidy, was designed to generate behavioral reports of Android apps. A new tool, called HoneyBot, was also developed to expose hackers of industrial automation. Additionally, decryptors for the Magniber ransomware have been released.
The antivirus scanning engine, VirusTotal, made an announcement about a new Android sandbox technology. Named Droidy, this is a simulated Android OS environment for analyzing Android app behavior and producing reports for users and security researchers. These reports will contain additional behavioral details that would help security researchers confirm the malicious classification of VirusTotal scan results or even overturn them.
A new novel tool is designed by a group of researchers at Georgia Tech that would help in delaying and exposing would-be hackers to industrial automation. The small robot, called HoneyBot, is designed to trick cybercriminals into thinking it's a vulnerable robot performing important industrial automation tasks. Once a successful breach is detected, the tool raises alarm and helps IT security professionals in blocking the attack.
Decrypters for few versions of the Magniber ransomware have been created by security researchers from AhnLab, a South Korea-based cyber-security firm. Users can download the decryptors from AhnLab's website. Unfortunately, the usage instructions aren’t available in English. Hence, victims will have to use online translation services to understand them.
This week, among the cyber attack victims, are four Singapore universities--targeted by Iranian hackers to steal sensitive information, major Israeli websites--targeted by the Dark-Coder hacker group to display images of the Gazan protesters, and four U.S. pipeline companies--to shut down their electronic systems. Also, a data breach involving (24)7.ai leaked customer payment information of Delta Airlines.
Four Singapore universities were found to have been targeted by Iranian hackers in a wave of attacks believed to part of last month’s security breach involving global educational institutions. The targeted universities included National University of Singapore (NUS), Singapore Management University, Singapore University of Technology and Design, and Nanyang Technological University (NTU). In total 52 accounts were found to be affected from these universities. As per government sources, they learned of breaches only last week.
A dozen major Israeli websites were at the receiving end of a major cyber attack launched by Palestinian sympathizers. The cyber attack was carried out by a hacker group known as Dark-Coder or TH3Falcon in response to clashes between the IDF and Gazan protesters last weekend. Among the affected websites were those belonging to hospitals, local authorities, the Israeli Opera, Israel Teachers Union and the IDF Widows and Orphans organization. All the affected websites temporarily displayed the images from the clashes on Gaza border that took place last weekend.
This week witnessed a striking cyber attack on four U.S pipeline companies. The attack shut down their electronic systems used for communicating with customers.The targeted companies were Energy Transfer Partners LP, Broadwalk Pipeline Partners LP, Eastern Shore Natural Gas and Oneok Inc. The shutdown did not impact any movement of gas but brokedown the communication channels these companies use for interacting with customers. Interestingly, most of the electronic communication equipment is third-party based and the attack once again underscores the importance of closing all security loopholes while dealing with third-party services.
Delta Air Lines has disclosed that it was impacted by a cyber breach potentially compromising customer’s payment information. As per the disclosure, the breach occurred last fall and only a small subset of customers were impacted. The incident involved (24)7.ai, a chat service used by Delta and many other companies. Delta has assured that only customer payment information was impacted and no other details like passport, security or frequent flyer information was affected.
Researchers detected a new MacOS backdoor, identified as ‘OSX_OCEANLOTUS.D’, being distributed by the APT 32 group. The IcedID banking Trojan is now using malicious Word documents along with the Rovnix malware to infect systems. An upgraded version of njRAT was found pushing Lime Ransomware and a bitcoin wallet stealer. Also discovered is a new style botnet (IoTroop) focused on targeting the financial sector.