Cyware Weekly Cyber Threat Intelligence August 6-10, 2018

Weekly Threat Briefing • Aug 10, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 10, 2018
It’s Friday again and time to take a look at the biggest cyber stories that broke this week - both good and bad. Before delving into the malware strains, flaws and cyberattacks that cropped up, it’s always worth acknowledging security advancements made by experts, law enforcement and tech firms. Blackberry launched a ransomware recovery solution. LinkedIn took down fake accounts targeting US political groups. Researchers released free malware detection tools and General Motors announced a new bug bounty program.
BlackBerry announced a new ransomware recovery solution that could allow organizations to quickly contain and limit the damage of ransomware attacks. The new feature for BlackBerry Workspaces would freeze the accounts of affected users if their PCs and synced files are infected, and allow IT managers to roll back affected documents and data to the point before the ransomware hit.
General Motors announced an automotive bug bounty program inviting a few white hat hackers to detect and report bugs in their cars’ software. GM President Dan Ammann announced the program at the Billington Cybersecurity Summit saying the team will include white-hat researchers who we’ve established relationships with through our coordinated disclosure program.”
Researchers from Nozomi Networks released free tools to help detect the destructive Triton/Trisis malware. The TriStation Protocol Plug-in for Wireshark can detect the malware communicating in the infected network, gather intelligence on the communication, translate function codes and extract PLC programs being transmitted. The second Triconex Honeypot Tool could be used by ICS organizations to set up honeypots to detect Triton reconnaissance scans and attack attempts on their networks.
LinkedIn said it shut down less than 40 fake accounts on its platform being used to connect with members of US political groups, including one that claimed to be a well-known celebrity. Although the accounts weren’t used to spread fake news or manipulative ads, the firm said they “don’t take their existence lightly.”
Several major cyberattacks and data leaks occurred this week. TCM accidentally exposed thousands of credit card applicants’ data due to a website misconfiguration. The PGA of America and TSMC suffered ransomware attacks. Confidential data of nearly 2 million patients’ in Mexico was exposed online.
Credit card issuer TCM Bank said a website misconfiguration accidentally exposed the personal data of thousands of people who applied for credit cards between early March 2017 and mid-July 2018. Applicants’ names, addresses, dates of birth and Social Security numbers were exposed. The firm said less than 10,000 applicants were impacted.
The PGA of America fell victim to a ransomware attack. The encrypted files included promotional and creative materials for the PGA Championship that kicked off this week. The PGA was reportedly hit by the BitPaymer ransomware, the same malware that infected the Matanuska-Susitna (Mat-Su) borough in Alaska and several hospitals in Scotland last year.
TSMC, a major supplier to Apple’s iPhone, said a WannaCry variant crippled its semiconductor fabrication plants this week. The company said a “misoperation” led to the virus infection, adding that it will take a 3 percent revenue hit due to the downtime.
Security researcher Bob Diachenko discovered a fully exposed MongoDB database online that contained the healthcare information of 2 million patients in Mexico. Exposed data included patients’ full names, gender, dates of birth, insurance data, addresses and disability status.
Numerous malware strains, vulnerabilities and scams came to light this week. The author of GandCrab ransomware retaliated against AhnLab. IBM researchers found critical flaws in smart city systems. An AI-powered malware could infect millions while remaining undetected. The IRS warned taxpayers against charitable scams during hurricane season.