Cyware Weekly Cyber Threat Intelligence February 11-15, 2019

Weekly Threat Briefing • Feb 15, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Feb 15, 2019
The Good
It’s weekend and we’re back with yet another set of most interesting news of the week. Let’s start with all the positive advancements that happened in the cybersecurity landscape. Google has developed a new encryption method called Adantium to bring secure storage to low-cost devices. DARPA announced that it will be testing new mobile devices that can house and share information on multiple security levels. Meanwhile, US Senators introduced the bipartisan Cyber Security Exchange Act which establishes a public-private exchange program.
Engineers at Google have developed a new encryption mode called Adantium to bring secure storage to less expensive Android devices without disrupting the apps. The encryption mode Adantium uses the ChaCha stream cipher adapted from HTTPS encryption. The stream cipher is faster on lower-powered devices because its operation is based on the additions, rotations, and XORs available on every CPU.
The Defense Advanced Research Projects Agency (DARPA) announced that it will begin testing new devices that can house and share information on multiple security levels. The devices are part of the SHARE program which aims to solve three issues with information-sharing specific to the Defense Department: housing multiple security levels on a single device, improving tactical network technology, and deploying software to auto-configure the network and accelerate devices.
US Senators introduced the bipartisan Cyber Security Exchange Act, which establishes a public-private exchange program. This bipartisan Act will allow federal agencies to work with private sector experts in cybersecurity landscape to ensure that the networks are protected.
The Bad
Over the past week, several data breaches and massive cyber attacks occurred. Attackers breached Malta’s Bank of Valletta (BOV) and stole over $15 million from the bank’s systems. Almost 620 million accounts stolen from 16 companies were put for sale on the Dark Web by a seller named ‘gnosticplayers. Additionally, the second batch of 127 million accounts stolen from 8 companies was also made available for sale on the Dark Web.
Attackers breached Malta’s Bank of Valletta (BOV) and stole over $15 million from the bank’s systems. The theft was detected immediately after the bank observed ‘reconciliation problems’ in international transfers. As a result, the bank temporarily took down its website and shut off all its operations including email services as well as ATMs.
Earlier this week, almost 620 million account credentials stolen from 16 companies were put up for sale on the Dark Web by a seller named ‘gnosticplayers’. The stolen accounts belonged to 16 websites including Dubsmash, MyFitnessPal, MyHeritage, Animoto, 8fit, 500px, Armor Games, CoffeeMeetsBagel and Artsy. The highest number of account credentials were stolen from Dubsmash, recording a total of 162 million.
Followed by the first batch of 620 million accounts stolen from 16 companies, a second batch containing 127 million stolen accounts was made available for sale on the Dark Web by ‘gnosticplayers’ who quoted $14,500 in bitcoin for the collection. The stolen accounts belonged to 8 companies including Ixigo, Houzz, YouNow, Coinmama, Petflow, Ge.tt, Roll20.net, and StrongHoldKingdoms.
Popular data science learning site DataCamp has suffered a breach compromising sensitive information of some of its users. The compromised information included personal information such as users’ names, email addresses, optional information such as location, company, biography, education, and pictures of the users, and account information such as bcrypt-hashed passwords, account creation dates, last sign in dates & sign in IP addresses.
The Houston-based chain restaurant, Truluck’s Seafood, Steak & Crab House has suffered a data breach compromising customers’ credit card information. The data breach has impacted 8 of its restaurants located in Austin, Houston, Naples, Southlake, and Chicago. The malware was injected into the point-of-sale systems at the affected restaurants to gain unauthorized access which resulted in the data breach.
Imag-I-Nation Technologies was hit by a data breach compromising its consumer report database. The customer report database was accessed by a mysterious hacker on November 1, 2018. The data stolen in the breach included customers’ full names, dates of birth, addresses, and social security numbers.
Dunkin’ Donuts announced that it had suffered a credential stuffing attack which resulted in attackers gaining access to some of its customers' accounts. In the credential stuffing attack, hackers used user credentials leaked at other sites to gain access to DD Perks rewards accounts. The compromised Dunkin’ Donuts customer accounts were put up for sale on the Dark Web forums.
LandMark White was hit by a data breach impacting the personal information of up to 100,000 customers. The compromised personal information included property valuations, personal contact numbers, and residential addresses of homeowners, residents, and property agents.
VFEmail, an email service provider was hit by a massive cyber attack. Mysterious attackers entirely wiped out their servers with data related to the email provider’s US users. As a result, the email provider has hinted that it is unlikely to resume operations.
Optus pulled down its ‘My Account’ site after customers experienced suspicious activities. Optus customers complained about seeing other customers' personal information after logging into Optus My Account. While some customers reported receiving phishing emails purported to be from Optus. The telecom giant is working closely with third-party vendors to identify the root cause of the incident.
New Threats
Several new vulnerabilities and malware strains emerged over the past week. Researchers spotted GandCrab ransomware hidden inside the modified Super Mario image. New Shalyer variant was spotted in the wild which is capable of disabling Gatekeeper protection mechanism in macOS. In the meantime, a security vulnerability was detected in the WordPress plugin ‘Simple Social Buttons’.