Cyware Weekly Cyber Threat Intelligence January 14 - 18, 2019

Weekly Threat Briefing • Jan 18, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 18, 2019
The Good
The past week saw a lot of good events, cyber attacks, and new threats. Let’s take a quick tour of all that happened in the cybersecurity landscape. Let’s first start with the positive advancements and the new policies. The British Security Industry Association (BSIA) has published guidelines to minimize the exposure to digital sabotage. Massachusetts Governor has signed a new law that protects consumers from security breaches. Emsisoft has a released a browser extension that will block you from interacting with malicious sites.
The British Security Industry Association (BSIA) has published new guidelines to reduce the exposure to digital sabotage of network-connected equipment, software, and systems used in electronic security. The new guidelines will enable industrialists to better serve industry consumers by providing professional, safe and secure internet enabled security solutions.
Massachusetts Governor Charlie Baker signed a new law on January 10 that amends the state's data breach law. The law named ‘An Act relative to consumer protection from security breaches’ comes with a number of changes to the way companies will have to deal with security breaches involving the personal information of their customers.
Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites. This browser extension is currently available for Chrome and Firefox, with plans to have one available for Microsoft Edge in the future.
Whatsapp is in the process of bringing fingerprint security for Android and iOS users. Only smartphones with a biometric scanner can make use of this feature. WABetaInfo suggests that the feature will be introduced in version 2.19.3.
Yubico Creates Physical Security Key for iPhones. Instead of entering a password and a code sent to a mobile device, you log in by plugging in the physical key to gain account access. In case hackers get ahold of user passwords, they wouldn't be able to login without the key.
The Bad
Over the past week, several data breaches and massive cyber attacks happened. The City of Del Rio, Texas was hit by a ransomware disabling servers at the City Hall. Cryptopia takes down its services and website following a security breach. Oklahoma Securities Commission accidentally leaked 3 TB data including internal documents belonging to FBI. Meanwhile, 773 million email addresses and almost 22 million unique passwords were found to be hosted on cloud service MEGA.
The City of Del Rio, Texas was hit by a cyber attack which led to disabling all servers and turning off the internet connection for all city departments. Further, employees were not allowed to log in to the systems, as a result of which, all the transactions at City Hall were done manually using paper, with no access to any documents or data stored on the City Hall's systems.
Cryptopia, a cryptocurrency exchange based in New Zealand, was hit by a security breach resulting in significant losses. Following the breach, the firm has taken the websites and service offline and posted a message on the home page that reads ‘unscheduled maintenance mode’.
An unsecured storage server belonging to the Oklahoma Securities Commission exposed 3TB data files including sensitive FBI investigations. The exposed files included years of FBI data including FBI interviews, emails among people involved with investigations, bank transaction history, and letters from witnesses.
Set of email IDs and passwords of up to 2,692,818,238 rows from various sources were found to be hosted on cloud service MEGA. Out of which, 773 million were email addresses and almost 22 million were unique passwords. The large collection of files on the MEGA cloud service totaled over 12,000 separate files with almost 87GB data.
A misconfiguration issue in NASA web app that uses JIRA server has exposed sensitive information of employees and projects. The data exposed included usernames, email addresses and job roles of employees. The exposed server also contained the name of current projects and upcoming milestones.
Attackers breached 30 computers in the Defence Ministry of South Korea and allegedly stole information related to an arms procurement. In the attack, the cybercriminals gained unauthorized access to the server of a security program present in those computers.
An unprotected database belonging to Californian voice over IP services provider VOIPO was left publicly available. The exposed database contained millions of VOIP call logs, SMS/MMS records, and internal system credentials including hostnames, usernames, passwords, and API keys.
Managed Health Services (MHS), a managed care firm in the Indiana state, recently revealed that patient data of 31,876 members of its programs had been compromised in two different security incidents in 2018.
New Threats
Several vulnerabilities and malware strains emerged over the past week. Magecart group 12 recently compromised an advertising script to inject malicious code into hundreds of websites. A newly discovered JavaScript malware is capable of downloading GandCrab ransomware, SmokeLoader, AZORult Trojan, Phorpiex spambot, and a Monero cryptocurrency miner. In the meantime, Emotet trojan has made a comeback in a new malspam campaign.