Cyware Weekly Cyber Threat Intelligence January 7-11, 2019

Weekly Threat Briefing • Jan 11, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jan 11, 2019
The Good
We’re back with the most interesting cybersecurity of the week. Let’s start with all the positive advancements that happened in the cybersecurity landscape. Google has announced new features on G suite to alert admins on phishing and data exfiltration activities. T-Mobile announced caller verification technology to combat Spammers. Meanwhile, two Senators introduced a bill to protect the U.S. from supply chain security issues.
Google introduces new, secure features for G Suite. These features are introduced as a measure to alert admins on activities such as phishing and data exfiltration. Google said that the alert center in G Suite now comes with improvements in security-related notifications and alerts.
T-Mobile announced Caller Verification technology to alert users on incoming calls that are non-authentic. This caller verification technology is based on STIR and SHAKEN standards which deter spam or spoof calls. The technology will be available to T-Mobile customer who uses Samsung Galaxy Note 9.
Two senators introduce a bill to create a central government entity that deals with supply chain security issues and help U.S. technologies to stay safe from foreign theft. The bill proposes to create a White House Office of Critical Technologies and Security to protect US technologies against state-sponsored technology theft and risks to the critical supply chain.
The Bad
Over the past week, several data breaches and massive cyber attacks happened. Ethereum Classic was hit by a majority attack with over $1 million potentially stolen. Another data breach was noted this week which hit Singapore Airlines stealing private data of 285 customers. Meanwhile, a large group of Reddit users’ accounts were found to be locked out due to some unusual activity.
Ethereum Classic token was hit by 51% attack, with deep chain reorganizations and double spends amounting to over $1 Million. ETC market cap fell by around 6% since the discovery of the attack.
Chinese fraudsters stole $18.6 million dollars from Tecnimont S.p.A. Tecnimont S.p.A’s India head was the primary victim of this attack. Attackers used spam emails to convince the Indian chief of a possible ‘acquisition’ in China and successfully sourced the money from the chief.
A software glitch in Singapore Airlines website caused a data breach impacting 285 customers. Out of which 278 customers’ private data such as customers’ names, email addresses, account numbers, membership tier statuses, KrisFlyer miles, recent miles transactions, upcoming flights, and KrisFlyer rewards were compromised. For the remaining seven customers, passport details were compromised.
Reddit account users were locked out of the account due to unusual activity that indicates unauthorized access. The reason behind such unusual activity is bad password practices such as using very simple passwords and reuse of passwords across multiple websites/services.
Cybercriminals hacked EWN’s systems and sent spam alerts to thousands of people across Australia. The hackers gained unauthorized access to EWN’s system and sent spam notifications via text, email, and landline. However, the event did not compromise anyone's personal information.
Attackers breached Titan Manufacturing and Distribution Inc’s computer systems. The attackers used malware attack to breach the company’s computer system and stole customers’ data such as full names, billing addresses, contact numbers, payment card details such as card numbers, expiration dates, and verification codes.
Bankers Life was hit by data breach exposing PII of Humana health insurance policy applicants. The exposed personally identifiable information (PII) included names, addresses, dates of birth, last four digits of Social Security numbers, and limited information on Humana health insurance policy.
An open and unprotected MongoDB which contained 202,730,434 resumes of Chinese jobseekers was left publicly accessible. The exposed CVs contained personal information such as full names, dates of birth, addresses, phone numbers, email addresses, marital status, education, salary expectations, previous job experience, and more.
New Threats
Several vulnerabilities and malware strains emerged over the past week. Cybercriminals were spotted using a combination of Vidar Malware and GandCrab Ransomware in a single attack. CryptoMix ransomware returned with a new attack campaign targeting weak RDP ports. A new malware strain ‘IcePick-3PC’ was discovered by researchers which is capable of stealing device IP addresses. Last but not least, a group of researchers identified a new type of side-channel attack that is hardware agnostic and targets Operating System (OS) page cache.