Cyware Weekly Cyber Threat Intelligence June 11 - June 15, 2018

Weekly Threat Briefing • Jun 18, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 18, 2018
As Friday comes around again, it’s time to round-up the latest in cybersecurity news this week. Major advancements were made by governments and researchers towards bettering security and safeguarding of digital systems and data. Australia formed a task force to protect elections against cyberattacks, while Canada unveiled a new national cybersecurity strategy. US lawmakers introduced the ENCRYPT bill. Meanwhile, researchers developed a transmitter to protect IoT devices.
Australia formed a new Electoral Integrity Task Force to safeguard its election process against cyberattacks. The task force’s spokesperson described the task force as a “precautionary measure, which in the age of increasing levels of cyber-enabled interference and disruption, will need to become the norm.” The announcement comes just weeks before the five federal by-elections, slated to be held next month.
Canada unveiled its new cybersecurity strategy to bolster its defenses and protect the country and its citizens against evolving threats. Backed by an investment of CA $500 million to be spent over the next five years, the plan includes the establishment of a new cybersecurity center, a certification program for small businesses to escalate their defense systems and more.
US lawmakers reintroduced the “Ensuring National Constitutional Rights for Your Private Telecommunications” bill to create a national standard for encryption. The ENCRYPT act aims to regulate data encryption rules across the country and prevent states from passing their own laws that undermine encryption or similar technologies.
The FBI arrested 74 scammers in a massive global business email compromise (BEC) crackdown that involved attempts to steal data and funds from individuals and businesses. Thanks to a six-month long global operation named Operation Wire Wire, 42 scammers were arrested in the US, 29 in Nigeria and 3 in Canada, Poland and Mauritius.
MIT researchers developed a novel “frequency-hopping” transmitter to help protect IoT devices against hackers. The transmitter frequency hops every individual 1 or 0 bit of a data packet that a device sends out to a unique, random frequency. This is done every microsecond, thus preventing attackers from intercepting or manipulating the data.
This week saw a fresh trove of breaches and cyberattacks. Dixons Carphone disclosed a data breach affecting 59 million customers while Weight Watchers exposed its internal IT infrastructure on an unprotected server. A Chilean bank was hit with a disk-wiping malware. Chinese hackers stole undersea warfare data from a US Navy contractor, while La Liga app was caught using smartphones to detect illegal football broadcasts.
Dixons Carphone disclosed a massive data breach that compromised 5.9 million customer cards and 1.2 million personal records. The electronics retailer said it discovered the breach following a review of its systems and data. Although 5.8 million of the cards compromised have chip and pin protection, 105,000 payments from outside the EU do not and were thus compromised.
Banco de Chile was hit with a disk-wiping malware in an attempted SWIFT attack that crashed over 500 servers and 9000 computers. Images shared by the bank’s employees on online forums indicated the malware used in the attack was KillDisk. The bank said the attack was designed to damage its systems and not compromise user accounts.
Chinese hackers reportedly swiped about 614GB worth of sensitive undersea warfare data from a US Navy contractor. The Washington Post reported the stolen data included secret plans regarding a US project to build a supersonic anti-ship missile, signals and sensor data, submarine radio room information, documents on electronic warfare and more.
Weight Watchers accidentally exposed sensitive data about its IT infrastructure on a Kubernetes server without any password protection. Kromtech researchers found the server contained administrator’s root access, keys for 102 domains, data of users with administrative credentials and more. The company fixed the issue after the researchers notified them.
Spanish football league La Liga’s app was caught using fans’ smartphone mics and GPS to identify pirate broadcasts of football games. The app could quietly detect the location of users to see if they were in a bar and record audio clips to find out if the establishment had paid for a license to show the match. The league later justified its actions saying illegal streaming costs it millions in losses, but noted users are required to provide their consent for the functionality and can revoke it at any time.
Among this week’s batch of malware, ransomware and malicious tools were the RedEye ransomware that destroys victims’ files if they don't pay up. IQY files are used to deliver the FlawedAmmyy RAT. Many Android devices are being shipped with debug ports exposed while the MysteryBot malware was spotted.