Cyware Weekly Cyber Threat Intelligence June 18 - June 22, 2018

Weekly Threat Briefing • Jun 22, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jun 22, 2018
Every week, cybercrime is becoming rampant as attacks get fiercer and hackers more sophisticated. Still, this week saw some successful law enforcement operations. Europol dismantled hacker group Rex Mundi while French authorities took on Dark Web site, Black Hand. Google Play security will soon extend to apps shared offline while VirusTotal Monitor is looking to reduce false positive detections.
Europol is disrupting the long-running cybercrime outfit Rex Mundi--Latin for “king of the world.” The cyber extortion outfit has been operating since at least 2012. Authorities announced the arrest of a 25-year-old French coder in Thailand under a French international arrest warrant. This is the eighth suspect arrested so far for connections to Rex Mundi.
The French Minister of Public Action announced that they have dismantled Black Hand, one of the largest Dark Web forums that saw the trade of illegal goods and services such as weapons, narcotics, stolen data and more. Authorities said the site’s administrator--a 28-year-old mother from Northern France--and several other accomplices were arrested in a string of coordinated police raids across the country.
US carrier Verizon agreed to stop selling customers’ real-time location data to third party data brokers following serious concerns over user privacy and security. Senator Ron Wyden praised Verizon’s initial move before chastising its competitors for not following suit. Eventually, AT&T, T-Mobile and Sprint also announced similar commitments.
Google is looking to make sure apps downloaded from Play Store and shared offline will be verified as safe. The company will add a small security metadata into APKs to mark the app as “authentic” and originally coming from the Google Play Store. The verification will work when the device is offline and will by regularly checked with Play Protect.
VirusTotal has introduced a new service to allow software developers to privately check and monitor their programs against antivirus detection engines in a bid to reduce false positives. Developers can use the new VirusTotal Monitor to upload new files, check their code and receive alerts if their program has incorrectly been flagged as malicious.
This week, numerous data breaches came to light including South African insurer Liberty, which refused to cave to hackers’ ransom demands. Flight tracker Flightradar24 suffered a data breach while hackers stole $32 million from South Korean cryptoexchange, Bithumb. Syscoin’s Github account was poisoned with malware and over 21,000 open container orchestration and API management systems were found online.
South African insurance firm Liberty suffered a cyberattack that saw hackers infiltrate its IT infrastructure, access some data and threatened to release it if they weren’t paid a ransom. The firm said it refused to pay the ransom demand, noting the stolen data included emails and attachments. Liberty said it addressed vulnerabilities in its systems to secure customer data, adding no customers were impacted by the breach.
Popular flight tracking service Flightradar24 suffered a breach that compromised a “small subset” of users’ email addresses and hashed passwords. Users were asked to reset their passwords. The firm said the breach was limited to one server that was shut down once the intrusion was detected. No payment data was accessed in the breach, it added.
South Korean cryptocurrency exchange Bithumb was targeted by hackers who stole about $32 million. The company said the remaining assets have been moved to offline cold wallets while all deposits and withdrawals were briefly halted. Bithumb said it is working with other exchanges to prevent further losses and retrieve funds.
Malicious actors replaced the legitimate Windows installer for the instant payment cryptocurrency, Syscoin earlier in June with a version that contained malware. The tainted Windows client was available on the project’s GitHub page for days and contained the Arkei Stealer malware - a trojan designed to steal wallet keys and passwords.
VDOO researchers uncovered several critical vulnerabilities in nearly 400 Axis camera models that could have allowed hackers to take full control of the IoT devices or rope them into botnets. The vulnerabilities, now disclosed to Axis, could have enabled hackers to take over devices using the IP address and control the camera, access video streams and more.
Lacework researchers discovered more than 21,000 container orchestration and API management systems left unprotected or publicly exposed on the internet in early June. Researchers said their findings highlighted “the potential for attack points caused by poorly configured resources, lack of credentials and the use of non-secure protocols.”
A fresh batch of nasty malware emerged this week including the complex Mylobot that comes with a unique bag of tricks. The Olympic Destroyer that hit the 2018 Winter Olympics is targeting biochem protection groups. A new SamSam ransomware variant requires a special password before infection. The US warned of North Korean malware Typeframe while fake Fortnite Android apps are spreading.