Cyware Weekly Cyber Threat Intelligence May 7 - 11, 2018

Weekly Threat Briefing • May 11, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 11, 2018
While every week in cybersecurity seems to more daunting than the last, this past week also saw government agencies and security professionals make notable progress towards threat detection and improving defenses. The first EU-wide cybersecurity law went into effect, the US House passed a bill to help train small businesses in cybersecurity and the Australian Parliament House is getting its own cybersecurity operations center. Meanwhile, Android P is bringing new privacy and security updates.
The first EU-wide legislation on cybersecurity - NIS Directive - came into force on May 9, to ensure critical infrastructure firms are prepared for and protected from cyberattack and computer network failure. Operators of “essential services” such as health, water, energy, transport and digital infrastructure that fail to report breaches or outages to regulators within 72 hours could face fines of up to £17 million, as per the new law.
Google announced at its I/O event on Thursday, that Android P will come with new privacy and security updates including limits on what apps can access when you’re not actively using them. Starting with Android P, apps are given permission to your location, microphone, camera or network status when the app is running in the background.
In the US, the House passed a bill aimed at helping small businesses better defend themselves against cyberattacks and threats. As per the legislation, the Small Business Administration will establish a “cyber counseling certification program” to train employees in cybersecurity at small business development centers.
Meanwhile, the Australian Parliament House will get its own $9 million cybersecurity operations centre to “enhance cybersecurity protection for the parliamentary computing network.” Overseen by the Department of Parliamentary Services, the centre will be responsible for the Parliament House internet services, email addresses and device management of MPs, senators and staff.
This week saw a fresh round of data breaches and cyberattacks impacting organizations and individuals worldwide. FLEETCOR Technologies and an Arizona city suffered data breaches while Android app Drupe accidentally exposed sensitive user data. Copenhagen’s city bike service was also hacked while a crowdfunding website for a Yes vote in Ireland suffered a DDoS attack.
FLEETCOR Technologies revealed that it suffered a data breach in April after its gift card systems were accessed by an unauthorized party. The company said it identified suspicious activity on systems involving its Store Value Solutions gift card business. It said a “significant number” of gift cards at least six months old and PIN numbers were accessed in the breach, but did not include personally identifiable information (PII).
Popular Android app Drupe, downloaded over 10 million times, inadvertently left users’ photos, selfies, audio messages and other sensitive data exposed online. The data was publicly available on unsecured servers on Amazon Web Services. Drupe said the exposed files were sent through Drupe Walkie Talkie and other feature that allows images to be sent during a call. It claimed these features have been used by less than 3% of its users, noting that the issue has been resolved and exposed files deleted.
Copenhagen’s city bikes network Bycyklen was hacked by an unidentified hacker who deleted its entire database and disabled users’ access to the bicycles. Bycyklen said the hack was “rather primitive”, but noted it was likely carried out “by a person with a great deal of knowledge of its IT infrastructure.” No data was stolen in the attack, but the firm advised users to change their PIN codes for the bikes.
The Together for Yes campaign which is calling for a Yes vote in the upcoming Eighth Amendment referendum in Ireland said its crowdfunding website was hit with a DDoS attack. The attack temporarily knocked the website hosted by CauseVox offline at 5:45pm which the agency said would “ordinarily be a peak time for donations.” The interruption also affected CauseVox’s security infrastructure.
The city of Goodyear, Arizona, temporarily disabled its online utility payment system after a resident reported fraudulent activity on the card used to pay a utility bill. The city has begun a forensic investigation into the breach that could affect 30,000 customers. The city said severe vulnerabilities within the software used for some payment card transactions were likely exploited. The affected server has been disabled and customers have been advised to monitor their payment card statements.
Security researchers uncovered new strains of malware such as the Maikspy malware that comes disguised as a fake Mia Khalifa-themed game. Druppalgeddon 2.0 is still plaguing websites with over 400 sites hit by a cryptomining campaign. Meanwhile, the PoS malware TreasureHunter’s source code was leaked on a cybercrime forum.