Cyware Weekly Cyber Threat Intelligence September 3 - 7, 2018

Weekly Threat Briefing • Sep 7, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Sep 7, 2018
It’s Friday again which means it’s time to take a look at the biggest news in cybersecurity this week. Let’s begin with some notable achievements made towards improving security technologies and strategies. Google is cracking down on tech support scammers while Chrome’s new password manager wants you to stop reusing the same passwords. The NIST is developing a privacy framework to safeguard user data. Meanwhile, the US Justice Department announced charges against a North Korean hacker over the Sony and WannaCry attacks.
Google is rolling out a verification program to weed out tech support scammers and ensure only legitimate third-party tech support providers use its ad network to reach consumers. The move comes after the Wall Street Journal reported scammers have been buying Google ads and posing as authorized service agents for Apple.
The latest version of Google’s Chrome browser, version 69, was also released this week and comes with a brand new redesign and an improved password manager. Chrome will offer to automatically generate a random password whenever you sign up to a website for the first time that will be securely stored inside a Google Account. The feature is designed to stop people from using the same password across multiple websites.
The National Institute of Standards and Technology (NIST) announced plans to create a voluntary privacy framework to help organizations manage risk and protect consumer privacy. The framework will go beyond basic cybersecurity practices and focus on privacy risks that arise from how organizations collect, store, use and share consumer data, the agency said.
The US Department of Justice announced charges against North Korean programmer Park Jin Hyok over the 2014 Sony hack, the 2016 Bangladesh Bank cyber heist and last year’s WannaCry ransomware attack. Park is linked to the North Korean APT Lazarus Group and has been accused of working with the North Korean government to carry out the attacks. He has been charged with several crimes including hacking charges, conspiracy and conspiracy to commit wire fraud.
The past week saw several serious incidents across the cyberattack spectrum. British Airways suffered a major data breach. Spyware firms Family Orbit and mSpy leaked hundreds of thousands of customers’ data online. The FOIA request portal exposed SSNs while the Mega.nz Chrome extension was hijacked.
British Airways revealed this week that was hacked, compromising hundreds of thousands of customers’ personal and financial details. The airline said the hack continued for nearly two weeks between August 21 and September 5, compromising 380,000 payment cards.
Spyware app provider Family Orbit exposed a whopping 281GB worth of customers’ data online including pictures of hundreds of monitored children. A hacker discovered the data was stored on unsecured cloud servers that had simple, easy-to-crack password protection. Motherboard verified the breach with Family Orbit who then changed their API key and login credentials.
Another parental monitoring software provider, mSpy, accidentally leaked millions of sensitive records of customers and targets online. Exposed data included passwords, call logs, contacts, notes, text messages and location data collected from phones running the mobile spyware.
The Freedom of Information Act (FOIA) request portal accidentally exposed dozens of Social Security numbers and others personal data online during a systems upgrade. Due to a design error, at least 80 full or partial SSNs and other personal data such as dates of birth and immigrant identification numbers were also made public.
The Mega.nz Chrome extension was compromised with malicious code to steal login credentials and private keys for cryptocurrency accounts to access users’ funds. The collected data would then be siphoned to a server located in Ukraine. The tainted extension has been removed from its Chrome Web Store and a clean version has been submitted by Mega.nz.
Several new strains of malware emerged this week. A Barack Obama-themed ransomware has been targeting .EXE files. A new threat actor named Rocke uses Git repositories to distribute a Monero miner. Meanwhile, the CamuBot Trojan masquerades as a security module and is capable of intercepting and stealing one-time passwords.