Cyware Weekly Threat Intelligence, April 13 - 17, 2020

Weekly Threat Briefing • Apr 17, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Apr 17, 2020
The Good
The COVID-19 outbreak has spelled doom across the world, forcing several organizations to adopt teleworking. Medical staff and physicians are no exception. Therefore, in order to promote good cybersecurity hygiene, the American Medical Association (AMA) and the American Hospital Association (AHA) have jointly released guidelines for the remote work environment to better defend against threats that could disrupt patient care. Also, given the critical nature of the current pandemic, the Office for Civil Rights (OCR) has lifted HIPAA penalties for community-based testing sites to ease the operations of healthcare providers.
Google has adapted its machine learning models to improve Gmail’s security against COVID-19-themed phishing email attacks. Using these models, the company has blocked 18 million such emails last week.
The American Medical Association (AMA) and the American Hospital Association (AHA) have jointly released cybersecurity guidelines for physicians who are working from home and using their personal computers and mobile devices to take care of patients. The initiative has been taken following the rapid increase in cyber threats against telework technologies due to the ongoing COVID-19 crisis.
The Office for Civil Rights (OCR) has announced that it will lift penalties around HIPAA compliance for 19 community-based testing sites during the pandemic. Previously, the agency had also carved out exceptions for business associates, first responders, and telehealth use to ease operations during the COVID-19 pandemic.
The Bad
The week saw millions of personal details and login credentials of customers being sold on underground forums. The data belonged to people associated with Zoom, Quidd, and Wappalyzer. While user data stolen from Quidd was sold for free, the user details stolen from other affected companies were tagged at an alluring price.
Nearly 530,000 Zoom login credentials were put up for sale on hacker forums for a price of $0.0020 per account. The hacker(s) had gathered these account details from third-party data breaches rather than hacking Zoom directly.
Personal and contact details of 1.41 million US-based doctors stolen from qa.findadoctor[.]com were also put up for sale by a cybercriminal. The compromised data included full names, genders, locations, mailing addresses, country, phone numbers, and license numbers of doctors.
Travelex paid a ransom of $2.3 million in Bitcoin to recover from a ransomware attack that occurred during the New Year’s eve of 2020. The Sodinokibi ransomware operators had stolen nearly 5 GB of data from the firm during the attack.
Account details of 4 million Quidd users also landed up in underground hacking forums. A hacker named PROTAG took the credit for the breach and had previously put the same data for sale.
DopplePaymer operators released confidential data of Visser Precision that provided parts to military and aerospace companies like Lockheed Martin, Tesla, SpaceX, and Boeing.
Portuguese multinational energy giant, Energias de Portugal (EDP), fell victim to the RagnarLocker ransomware. The operators demanded a ransom of $10.9 million in bitcoin to return 10 TB of documents stolen from the firm.
Operations at two Manitoba law firms were halted following ransomware attacks. The incidents had left the staff with no access to their computer systems, locking out digital files, emails, and data backups.
Linksys asked its customers to reset their passwords after its routers were targeted in a COVID-19-themed malware attack campaign. The malware was delivered via a fake website that prompted users to download and install an application that offered information about COVID-19.
Wappalyzer disclosed that it was affected in a security breach that affected nearly 16,000 of its users. The incident came to light after the firm discovered that details of some of its users were put on sale on the dark web.
New threats
Talking about threats, security researchers unearthed three new malware capable of performing a variety of malicious activities. The three newly discovered malware were Mozi botnet, PoetRAT, and Speculoos backdoor. On the other hand, academics demonstrated a new attack technique called AiR-ViBeR, that could be used to pilfer data from air-gapped systems.