Cyware Weekly Threat Intelligence - April 22–26

Weekly Threat Briefing • Apr 26, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Apr 26, 2019
The Good
We’re back with the most interesting threat intel of the week. The past week witnessed several cybersecurity advancements, security incidents, as well as the emergence of new threats. To begin with, let’s first glance through all the good that has happened in the cyberspace over the past week. The EU Parliament has voted to create a gigantic biometrics database that aggregates both identity records and biometrics of over 3.5 million EU and non-EU citizens. The Washington state legislators have unanimously passed a bill ‘Hb 1071’ that expands consumer data breach notification requirements to include more types of consumer information. Meanwhile, researchers from the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory and the Towson University have collaborated in creating a new method to make network intrusion activity alerts more helpful to cybersecurity teams.
Researchers from the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory and the Towson University have collaborated in creating a new method to make network intrusion activity alerts more helpful to cybersecurity teams.
The Washington state legislators have unanimously passed a bill ‘Hb 1071’ that expands consumer data breach notification requirements to include more types of consumer information such as full birth dates, health insurance ID numbers, medical histories, student ID numbers, military ID numbers, passport ID numbers, username-password combinations, or biometric data.
The EU Parliament has voted to create a gigantic biometrics database that aggregates both identity records and biometrics of over 3.5 million EU and non-EU citizens. The identity records and biometrics include names, dates of birth, passport numbers, fingerprints, facial scans, and other identification details.
The Bad
Several data breaches and security incidents were witnessed over the past week. Magecart group has compromised the online store of Atlanta Hawks, a basketball team in Atlanta, Georgia. An unprotected ElasticSearch database belonging to ‘Steps To Recovery’ healthcare centre exposed almost 4.9 million Personally Identifiable Information (PII) of its patients. Last but not least, The medical billing service provider ‘Doctors’ Management Service’ suffered a GandCrab ransomware attack compromising patients’ data from almost 38 clients.
The medical billing service provider ‘Doctors’ Management Service’ suffered a GandCrab ransomware attack compromising patients’ data from almost 38 clients including Beverly Surgical Associates, Today’s Wellness PLLC, Neuro Institute of New England, and more. The compromised data includes patients’ personal information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, insurance, Medicare/Medicaid information and numbers, and medical information.
Magecart group has compromised the online store of Atlanta Hawks, a basketball team in Atlanta, Georgia. The attack has impacted all those who have shopped from the online store on or after April 20, 2019. Shoppers’ data such as names, addresses, and credit card details have been potentially stolen by the Magecart group through skimmers injected on hawksshop.com.
Manufacturing giant Aebi Schmidt has been hit with a major ransomware attack, forcing the company to shut down its systems across the company’s international network, including its U.S. subsidiaries. The attack has primarily impacted its European base leaving a number of systems non-operational.
An unprotected ElasticSearch database belonging to ‘Steps To Recovery’ healthcare centre exposed almost 4.9 million Personally Identifiable Information (PII) of its patients. The exposed information includes patients’ ages, birthdates, current addresses, past addresses, email addresses, names of the patients’ family members, political affiliation and phone numbers.
A hacker who goes by the online handle ‘@0x55Taylor’ stole and posted online over 4800 sensitive documents from Mexico’s embassy in Guatemala. The incident occurred after the hacker managed to compromise a vulnerable server belonging to the embassy.
An unprotected database belonging to ‘Wi-Fi Finder’ exposed almost 2 million WiFi network passwords. The unprotected database also contained other WiFi network related details such as Wi-Fi network name, Wi-Fi’s precise geolocation, Basic Service Set Identifier (BSSID) and passwords.
Bodybuilding.com suffered a security breach impacting its IT systems and customers’ personal information. The breach was a result of an unauthorized activity on one of its employee’s email in February 2019. The compromised information includes customers’ names, email addresses, billing/shipping addresses, phone numbers, order history, any communications with Bodybuilding.com, birthdates, and any information included in customers BodySpace profile.
EmCare suffered a data breach compromising the personal information of almost 60,000 people, including patients, employees, and contractors. The exposed personal information includes names, dates of birth, clinical information, Social Security numbers, and driver’s license numbers.
Attackers have targeted the City of Stuart in Florida with a ransomware attack, infecting the city’s servers and computers with Ryuk ransomware and forcing them offline. City services such as payroll, utilities, and budgeting have been restored to normal operations. However, emails services, police, and fire departments are still offline.
**** Scammers have carried out several affiliate marketing spam campaigns leveraging GoDaddy subdomains and fake celebrity endorsements. Most of the products promoted via these scams are brain supplements, weight loss pills, CBD oils, and other dietary products. GoDaddy has taken down over 15000 subdomains and has reset passwords for the compromised accounts.
Amnesty International said that its Hong Kong office has been hit by a years-long cyberattack from threat actors associated with the Chinese government. Amnesty said that it first detected the cyber attack on March 15, 2019, when its Hong Kong office migrated its IT infrastructure to a more secure international network.
New Threats
The past week also witnessed the occurrence of new malware strains and vulnerabilities. Security researchers have uncovered the source code of the ‘Carbanak’ backdoor trojan that has been available on VirusTotal for almost two years. A security researcher has created a malware dubbed ‘SMBdoor’ with the help of two leaked NSA exploit kits. Meanwhile, a recent operating system update has made the Nokia 9 PureView smartphone vulnerable, allowing anyone to bypass the phone’s fingerprint lock.