Cyware Weekly Threat Intelligence, August 10 - 14, 2020

Weekly Threat Briefing • Aug 14, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 14, 2020
The Good
With the number of cybercrimes increasing day by day, it has become an utmost priority for federal authorities and organizations to improve the cyber resilience of critical infrastructure. Taking this into account, the National Institute of Standard and Technology (NIST) has unveiled the final version of its Zero Trust Architecture to improve the security model of organizations. In Australia, the Department of Home Affairs has proposed some new ideas from the 2020 Cyber Security Strategy to protect the nation from sophisticated attack campaigns.
Members of the US House of Representatives introduced a bill to prevent the hack on universities conducting COVID-19 research. The initiative has been taken following the rise in cyberattacks from foreign malicious hackers.
The National Institute of Standard and Technology (NIST) unveiled the final version of its Zero Trust Architecture for cybersecurity leaders, administrators, and managers to provide a better understanding of the Zero Trust environment. The guidance has been developed in collaboration with multiple federal agencies.
Australia’s Department of Home Affairs proposed some new initiatives from the recently released 2020 Cyber Security Strategy, such as sector-specific cyber obligations and inclusion of government in the cyber response process for private organizations, to protect the nation’s critical infrastructure from catastrophic attacks.
The Bad
Attacks from ransomware operators continued to remain a major concern for firms. This week’s victim organizations include the names of the SPIE Group and Boyce Technologies. In addition to this, the breach of user records from SANS Institute, InMotionNow, and Michigan State University (MSU) grabbed the attention of security experts.
The SANS Institute suffered a compromise of 28,000 user records after 513 emails were forwarded to an unknown third-party. The emails included files containing a subset of emails, first names, last names, work titles, company names, industry, addresses, and countries of residence.
Instances of unsecured databases leaking millions of records were also observed this week. In one incident, an unprotected AWS S3 bucket belonging to InMotionNow leaked over 5.5 million files and 343GB of data before it was secured by the firm. In another incident, Meow bot deleted 3.1 million patients’ data that was exposed on the internet for around 10 days. The database appeared to be owned by Adit, a Houston-based online medical appointment and patient management software company.
Illinois-based healthcare system, FHN, notified its patients about a data breach that occurred in February. The incident took place after an unauthorized person accessed the firm’s email accounts to view patients’ information.
Michigan State University experienced a Magecart-like attack after attackers stole credit card and personal details of around 2,600 users from its online store. The attackers injected malicious scripts into the site by exploiting a vulnerability in the website.
Nefilim ransomware operators released around 11.5GB data stolen from the SPIE Group. It threatened to leak the remaining compromised data if the firm does not pay the ransom.
A mysterious hacker group hijacked around 23.95% of Tor exit relays to perform SSL stripping attacks on Tor users accessing cryptocurrency-related sites.
Avaddon ransomware operators launched a data leak site to extort its victim. Since the day of launch, the operators published 3.5MB of documents belonging to a construction company. In yet another ransomware attack, DoppelPaymer targeted Boyce Technologies and leaked a portion of stolen files in a bid to demand a ransom.
NCC Group’s training material was leaked on GitHub after a folder purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories. The docs offered step-by-step guides and walkthroughs of information about the CREST exams.
A threat actor leaked the databases of Utah-based gun exchange and hunting websites—muleyfreak[.]com, utahgunexchange[.]com, and deepjunglekratom[.]com—for free on a cybercrime forum. The databases were allegedly hosted on an Amazon AWS server and included login names, passwords, and email addresses of registered users.
New Threats
Talking about new threats, researchers discovered a new attack named ‘ReVOLTE’ that can be used to eavesdrop on users’ conversations. Furthermore, around 3.7 million devices across the globe are still affected by multiple iLinkP2P flaws which can allow attackers to snoop on live video streams and steal login credentials.