Cyware Weekly Threat Intelligence, August 19 - 23, 2019

Weekly Threat Briefing • Aug 23, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 23, 2019
The Good
As we gear up for a new weekend, let’s quickly glance through all that happened in cyberspace over the week. Before delving into the security incidents and new threats, let’s first take a look at all the positive events. The Global Cyber Alliance launched a cybersecurity development platform named AIDE for the Internet of Things (IoT) products. Major tech companies including Alibaba, Google Cloud, IBM, Intel, Microsoft, joined the Confidential Computing Consortium. Meanwhile, NSA researchers are planning to release their project’s end product named ‘SMI Transfer Monitor with protected execution (STM-PE)’ to the public soon.
The Global Cyber Alliance, an international cross-sector effort designed to address cyber risks, launched the Automated IoT Defence Ecosystem (AIDE), a cybersecurity development platform for the Internet of Things (IoT) products. AIDE enables small businesses, manufacturers, service providers, and individuals to identify and patch vulnerabilities, and secure IoT devices against cyber threats.
Major tech companies including Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent joined a new industry group named the Confidential Computing Consortium, which focuses on promoting secure computing practices. This consortium plans to bring together hardware vendors, developers, and others to promote the use of confidential computing, and better protect data.
Researchers at the National Security Agency (NSA) are planning to release their project’s end product named ‘SMI Transfer Monitor with protected execution (STM-PE)’ to the public soon. STM-PE works with x86 processors that run Coreboot and it protects machines from firmware attacks.
Facebook awarded the Internet Defense Prize worth $100,000 to a research team from the Saarland University, Germany, for developing ERIM, a new code isolation technique that can be used to protect sensitive data while it's being processed inside a computer. This new technique combines both hardware and software security features to provide a new way of isolating sensitive data processed inside a computer.
Visa announced that it has added a new fraud threat detection and blocking technology which is designed to enhance transaction security on its payments network. This technology helps financial institutions to prevent payment fraud while using its electronic payments network.
The Bad
Several data breaches and security incidents were witnessed in this week. Twenty-two local Texas government entities were targeted with a coordinated ransomware attack. A cyber-espionage campaign linked to North Korea targeted several foreign ministries, four research organizations, and five email service providers. Meanwhile, Silence hackers targeted banks across 30 countries including China, Russia, the United Kingdom, Bangladesh, and Bulgaria, among others.
A coordinated ransomware attack targeted almost twenty-two local government entities in Texas. The impacted organizations are not revealed because of security concerns, however, two of the impacted municipalities, the City of Borger and the City of Keene publicly disclosed that they’ve been impacted by the ransomware attack. The threat actor who attacked Texas governments demanded a collective ransom payment of $2.5 million.
Attackers hacked the website of Macon County Circuit Clerk and defaced the webpage with a graphic of a person in a Guy Fawkes mask with a message that read “Hacked by Iranian Hackers” and “Hacked by Mamad Warning.” However, the county’s Information Technology department restored the webpage.
Tivoli Gardens, an amusement park in Copenhagen, Denmark had its ‘My Tivoli’ website compromised, allowing hackers to gain access to Tivoli products and guest information. The compromised guest information includes names, date of birth, e-mail addresses, phone numbers, addresses, previous purchases, as well as credit card details.
Researchers from Cyjax analyzed the files submitted to three popular online malware analysis sandboxes and found that a majority of these files contain sensitive information. Researchers found over 200 sensitive documents including invoices and purchase orders. CVs and professional certificates were two other prevalent documents that were uploaded to the online sandboxes.
According to a new report published by Group-IB, Silence hackers launched 16 campaigns against banks across 30 countries including China, Russia, the United Kingdom, Bangladesh, and Bulgaria, among others. Within a span of 3 years, from June 2016 to June 2019, Silence hackers have stolen at least 4.2 million US dollars.
New Payments Platform Australia (NPP) disclosed that PayID records and associated data in the Addressing Service were exposed in a data breach caused by a vulnerability in one of the financial institutions sponsored by Cuscal Limited. The exposed PayID records include PayID names and the associated account numbers. However, NPP confirmed that none of the exposed data can enable the withdrawal of funds from a customer’s account.
An unprotected database belonging to a popular movie-ticket subscription service MoviePass exposed almost 161 million records of customer credit card data. The exposed records revealed details such as debit card numbers, expiry date, customer card balance, and card activation date. Researchers also said that more than 58,000 records contained customer card data and the customer count was growing by every minute.
Fargo Public schools and Rome City District school fell victim to a data breach incident involving an older version of the Pearson Clinical Assessment's program, AIMSweb that was accessed by an unauthorized third party. Pearson announced that it is offering free credit monitoring to Fargo Public schools and Rome City District school students whose information may have been compromised in the breach.
Eighth Army-Korea warned that the payment card information from nearly 1 million credit cards, including at least 38,000 U.S.-issued cards have been stolen and put up for sale on the dark web in late May 2019.
A North Korean cyber-espionage campaign targeted the Ministry of Foreign Affairs agencies of three countries, four research organizations, and five email service providers. The four impacted research organizations include the Stanford University, the Royal United Services Institute (RUSI), Congressional Research Service (CRS), and a United Kingdom-based think tank.
New Threats
This week also witnessed the occurrence of several new malware strains and vulnerabilities. Researchers uncovered that Magecart skimmer scripts have been injected into PokerTracker website. A new version of NanoCore v1.2.2 was uncovered by researchers. Meanwhile, a privilege escalation zero-day vulnerability has been detected in Steam that impacts over 96 million Windows users.