Cyware Weekly Threat Intelligence, December 23 - 27, 2019

Weekly Threat Briefing • Dec 27, 2019
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Dec 27, 2019
The Good
Welcome to the most exciting weekend of the year and the final weekly threat intelligence newsletter this year. Let’s begin with the good news for the week. In a new study, researchers discussed a new cryptography method for full secrecy based on One-time pad (Vernam Cypher). Also, CISA unveiled Trusted Internet Connection policy (TIC) 3.0 to help government agencies build secure networks. Further, US Congress cleared the TRACED Act to curb robocall spam menace and it is now headed to the Oval Office.
A group of researchers presented a new cryptography method for full secrecy based on One-time pad (Vernam Cypher). The complex time-varying irreversible structures of silicon chips can be used as the one-time key, which cannot be recreated and intercepted as it is never stored anywhere. Also, the method is compatible with the existing optical communication infrastructure.
Cybersecurity and Infrastructure Security Agency (CISA) released Trusted Internet Connection policy (TIC) 3.0—a draft set of use cases and other guidance to help government agencies build secure networks. The administration hopes it will give agencies enough flexibility to make sound security decisions for any kind of network, including those just over the horizon.
The US Congress passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act to fight against spam robocalls. The bill includes penalties of up to $10,000 per incident for robocallers that break the law and it pushes telcos to implement stricter call authentication technologies.
The Bad
The week remained eventful for some organizations where security incidents were reported. The radio network giant Entercom was attacked for the second time since September. In other news, operators of Maze ransomware made 2 GB of stolen data public to prove to the media that they have a lot more than that. Meanwhile, attackers targeted the cryptocurrency project NULS, incurring the development team a loss of $480,000 worth of NULS tokens.
The radio network giant Entercom was hit by a cyberattack, forcing some stations to rely on their previously recorded programs. The company also experienced connectivity problems that disabled email communication, access to files, and content for the digital platforms. This is the second time that the network has suffered an attack within a few months. However, the operations were fully restored the next morning.
The operators of Maze ransomware publicly released publicly 2GB (of 32 GB) files that were stolen by them during the attack at the city of Pensacola. The crooks had demanded a $1 million ransom to decrypt the locked files. The attackers stated that they released the stolen data to prove to the media that they stole more than just a few files during the attack.
The development team behind the cryptocurrency project NULS lost almost $480,000 worth of NULS tokens in a hack. The team reported that more than half a million tokens were liquidated via cryptocurrency exchanges. NULS network participants were later urged to update their node software to the latest version as soon as possible.
The personal data of 2,400 Ministry of Defence (Mindef) and the Singapore Armed Forces (SAF) personnel, was potentially affected after systems at ST Logistics were impacted by a malware attack. ST Logistics said attackers sent malicious emails to its employees’ email accounts. No details were given on when the phishing had occurred or for how long.
Truckstop.com experienced disruption in its online services following malware attacks on its network. Though the incident did not affect its customer information, it forced customers to look for alternatives right before the Christmas rush. The firm is said to be working on the issue. Truckstop.com is one of the largest neutral freight matching marketplaces in North America and handles about 500,000 loads per day.
The Islands restaurant chain and Champagne French Bakery Cafe announced payment card breaches for locations across the U.S. In both cases, attackers used PoS malware to capture card data stored in the magnetic stripe. As per reports, the malware was active between February 18, 2019, and September 27, 2019.
Around 260 passengers were left stranded after RavnAir canceled at least a half-dozen flights in Alaska due to a cyberattack on its computer systems. Airlines said operations were expected to be slowed or disrupted for the next week because of the necessity of shutting down the IT network. The airline serves more than 100 communities in Alaska, many of which are not accessible by road.
Healthcare startup Lyfebin exposed more than 93,000 medical imaging files stored on its unprotected Amazon Web Services storage bucket. The files were dated between September 2018 and October 2019 and were stored in the DICOM format. The exposed files were X-rays, MRI, and ultrasound scans. Lyfebin secured the data after being warned of the security lapse.
New Threats
Moreover, numerous vulnerabilities and threat campaigns also found their place in the headlines. Right at the top was a flaw in Citrix Application Delivery Controller and Citrix Gateway which imperiled 80,000 corporate LANs at risk. Additionally, a phishing campaign targeting PayPal customers was discovered by security researchers. Also, a researcher managed to exploit a bug in Twitter’s Android app and matched 17 million phone numbers to authentic Twitter user accounts.