Cyware Weekly Threat Intelligence - February 03–07

Weekly Threat Briefing • Feb 7, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Feb 7, 2020
The Good
So getting ready for another February weekend? Hold on for a moment! Before you set your eyes on to-do lists for this weekend, let's take a quick glance at the major developments that occurred in the cyber ecosystem. NIST unveiled a set of guidelines to protect the integrity of data in the event of ransomware attacks. On the other hand, Japan CERT simplified the detection of Emotet trojan by releasing a utility tool called EmoCheck.
The National Institute of Standards and Technology (NIST) has released a draft that offers updated advice and best practices on how to protect the confidentiality, integrity, and availability of data in enterprises. The draft has been introduced due to the increasing threats from ransomware and other large-scale cyber events.
The Office of the Director of National Intelligence (ODNI) has rolled out a new strategy to encourage the private sector in protecting the country from cyber threats. The strategy requires the intelligence community to think of the private sector as a consumer of its threat information.
Japan CERT has released a new utility tool called EmoCheck that allows Windows users to check if they are infected with the Emotet trojan. Once installed on a system, the tool will scan for the trojan and if it is found, it will alert the user with the process ID and the location of the malicious file.
Apple has come up with a new way to make SMS two-factor authentication (2FA) less susceptible to phishing attacks. This will help dodge phishing websites that fool people into entering their passwords and usernames.
The Bad
Meanwhile, ransomware attacks took a toll on five United States law firms by encrypting their data and demanding a ransom of two Bitcoins from each firm. Two publicly accessible databases, one owned by Pabbly and the other belonging to FutebolCard, exposed millions of sensitive records of their customers, thus endangering the personal data to identity theft and more.
Maze hackers group attacked and compromised five United States law firms and demanded two Bitcoin ransoms from each firm. According to data shared by a cybersecurity firm, Maze actors have already started publishing part of the stolen data on two websites.
An open and publicly accessible database belonging to an email marketing firm Pabbly exposed nearly 51 million records. The exposed records dated back to 2014 and contained customer names, email addresses, subject lines, email messaging, and internal data.
The city of Racine was hit with a ransomware attack on January 31, 2020. This knocked most of its non-emergency computer services offline. However, tax collection, 911, and public safety systems were unaffected by the attack.
Australian logistics company Toll Group fell victim to a ransomware attack. The firm became aware of it on January 31, 2020, and immediately disabled the relevant systems to prevent the ransomware infection. Over 1000 servers were crippled due to the attack.
Fondren Orthopedic Group notified around 31,000 patients that their medical records may have been damaged in a malware attack. The affected data included names, addresses, telephone numbers, diagnosis and treatment information, and health insurance information of patients.
An S3 bucket owned by FutebolCard leaked 25GB of sensitive data belonging to supporters of a number of Brazilian organizations. The exposed information included names, contact details, dates of birth, marital status, social security numbers, and payment method of fans. Futebol rectified the issue on January 31, 2020, by taking the bucket offline.
New Threats
Talking about new threats, the week witnessed the emergence of a new variant of AZORult trojan that includes three levels of encryption techniques to bypass email security gateways and avoid detection by client-side antivirus. A new swathe of e-commerce sites compromised by the Magecart group came to notice after researchers found stolen data on opendooorcdn[.]com.