Cyware Weekly Threat Intelligence - February 17–21

Weekly Threat Briefing • Feb 21, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Feb 21, 2020
The Good
The week started on a good note, with governments focusing on increasing the cybersecurity budget to bolster their countries’ critical infrastructure and IT systems. While the U.S administration has requested a fund of $9.8 billion for the fiscal year 2021 to enhance the cybersecurity posture of DoD, Singapore has set aside a total of $1 billion over the next three years to build the government’s cyber and data security capabilities. Meanwhile, MITRE Engenuity has rolled out its plan to evaluate and validate cybersecurity products based on the threats from the Carbanak gang.
The U.S. administration has requested an allocation of $9.8 billion towards cybersecurity operations for the Department of Defense (DoD) for the fiscal year 2021. The budget once approved, will be used to enhance the Cyberspace Science & Technology and cloud security of DoD.
A U.S senator for New York has proposed a Data Protection Act (DPA) with an aim to give consumers more control over their data. The bill will focus on the establishment of an independent data protection agency that will solely take care of data privacy across both the public and private sectors.
Singapore has set aside $1 billion over the next three years to build up the government’s cyber and data security capabilities. This is to safeguard citizen’s data and critical information infrastructure systems.
MITRE Engenuity has announced plans to evaluate the effectiveness of firms in detecting and protecting against threats from a hacker gang known as the Carbanak group. Also referred to as Fin7, the group is associated with attempts to infiltrate banks and ATMs.
The Bad
Two major data leaks due to misconfigured AWS S3 databases also grabbed the attention of security experts this week. While one belonged to PhotoSquared, the other was related to a medical imaging firm NextMotion. MGM Resorts was also in the news after its 10.6 million guest records were posted on an online hacking forum. The records included data of high-profile celebrities and government officials.
Over 10.6 million guest records stolen from MGM Resorts were posted on an online hacking forum this week. The compromised records included data of regular tourists, celebrities, tech CEOs, government officials, reporters, and professionals from tech firms.
A popular photo app PhotoSquared had leaked around 94.7 GB data containing over one million records due to a misconfigured S3 database. The records dated back from November 2016 to January 2020. The exposed data included user photos, order records, receipts and shipping labels.
Just like PhotoSquared, NextMotion, a medical imaging firm, also suffered a data breach due to an unprotected S3 bucket. The leaky bucket contained approximately 900,000 files including sensitive patient images and videos and consultation documents.
The popular OurMine hacker group again made headlines this week for hacking the official Twitter accounts of the FC Barcelona and the International Olympic Committee. Last week, the group had hacked Twitter and Instagram accounts for both Facebook and Messenger to highlight the security lapses on social networking platforms.
Public Services and Procurement Canada had inadvertently shared the data of more than 69,000 public servants with the wrong people. The data included full names, personal record identifier numbers, home addresses, and overpayment amounts of employees.
A newly discovered Chinese hacker group called DRopBox Control (DRBControl) had hacked gambling websites in Southeast Asia to steal the target company’s database and source code. Researchers indicate that the group’s operational tactics overlap with tools & tactics used by Winnti and Emissary Panda.
Some IT and email systems at the Denmark-based facilities management company ISS World were crippled due to a ransomware attack on February 17, 2020. The firm had immediately disabled access to shared IT services across its sites and countries to contain the infection.
New Threats
Among the new threats observed this week, Adwind returned with a new version 3.0 to target more than 80 Turkish companies. The infamous BlueKeep flaw, for which a patch has been released, continues to affect over 55% of medical imaging devices - including MRIs, X-rays and ultrasound machines. On the other hand, the Fox Kitten cyber espionage campaign, which was active for at least three years, has now evolved to exploit 1-day vulnerabilities in VPN and RDP services.