Cyware Weekly Threat Intelligence, January 06 - 10, 2020

Weekly Threat Briefing • January 10, 2020
Weekly Threat Briefing • January 10, 2020
The Good
As we gear up for a new weekend, let’s quickly glance through all that happened in cyberspace over the week. Starting with the good, MITRE, released a new ATT&CK knowledge-base on the Industrial Control Systems (ICS). Meanwhile, a five-month-long operation ‘Goldfish Alpha’ by Interpol declined cryptojacking incidents by 78% in the ASEAN region. Also, the European Commission's MDCG released new guidance to assist manufacturers meet the cybersecurity requirements for different regulations.
The Bad
This week also witnessed critical breaches exposing personal data and a BEC scam. A database containing the personal details of 56.25 million US residents was left open on a Chinese server. In the BEC scam incident, Colorado Town of Erie lost over $1 million when a phishing email dropped into an unsuspecting employee’s inbox. In other news, Minnesota-based hospital operator Alomere Health disclosed a data breach that may have exposed information of around 50,000 patients.
New Threats
Several new malware strains and vulnerabilities were also discovered and reported with the help of researchers this week. A data-wiping malware was detected on the network of Bapco, Bahrain’s national oil company. Meanwhile, a new trick from scammers pretending to be from the National Broadband Network was reported; they were after users’ personal data. Also, researchers exposed a new ransomware in the wild called ‘SNAKE’, targeting networks and aiming to encrypt all of the devices connected to it.